Syria Strikes, Skripal Poisoning and Other Intelligence Puzzles

(Bloomberg View) -- On Monday, U.S. and U.K. law enforcement agencies issued a rare joint warning to businesses to keep their routers safe from "Russian state-sponsored actors." Most will take precautions and not question the information. And yet, because live in democracies, it's worth asking the question: How do these agencies know this?

Evidentiary standards for government narratives concerning everything from cybersecurity to Syria have deteriorated so much that Western democracies are giving their citizens almost as little useful information on matters of national security as the Russian regime's notorious propaganda machine gives Russian citizens. That is not only insulting to the public, it's also dangerous in a democracy.

Router botnets have existed for years, exploiting sloppily written firmware and weak passwords on the devices that manage our internet connections. Perhaps the best-known of these was the Mirai botnet, which emerged in 2016 and, at its peak, controlled 2.5 million devices. But Mirai wasn't a Russian creation: Behind it were three college-age men in the U.S. who started out trying to get ahead in Minecraft, the computer game, by crashing the servers of rivals also trying to provide multiplayer access.

Although Russian hackers have been accused of, and arrested for, running other botnets, neither they nor the Russian state has been publicly linked to a major one affecting routers. Maybe they are, but the U.S. Department of Homeland Security, the Federal Bureau of Investigation and the British National Cyber Security Center did not provide any evidence that "Russian state-sponsored actors" were involved in this line of malicious hacking or that they were more dangerous than other router-hacking evildoers.

Monday's warning follows the patterns of the similarly evidence-free attribution to Russian military intelligence of NotPetya, a hard disk-encoding malware epidemic that caused massive damage over last year. And while it is now accepted gospel that hackers sponsored by the Russian government had stolen data from the Democratic National Committee in 2016, the acceptance is based on endless repetition rather than any specific evidence apart from anonymous intelligence leaks and reports by cybersecurity companies interested in bolstering their visibility.

It's not as if proper standards don't exist. Special Counsel Robert Mueller followed them in the indictment of 13 individuals linked to the Internet Research Agency, a notorious St. Petersburg troll factory. The facts, as known to the investigators, are laid out carefully and persuasively. One might argue about the effect those actions had on the U.S. presidential election, but those arguing at least have full access to the same set of facts. That's not the case with the hacking accusations -- and there's a rush to judgment by government agencies before the public, too, can make up its mind based on the facts.

The emerging low evidentiary standard is not limited to cyber matters. Sites controlled by Syrian President Bashar al-Assad were hit by the U.S., the U.K. and France last week in retaliation against the alleged use of chemical weapons by Assad's troops in Douma earlier this month -- before experts from the Organization for the Prohibition of Chemical Weapons experts even got a chance to travel to Douma. They are apparently going there on Wednesday, and they should be able to detect whether chemical weapons had been deployed even if a cleanup has been attempted by Russian forces who got advance access.

There's also no publicly available proof to support the conclusion that Russian government agents attempted to poison former double agent Sergei Skripal and his daughter Julia in March.

Russia has killed spies it considered traitors before. The polonium poisoning of Alexander Litvinenko is evidence of that. "Evidence" is not a figure of speech here: In 2016, the U.K. released a detailed, convincing, fact-filled report on the case. It took a long time, as all thorough investigations do. In the Skripal case, the obvious conclusion is also likely the correct one, but, long before that could be firmly established, Theresa May and her cabinet made strong statements to whip up public support for retaliatory action -- and, in the process, made it more difficult for professional investigators to look into other possibilities, no matter how unlikely.

Assad has used chemical weapons before, too. The Joint Investigative Mechanism of the OPCW and the United Nations linked the April 2017 sarin attack on Khan Sheikhoun to the regime. (The JIM, of course, also linked another gas attack, which took place in 2016, to ISIS, so the Assad regime is not the only warring side in Syria to have unleashed chemical weapons). Russia, which does its best to protect Assad, has since refused to extend the JIM's mandate, so in Douma, the OPCW can only establish whether chemical weapons had been used, not apportion blame.

The U.S. and its allies, however, acted before even that could be done. After the missiles flew, Defense Secretary Jim Mattis said he was "absolutely confident" that the Syrian regime conducted the chemical attack but didn't specify what evidence he had. 

In the absence of convincing evidence, all we, the public and journalists not interested in rushing to judgment, have to go by are our considerations of whom an event benefits. But personal doubts and beliefs about the calculations and interests of various actors are quite distinct from any degree of true knowledge. 

Few people read long technical texts like the IRA indictment, the Owen report on Litvinenko, the JIM report on chemical weapons in Syria, the McLaren report on Russian doping in sports. Sometimes even the evidentiary standard of these documents can be insufficient for a court -- some Russian athletes' bans imposed after the McLaren investigation were, for example, struck down by the Court of Arbitration for Sport. But the evidence laid out in such documents is usually enough for informed judgments by politicians, the media and those members of the public who are concerned enough to read some dense prose. It's enough for an informed public debate.

Non-public intelligence can still be legitimate; no government is going to submit to a rule that says any military action must follow what is effectively a public trial of the evidence. But Western governments appear to be leaning toward the other extreme, implying that the public release of evidence is never necessary before judgments are passed and retaliatory measures launched. Democracies must protect their institutions from abuse and show respect for citizens by doing their best to provide factual information. In a world of fake news, governments have to rise to a higher evidentiary bar. Besides, waiting a few weeks or even months before taking drastic action is often a sign of wisdom, not weakness.

This column does not necessarily reflect the opinion of the editorial board or Bloomberg LP and its owners.

Leonid Bershidsky is a Bloomberg View columnist. He was the founding editor of the Russian business daily Vedomosti and founded the opinion website

To contact the author of this story: Leonid Bershidsky at

For more columns from Bloomberg View, visit

©2018 Bloomberg L.P.