Russian Hacking Report: All Hat, No Cattle

English: Colin Powell's UN presentation slide ...
English: Colin Powell’s UN presentation slide showing alleged mobile production facility for biological weapons. (Subequently shown to be an incorrect allegation.) Speech entitled: Remarks to the United Nations Security Council, Secretary Colin L. Powell, February 5, 2003 Slide entitled: detail of where material is carried in mobile production facilities for bio weapons work (Photo credit: Wikipedia)

In early 2003, US Secretary of State Colin Powell took the stage at the UN “to share with you what the United States knows about Iraq’s weapons of mass destruction.” Powell justified the impending US invasion of Iraq on the claim that Saddam Hussein’s regime continued to produce and stockpile chemical and biological weapons in violation of UN resolutions. He dazzled his audience with audio recordings and surveillance photographs that he claimed constituted evidence of Iraq’s perfidy.

Two years later Powell called the presentation a “blot” on his record, admitting that he had deceived the UN. The “weapons of mass destruction” didn’t exist. All the Saddam-era chemical weapons recovered in Iraq since 2003 are of pre-1991 manufacture with no evidence linking them to the regime since the 1991 war.

How long can we expect to wait for the National  Cybersecurity and Communications Integration Center to admit that its report,  “GRIZZLY STEPPE — Russian Malicious Cyber Activity” — pre- hyped as providing “evidence” of Russian government interference in the 2016 US presidential election — is a reprise of Powell’s UN speech?

Marcello Truzzi, a skeptic of paranormal claims, once said “an extraordinary claim requires extraordinary proof.”

The claim of Russian interference in the election is certainly extraordinary (“beyond what is ordinary or usual; highly unusual or exceptional or remarkable”). So is US president Barack Obama‘s response, including the expulsion of 35 Russian diplomats and closure of two diplomatic compounds in the US.

The “evidence” in the report, however, is not extraordinary. It’s not even ordinary. It’s non-existent. The report is just a list of cyber warfare methods accompanied by some pretty diagrams. No IP or MAC addresses. No chain of verifiable records showing suspect packets coming from, or going to, Russian machines. The  report’s “evidence” for Russian government involvement is the same “evidence” we’ve been offered before: “It’s so because we say it’s so. Trust us.”

Did the Russians conduct cyber attacks for the purpose of influencing the election’s outcome? It wouldn’t surprise me, but I don’t know. You probably don’t know either. The US government continues to state it as fact while declining to prove it.

It seems silly to go to these lengths for no higher purpose than to shift blame away from the Democratic Party and Hillary Clinton for their poor nomination decision-making and her mediocre campaign. And dangerous to do so at the risk of further queering  already tense US relations with a nuclear power.

Thomas L. Knapp (Twitter: @thomaslknapp) is director and senior news analyst at the William Lloyd Garrison Center for Libertarian Advocacy Journalism ( He lives and works in north central Florida.


Also published on Medium.

  • Wave Chronicle

    This is pretty much the full tail of the Russian Hacking Fake News Story. At the end of the day it is a Tor Exit Node Attack. The article below covers this issue completely and accurately.

    • Thanks for your comment, WV — it points up an error in my own column. I completely missed that there are apparently some data files accompanying the report ( I found no actual link to them within the report, just a mention) that do indeed include IPs.

      On the other hand, the actual CONCLUSION at the post you link to supports my contention on lack of evidence:

      The IP addresses that DHS provided may have been used for an attack by a state actor like Russia. But they don’t appear to provide any association with Russia. They are probably used by a wide range of other malicious actors, especially the 15% of IP addresses that are Tor exit nodes.

      The malware sample is old, widely used and appears to be Ukrainian. It has no apparent relationship with Russian intelligence and it would be an indicator of compromise for any website.

      We are definitely still in “it was the Russians because we SAY it was the Russians” territory.

      • Wave Chronicle

        Yes, it matches with your article well, which is why I added the link here. It gives you good backup from a credible source. Really the damning part is that the info is coming of the Exit Tor Node, which is the fake IP side. Now you know why Drudge Report has been under assault and how his IT people figured out that the US Government is hitting his site.

  • Pingback: Rational Review News Digest, 01/01/17 - Venezuela: Regime frees former presidential candidate, five other dissidents; Identity politics, public choice, and ideology - Thomas L. Knapp -