When special counsel Robert Mueller's team dropped the bombshell indictment of 12 Russian military officers for alleged interference in the 2016 U.S. election, the public was faced with some stunning revelations and more than a few new questions.
While you can read about those elsewhere, I wanted to look at one particular question: How does Mueller know so much about the Russian operation?
An in-depth analysis of the indictment over at the Lawfare Blog says that in addition to the Russian cyber attack, Mueller's indictment "shows a massive, and successful, counterintelligence operation by the U.S. government against the Russian government."
"U.S. authorities do not rely merely on technical forensics for the conclusion that the hack and release of emails was a Russian operation; the indictment also lays out the departments within the Russian government that were behind it, specific individuals who were involved, which officers did what and when, the slang terms used internally, and the breakdown of responsibilities within the teams -- down to identifying the specific officers with hands on keyboards," the analysis says.
That's some serious granularity. How was Mueller able to do it? No one's likely to get answers directly from Mueller's office, one of the most leak-proof investigations in recent memory. But almost exactly two years ago -- months before Donald Trump was elected president -- three former senior U.S. officials offered what could be seen as a huge hint: The National Security Agency was almost certainly "hacking back" at the Russian cyber squads.
One of the former officials said at the time that it was a "fair bet" the NSA had slipped inside the Russian networks. The official noted that in past cases, NSA hackers had been able to watch an adversary conduct their operations in real time.
Additionally, Robert Joyce, who at the time was the head of the NSA's hacking unit known as Tailored Access Operations and would later briefly serve in the Trump White House, told me in a rare interview that, broadly speaking, the NSA had been called on to do that kind of thing in the past.
"In terms of the foreign intelligence mission, one of the things we have to do is try to understand who did a breach, who is responsible for a breach," he said then. "So we will use the NSA's authorities to pursue foreign intelligence to try to get back into that collection, to understand who did it and get the attribution. That's hard work, but that's one of the responsibilities we have."
The CIA would probably have gotten in on the act as well, as suggested by Sean Roche, Associate Deputy Director for Digital Innovation at the CIA. Roche, who like Joyce said he wasn't commenting specifically on the Russian attack, said that in the wake of a breach the Agency would work with the NSA to sniff out the attackers' "digital dust" if they're based overseas.
"It turns out that the people who carry out these activities use their keyboards for other things too," Roche told the audience at the Aspen Security Forum in July 2016.
If it was "digital dust" that gave the Russians away, it means the purported evidence underlying Mueller's indictment was at least two years in the making. I wonder what else the intelligence agencies found...
[Like what you see and read on Code and Dagger? Become a Patreon and help keep the lights on. Do you have a tip or question? Reach out at CodeAndDagger@protonmail.com.]