The Slatest

Are We Giving Russia Too Much Credit?

U.S. Secretary of State Hillary Clinton shakes hands with Russian Prime Minister Vladimir Putin outside Moscow in Novo-Ogarevo on March 19, 2010.

Alexey Nikolsky/AFP/Getty Images

The debate over foreign interference in the 2016 U.S. presidential election was reignited over the weekend by a Washington Post article suggesting that the CIA now believes the Russian government directed the hacks of the Democratic National Committee and others in order to help Donald Trump win. Both Trump and the Russian government have dismissed the report, with Vladimir Putin’s press secretary Dmitry Peskov calling the CIA’s allegations “unfounded and unprofessional.”

The allegations themselves are not entirely new: In June, the cybersecurity firm CrowdStrike released a comprehensive report detailing evidence that Russian hackers, likely directed by the government, had gained access to the DNC’s network. And in October, the Obama administration formally accused Russia of interfering in the election, though it stopped short of saying the Kremlin was specifically trying to help Trump, and the accusations were overshadowed by the Access Hollywood video, released the same day.

I discussed all of this Monday via Skype with Andrei Soldatov, one of Russia’s foremost independent investigative journalists. He is the co-author, with Irina Borogan, of The New Nobility, about the influence of Russia’s resurgent post-Soviet intelligence services, and The Red Web, about the fight for control of the Russian internet. We talked about how much in the latest reports is actually new, and the possible ramifications for both countries. This interview has been edited and condensed for clarity.

Joshua Keating: At this point, how credible do you find the allegations of Russian meddling in the U.S. election?

Andrei Soldatov: We’re still where we were in June. In terms of actual evidence, we’re still dealing mostly with information provided by tech companies, not law enforcement agencies. I have a deep respect for CrowdStrike, but they have some limitations in terms of attribution. They can identify the country, and they can identify maybe if it had government support, but that’s all. They can’t identify the specific agency or the motive.

We’re still dealing with this level of evidence. For me, it’s still unclear if we are talking about a security services operation, or if we are talking about informal actors acting with direct encouragement of the Kremlin. So we cannot actually judge the motivation.

Personally, I still believe that the idea was tactical, to undermine Clinton’s positions and her reputation. So I still feel uncomfortable with these two main claims: that the goal from the beginning was to get Trump elected and that the intelligence services are behind this. So maybe it’s time for the [U.S.] intelligence services and law enforcement to give more evidence that would give us a clearer picture.

So the Washington Post story and other media reports over the weekend didn’t change your views?

No, unfortunately. They’ve properly identified the attacker and that there was a state behind it, but that’s all. The sources of the Washington Post are all anonymous, so all we have are some claims.

There’s obviously a long history of espionage between the U.S. and Russia, as well as meddling in other countries’ elections. Can you think of any precedent for what’s being alleged here?

I don’t think so. Comparing this with the Soviet past and misinformation campaigns run by the KGB is misleading. Here, from what we know, most of the misinformation campaigns seem to be run by actors that are not security services. That actually makes them unpredictable. The security services in the Soviet Union, and now in Russia, are bureaucracies. They’re slow, they have rules, they are predictable. These actors we’re dealing with now are much more dangerous. They’re much more flexible, much more adaptive to what’s going on, and much more capable.

What about more recently? Is this comparable to any of the allegedly Russian-sponsored cyberattacks against countries in Eastern Europe that we’ve seen?

There have been two stages. From 2007 to 2014, the goal was mostly censorship, shutting down websites—DDOS attacks. After the annexation of Crimea, it got much more sophisticated. It’s no longer about shutting down websites, it’s about getting into the system. For that, you need better skills and completely different actors.

The very first attack of the new kind was in December of last year against the Ukrainian power grid. It was a very well-prepared operation, very professional. That had some similarities to what happened with the DNC.

So U.S. intelligence agencies have suggested that an operation of this scale would have to have been ordered by the highest levels of the Russian government. Do you agree with that assessment?

Yes. It would not be approved at the level of the security services. It would be at the level of the Kremlin. The United States as a target is too sensitive. To conduct operations at this level, not just stealing information, but leaking it to affect the public—that’s something that would be approved at a very high level.

American intelligence officials suggested to NBC back in October that the U.S. is preparing covert action against Russia in retaliation for the election meddling. How worried should the Kremlin be about that?

That was really, really stupid. It was immediately played against the United States. The Russian authorities never openly say to the United States, “We’re going to attack you.”  Now, the [Russian government] could say, “You see—that’s direct evidence that they are trying to attack us. They openly admitted that they’re planning to attack our information space.” So now to prevent this, they can say they have to do lots of things to protect the Russian internet. It added to this climate that we’re a besieged fortress.

How is this latest story being covered by the Russian media?

The pro-Kremlin media is just repeating the government line that there is no evidence at all. Also, they’re trying to play up the idea that we are under attack. Last week we got a story about a big planned cyberattack on a Russian bank. The FSB said that they anticipated an attack on Dec. 5, and then on Dec. 5, said they prevented the attack from happening. The problem is you don’t see any evidence, but you create the narrative that you are under siege.

So the Kremlin is denying any involvement now, but do you think at some point they may want to take credit for, at least to some extent, influencing the outcome of the U.S. election? It’s a pretty amazing thing to pull off.

I think we shouldn’t overestimate what these people are capable of. They never planned for this outcome. What they wanted to do last spring was to talk about the content of the leaked material. I think nobody in the Kremlin expected that the biggest story would not be the content but the fact that Russia interfered in the U.S. election. I think they are still slow to understand how to deal with the unprecedented situation that Russia became a third actor in the election. It’s really difficult to figure out how to play this story, because nobody was ready for that.

These are people with tactical skills. They can act very quickly, but they don’t have any strategy you can predict.

So there are some more very critical elections coming up next year, in France, Germany, Italy, the Netherlands. Do you think we could see more campaigns like this?

Yes, I think so. These people think they are very successful and that the costs are extremely low. They don’t even need to hide, because any kind of reaction seems to help them.

So what lessons should we take from this operation, however unintentional the result may have been?

It’s a bit crazy, Joshua. When we wrote our book, we made a special point of talking about a big difference between the United States and Russia, in terms of information security vs. cybersecurity. The United States only talked about cyberthreats in terms of computers and cables and networks. Russians always want to talk about content and information security.

But now, lots of people in the United States are using Russian language, talking about content and information security, and disinformation on social media. It’s completely changed the landscape. That’s a clear win for the Russian approach. Russia has been thinking this way since 1999: talking about hostile foreign media and the threat of social media, talking about blacklisting websites as agents of a foreign country. It’s so Russian! Russia is comfortable thinking this way.

Now other countries are using the same language. To me, it’s very depressing. We’re all accepting the Russian view of the Internet and social media.

Previously in Slate:

Read more in Slate about Russia’s 2016 election meddling.