There is a qualitative difference between possible intrusions to Presidential campaigns in previous election cycles and this year’s DNC intrusion (specifically, the subsequent data bump on Wikileaks, which has been called out in editorials by Aitel and Thomas Rid. Beyond the debates about the accuracy of the numerous public claims of attribution, the motive behind this difference is unclear. According to Rid, “various timestamps indicate that the Guccifer-branded leaking operation was prompted by the DNC’s initial publicity, with preparation starting around 24 hours after CrowdStrike’s report came out.” Rid notes part of Guccifer 2.0’s later profane public response: “I guess CrowdStrike customers should think twice about company’s competence.”
The amount of confidence in assertions about attribution in the computer security industry is rarely backed up by evidence at the level sufficient to withstand a criminal trial (that being “beyond a reasonable doubt”). When private sector analysts say, “I believe, beyond a reasonable doubt,” they are actually making an assertion of their own belief. It could be accurate to say, “A preponderance of the evidence suggests,” but “beyond a reasonable doubt” is something judged in the adversarial process of a court of law, with a strenuous defense that puts the burden of proof on the prosecution.
That term does not (and should not) apply to the court of public opinion, or a Twitter feed. If these timestamps are to be accepted as evidence, it is just as reasonable to ask other questions. How could anyone reasonably judge the confidence in either assertion that (a) this intrusion and dump was calculated to influence the results of the U.S. election vs. (b) the dump was a response to a public effort by a private sector entity to “raise the cost” of an intrusion through naming and shaming? The answer to (b) is completely germane if an argument is then put forward that the dump was an act of war that demands a government response.
In his Ars Technica editorial, Aitel said the intrusion into the DNC system, and subsequent data dump via Wikileaks, “meets the definition of an act of  cyberwar, and the U.S. government should respond as such.” Aitel does not cite any accepted definition of “cyber war,” simply asserting that the definition is met. Given his definitions of “cyber weapon” and “cyber war” that he has expressed to date (which we disagree with), we find this editorial a bit hyperbolic.
Aitel writes, “People in the policy area often consider ‘cyberwar’ actions limited to things that causes physical harm or casualties, or things that can replace a 500-pound bomb. But if you cannot manage your people, or protect the American economy, or elect a new President, you have lost a war.”
This statement implies he understands the discrepancy between a battleground and a political arena and suggests if an outside sovereign can influence politics, it is the same as a battleground or that losing political influence is equivalent to losing a war whether or not a war has been fought.
Next Page: DNC Hack Response Could Set ‘Normative Precedent’
