Guest post by Jonathan Nichols
Originally a long tweet, here
Why John Schindler’s “False Flags: The Kremlin’s Hidden Cyber Hand” is wrong.
By Jonathan Nichols
First, I should establish my credentials to speak on this matter. I joined the army in 2006 as a PSYOP soldier (we deal in Propaganda and Counter-propaganda operations). I deployed to Iraq as a Tactical PSYOP soldier in 2008. I was Propaganda Analyst for USF-I in 2010, closing out OIF and starting Operation New Dawn. I deployed again in 2012 as a Atmospherics Manager, LNO to Combined Forces -Special Operations Command (CF-SOC), and LNO to the Combined Joint Psychological Operations Task Force (CJ-POTF). I have been monitoring online Jihadist activity since before Anwar Al-Awlaki released the first Inspire Magazine, and I was on station for Operation Cupcake (google it). I knew Junaid Hussain as TriCk from TeaMpois0n well before he ran off to join the jihad in Syria, getting a hellfire to the face for his efforts. Since that time I have taken a variety of roles with a variety of organizations, almost always having direct access to Jihadist propaganda. When it comes to online Jihadist activity, I’ve been here since before it was cool.
John Schindler is former NSA, NAVSECGRU, NWC, and is in many ways my superior in both rank and experience. I bow to his expertise on all things Russia. I wish I would have had the honor of sitting in on one of his classes when he was a War College professor. In the right setting, I would be happy to salute him. All of that is to state that I respect this man’s experience and expertise. However, in this case, I must disagree with his conclusions.
In the article, “False Flags: The Kremlin’s Hidden Cyber Hand”, Schindler states in the header, “The Islamic State’s hacking army doesn’t actually work for ISIS—It’s part of the secret Russian online espionage effort against the West.” This claim, if true, would be news to me and those I work with. With this in mind, and understanding that extraordinary claims require extraordinary evidence, lets review his article.
I’ve broken down the article, paragraph by paragraph, below. In short, Schindler’s argument works like this.
- Russian hackers were behind the Cyber Caliphate in the TV5Monde hack.
- Because (1) therefor the Cyber Caliphate doesn’t actually work for ISIS and is part of the secret Russian online espionage effort against the West.
I do not dispute that Russian hackers were behind the TV5Monde hack. I also do not dispute that there is a Russian online espionage effort against the West. I dispute the logic. It does not follow that because Russian’s were involved of some of the hacks, that all of the Cyber Caliphate is a Russian espionage effort.
I will point to a similar situation as a way to point out the logical fallacy here:
- The FBI directed some of the LulzSec hacks.
- Because (1) therefor LulzSec was an FBI operation and was part of a secret FBI espionage effort against LulzSec targets including Stratfor, Fox.com, PBS, Sony, and others.
That is clearly absurd. That SOME of the hacks were FBI directed is without dispute, but to make the logical leap that ALL of them were would be a claim worth challenging. If Schindler’s logic were sound, then we’d expect to see Stratfor, Fox, PBS, and Sony bringing suite agains the FBI. That hasn’t happened. It’s not sound logic.
Further, here are a list of the most recent headlines about the Cyber Caliphate, pulled from Site Intel Group:
- Two kill lists containing over 70 US Air Force personnel.
- Claimed hack of Defense Logistics Agency was available as public records
- Hackers celebrate Magnanville Stabbing
- Hackers deface Brazilian and Indian websites with threats to the US
- Hackers distribute Google Earth data of US, NATO, and RUSSIAN air bases
- Kill list with 8,000 civilians
- Arkansas Library Hack
- Security Tips from the Cyber Caliphate
- Etc etc etc
Do you believe that Russian intelligence is behind all of these (and the 60+ others on the list in the link)? Not likely. If one wants to make the claim that they are, they ought prove it with more than just the TV5Monde hack.
So, here’s an alternative headline: “Russian Intelligence is using the Cyber Caliphate to Advance Their Agenda.” This would be a headline I could support! I do not see sufficient evidence in Schindler’s article to support the theory that “The Islamic State’s hacking army doesn’t actually work for ISIS – It’s part of the secret Russian online espionage effort against the West.” Instead, what I find is sufficient evidence to claim that “Russian online espionage efforts use the Islamic State’s hacking army on occasion.”
With all respect to Schindler, the difference between the two is critical, and influential intelligence officials should do their best to make certain that the words they use publicly are chosen carefully.
false flags the kremlins hidden cyber hand Schindler's Article
On to the paragraph blow-by-blow:###
Paragraph 1: The Cyber Caliphate (CC) has been around for ~2 years and uses social media.
Paragraph 2: CC has hacked government websites, DoD things, and smaller websites.
Paragraph 3: CC attacked the Brits, then hijacked TV5Monde in April 2015.
Paragraph 4: Coalition Forces (CF) have taken CC seriously. CC and other groups merged in April to become the UCC.
True enough, though many of the groups that formed the UCC have consistently proven to be piss poor hackers. Much of their “releases” have proven to be fake hacks, and “stolen data” was found in the open source…not stolen, but googled. “A supposed “hack” by the CCA (then the “Islamic Cyber Army”) against US government personnel on September 11, 2015, for example, directly copied purported FBI names and email addresses directly from a previous leak dating back to at least 2007, and presented it as an original release.” (SITE Intelligence Group – 14JUNE2016 - http://motherboard.vice.com/read/when-isis-calls-you-out-by-name)
Paragraph 5: Pentagon responded to the UCC formation by promising to unleash cyber war against ISIS. Neither something (sentence is unclear), and Junaid Hussain died in a drone strike.
False or unproven. I have not seen any evidence that directly correlated the UCC formation with the Pentagon announcement. If there is a correlation between these two events, it isn’t proven here. This claim requires further evidence. In addition, there’s a dangling sentence in this paragraph, “Neither are the Pentagon’s efforts to shut down the Islamic State’s online antics limited to the Internet.” It is unclear what the “neither” is that this is supposed to be referring to. That Junaid Hussain died in a drone strike is true.
Paragraph 6: French intelligence examined the CC after the TV5Monde attack and concluded that the hackers involved had nothing to do with the Islamic State, but were APT 28, affiliated with the Kremilin.
Paragraph 7: NSA and other US OGAs agree with French Intelligence. And CC has few ties, technical or otherwise, to ISIS.
Paragraph 8: German spies have concluded that CC is a Russian operation.
True. That’s what the Der Spiegel article Schindler linked to stated, however, their analysis is based almost soley on the fact that Russian operatives acting under the Cyber Caliphate were behind the TV5Monde hack. As I stated above, that is not sufficient evidence to make the claim that ALL Cyber Caliphate activities are Russian.
Paragraph 9: CC is a Russian False Flag Operation. Spy agencies routinely pose as third parties for operational purposes.
False or unproven. Demonstrating that the Kremlin supported the TV5Monde hack is not sufficient to claim that all Cyber Caliphate operations are Kremlin operations.
Paragraph 10: Russians can do false flag operations.
Paragraph 11: Russian hackers have pillaged DC and the DNC.
Paragraph 12: Russians target think-tanks, law firms, lobbyists, and consultants.
Paragraph 13: Russian hacked data helps Russians
Paragraph 14: America has neglected Counter-Intelligence and it is hurting our nation.
True. Painfully. Very painfully.
Paragraph 15: Clinton’s email problems help our enemies.
Subscribe to Cyber War News
Get the latest posts delivered right to your inbox