How do you prove Russia meddled with the presidential election?
That's a question the U.S. government is facing, but may never fully answer, at least not publicly.
Last week, the U.S. punished Russia, claiming the country's cyberspies hacked Democratic groups and figures during the election season.
However, missing from last week’s announcement was any new evidence -- or a smoking gun -- proving the Kremlin’s involvement. This isn’t sitting well with everyone in the security industry, especially since identifying the culprit of any cyberattack is no easy matter.
“Maybe Russia did do it, but until we have sufficient evidence, it’s a mistake to move forward,” said Jeffrey Carr, a cybersecurity consultant.
Carr isn’t the only skeptic. Incoming President Donald Trump has also been doubtful over Russia's suspected role in the cyber-meddling.
“Unless you catch ‘hackers’ in the act, it is very hard to determine who was doing the hacking,” tweeted Trump, who's compared the problem to the U.S. incorrectly concluding that Iraq possessed weapons of mass destruction over a decade ago.
Nevertheless, the outgoing administration of President Barack Obama remains convinced that the Kremlin directed the high-profile hacks in an effort to sway public opinion in the run-up to the election.
Private security firms have concluded the same. As evidence, they’ve pointed to the targets hacked, in addition to the malware and methods used -- all of which suggest that elite hackers out of Russia were responsible.
But in Carr’s view, the evidence is missing important links, such as proof showing that the suspected Russian-speaking hackers were actually enlisted by the Kremlin.
Malware can also circulate. What’s to stop any hacker from using malicious coding developed in Russia?
“We should be setting a high bar (on this investigation),” he said. “But the government has so mangled this campaign to show the public evidence. It’s such a mess.”
The concerns have been growing. Last week, the FBI and the Department of Homeland Security issued a joint report meant to offer more details on the tools used by the Russian cyberspies during the election-related hacks.
However, security experts have complained that the report only reiterates what private security firms have already said.
“The critics who say the report is short on facts, I think they have a point,” said Leo Taddeo, chief security officer at Cryptzone and a former FBI special agent.
But whatever additional evidence the U.S. has about the suspected Russian hacking is probably classified, and may never be made public. Spies from the U.S. and other foreign governments may have already confirmed the Kremlin’s role in the hacks, but exposing these sources would be too risky, Taddeo said.
"An enormous mistake" was made with the U.S. concluding Iraq had weapons of mass destruction, he added. "But it doesn't make sense for us to never trust the intelligence community again."
It’s also possible the Obama administration will reveal more about Russia's suspected involvement. The outgoing President has ordered U.S. intelligence agencies to compile a full report on cyberattacks that have tried to tamper with previous elections. Obama intends to make as much of that report public as possible.
U.S. lawmakers, both Republican and Democratic, also plan to investigate the matter.
“People need to understand there are very good reasons that the general public will never hear the full story,” said Phil Burdette, a security researcher with Dell SecureWorks. “It could really hamper ongoing and future investigations.”
His company has also been researching the email hacks of Democratic figures, and has blamed them on Russian government-sponsored hackers with “moderate confidence.” A big reason is because the hackers have been found attacking a long list of victims including, Russian dissidents, U.S. military officials, Syrian rebels and experts on Ukraine -- or targets that the Russian government intelligence would be extremely interested in.
“Attribution isn’t ever black and white,” Burdette said. In cybersecurity it will deal with uncertainty and grey areas.
“But as far as shades of grey go, this is going to be the darkest grey you can find,” he said of Russia's involvement.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.