How and why Russia hacked the US election Laura Galante

Let’s say you despise

Western democracy.

Democracy, in all its trappings,

free elections, town halls,

endless debates about
the proper role of government.

Too messy,

too unpredictable,

too constraining for your taste.

And the way these democracies
band together and lecture everyone else

about individual rights and freedoms –

it gets under your skin.

So what to do about it?

You can call out the hypocrisy
and failures of Western democracies

and explain how your way is better,

but that’s never really worked for you.

What if you could get the people

whose support is the very foundation
of these democracies

to start questioning the system?

Make the idea occur in their own minds

that democracy and its institutions
are failing them,

their elite are corrupt puppet masters

and the country they knew is in free fall.

To do that,

you’ll need to infiltrate
the information spheres

of these democracies.

You’ll need to turn
their most powerful asset –

an open mind –

into their greatest vulnerability.

You’ll need people to question the truth.

Now, you’ll be familiar of hacking
and leaks that happened in 2016.

One was the Democratic
National Committee’s networks,

and the personal email
accounts of its staff,

later released on WikiLeaks.

After that, various online personas,

like a supposed Romanian cybercriminal
who didn’t speak Romanian,

aggressively pushed news
of these leaks to journalists.

The media took the bait.

They were consumed by how much
the DNC hated Bernie.

At the time, it was that narrative
that far outshined the news

that a group of Russian government
sponsored hackers

who we called “Advanced
Persistent Threat 28,”

or “APT28” for short,

was carrying out
these operations against the US.

And there was no shortage of evidence.

This group of Russian government hackers
hadn’t just appeared out of nowhere

in 2016.

We had started tracking
this group back in 2014.

And the tools that APT28 used
to compromise its victims' networks

demonstrated a thoughtful,
well-resourced effort

that had taken place for now over a decade

in Moscow’s time zone

from about 9 am to 6 pm.

APT28 loved to prey on the emails
and contacts of journalists in Chechnya,

the Georgian government,
eastern European defense attachés –

all targets with an undeniable interest
to the Russian government.

We weren’t the only ones onto this.

Governments, research teams
across the world,

were coming to similar conclusions

and observing the same
types of operations.

But what Russia was doing in 2016

went far beyond espionage.

The DNC hack was just one of many
where stolen data was posted online

accompanied by a sensational narrative,

then amplified in social media

for lightning-speed adoption by the media.

This didn’t ring the alarm bells

that a nation-state was trying
to interfere with the credibility

of another’s internal affairs.

So why, collectively,
did we not see this coming?

Why did it take months
before Americans understood

that they were under a state-sponsored
information attack?

The easy answer is politics.

The Obama Administration was caught
in a perfect catch-22.

By raising the specter that the Russian
government was interfering

in the US presidential campaign,

the Administration risked appearing
to meddle in the campaign itself.

But the better answer, I think,

is that the US and the West
were utterly unequipped

to recognize and respond
to a modern information operation,

despite the fact that the US
had wielded information

with devastating success
in an era not so long ago.

Look, so while the US and the West
spent the last 20 years

caught up in cybersecurity –

what networks to harden,

which infrastructure to deem critical,

how to set up armies of cyber warriors
and cyber commands –

Russia was thinking in far more
consequential terms.

Before the first iPhone
even hit the shelf,

the Russian government understood
the risks and the opportunity

that technology provided

and the inter-communication
and instant communication it provided us.

As our realities are increasingly
based on the information

that we’re consuming
at the palm of our hand

and from the news feeds
that we’re scanning

and the hashtags and stories
that we see trending,

the Russian government
was the first to recognize

how this evolution

had turned your mind into the most
exploitable device on the planet.

And your mind is particularly exploitable

if you’re accustomed
to an unfettered flow of information,

now increasingly curated
to your own tastes.

This panorama of information
that’s so interesting to you

gives a state, or anyone for that matter,
a perfect back door into your mind.

It’s this new brand of state-sponsored
information operations

that can be that much more successful,

more insidious,

and harder for the target audience –
that includes the media –

to decipher and characterize.

If you can get a hashtag
trending on Twitter,

or chum the waters with fake news

directed to audiences
primed to receive it,

or drive journalists to dissect
terabytes of email

for a cent of impropriety –

all tactics used in Russian operations –

then you’ve got a shot at effectively
camouflaging your operations

in the mind of your target.

This is what Russia’s long called
“reflexive control.”

It’s the ability to use
information on someone else

so that they make a decision

on their own accord

that’s favorable to you.

This is nation-state-grade image control
and perception management,

and it’s conducted by any means,

with any tools, network-based
or otherwise, that will achieve it.

Take this for another example.

In early February 2014, a few weeks
before Russia would invade Crimea,

a phone call is posted on YouTube.

In it, there’s two US diplomats.

They sound like they’re playing
kingmaker in Ukraine,

and worse, they curse the EU
for its lack of speed and leadership

in resolving the crisis.

The media covers the phone call,

and then the ensuing diplomatic backlash

leaves Washington and Europe reeling.

And it creates a fissured response
and a feckless attitude

towards Russia’s land grab in Ukraine.

Mission accomplished.

So while hacked phone calls
and emails and networks

keep grabbing the headlines,

the real operations are the ones

that are influencing
the decisions you make

and the opinions you hold,

all in the service of a nation-state’s
strategic interest.

This is power in the information age.

And this information is all
that much more seductive,

all that much easier to take
at face value and pass on,

when it’s authentic.

Who’s not interested in the truth
that’s presented in phone calls and emails

that were never intended
for public consumption?

But how meaningful is that truth

if you don’t know why
it’s being revealed to you?

We must recognize that this place
where we’re increasingly living,

which we’ve quaintly termed “cyberspace,”

isn’t defined by ones and zeroes,

but by information
and the people behind it.

This is far more than a network
of computers and devices.

This is a network composed of minds

interacting with computers and devices.

And for this network,

there’s no encryption,
there’s no firewall,

no two-factor authentication,

no password complex enough to protect you.

What you have for defense

is far stronger, it’s more adaptable,
it’s always running the latest version.

It’s the ability to think critically:

call out falsehood,

press for the facts.

And above all, you must have the courage

to unflinchingly pursue the truth.

(Applause)