I’m fascinated with the drama surrounding the alleged Russian hack of the DNC largely because it seems to be an example of misdirection. For instance, we are all talking about the hack when the hack had no impact on the election.
What impacted the election was the leak of emails to WikiLeaks, and even that seemed far better-timed to help Bernie Sanders than it did to help Trump. In addition, the FBI reinstating the Clinton investigation did more damage because it came late in the actual election. So even if you do look at the hack, it wasn’t well done, yet Russia is likely the world leader in espionage. So much of this makes no sense yet, just like the Iraq WMD’s in Bush presidency, so many believe it to be true that it bears all the earmarks of intentional misdirection. When a conclusion seems to be largely based on belief and not verifiable facts then that conclusion should be flagged as possible misdirection.
[ Related: The U.S. has sanctioned Russia over election hacking ]
Let me walk you through it.
Now I wouldn’t be so interested in this if I hadn’t had a front row seat to something like this years ago. In my case, the breach involved a report I’d written. The report was critical about the company, mostly critical about sales performance. It was my job but, as you would expect it angered a lot of people and it was highly classified because, if it got to a competitor or large customer, it would cost the company millions. So imagine my surprise when a large competitor to our largest client got hold of it and immediately moved to cancel his contracts. And, as you’d expect, suddenly I had a lot of folks with big titles arguing that I was the problem that needed to be fixed.
Now what occurred to me far later is that this took everyone’s eye, including my own, off the results of the report, which implied that the sales problems we were facing were either caused by incompetence or intent. Instead of being focused on the problem I’d discovered, that sales execution had been sabotaged, they were all focused on me and my report. It was one huge and well executed distraction.
I’ve thought about this for years. I eventually did find out who leaked the document, it was the same head of sales who had been responsible for crippling our sales force. After being caught he immediately got a job over at the competitor, who’d received the report, as the vice president of competitive displacement.
I caught him on a fluke, he didn’t know I headed security for the unit and that I had enough background in it to anticipate and plan for catching the person who did it. Otherwise I’d have been fired but, sadly, that old vice president of sales had damaged the firm too badly to recover from and it wasn’t until years later it finally occurred to me he’d not only leaked the report on purpose, he’d intentionally been killing the company from the inside and used misdirection to cover it all up.
Russia and the DNC – just the fact
Now here are the facts. The DNC was breached. WikiLeaks got the information from the breach and released it starting prior to the end of the of the democratic party primary. This release surfaced DNC activity indicating they were working against Bernie Sanders in violation of its own rules. The head of the DNC was fired. These are all undisputed facts.
However, just because you discover an information breach doesn’t mean you’ve discovered the information breach. Unlike physical objects you can steal information multiple times and still have it remain in place. Particularly with a breach that is only discovered as a result of disclosure, as opposed to an invasive audit, there is a high probability that there are multiple breaches, because though you’ve identified the fact that your security is inadequate, you still may not be able to catch the thief without him/her disclosing the theft. Or, put another way, if you have 30 kids who have access to the answers in a test and one kid says he used them to cheat, it doesn’t mean the others didn’t yet that seems to be the common assumption.