The day democracy got hacked: To this "old spy," all signs in the DNC email leak pointed to Russia

Someone was playing 3-dimensional chess with our democracy. Experience taught me there could be only one source

Published July 8, 2017 9:00AM (EDT)

Hillary Clinton   (AP/Matt Rourke)
Hillary Clinton (AP/Matt Rourke)

Excerpted with permission from "The Plot to Hack America" by Malcolm Nance. Copyright 2016, Skyhorse Publishing, Inc. Available for purchase on Amazon, Barnes & Noble and IndieBound.

Beginning in March and April 2016, an unknown person or persons hacked into the computer servers of the Democratic National Committee. Over time it became clear that the hackers were targeting very specific information in the DNC files—the opposition research the Democrats had dug up on their Republican opponent Donald J. Trump. Once they had the information they wanted, the cyber-spies rooted around in the computers for several months thereafter, stealing other files such as personal emails, digital voice mails, and sensitive personal information on donors. This included the donors’ bank account, credit card, and social security numbers. The DNC discovered the intrusion while performing a security check, and shut their network down. However, the damage was done.

Book Cover

For an old spy and codebreaker like myself, nothing in the world happens by coincidence. Intelligence officers are a peculiar lot. Whether they are active or retired, their brains are wired for a completely different way of seeing the world around them. Some come from the Human Intelligence world, where they learn to read, manipulate, and distrust everyone in order to “social engineer” intelligence from people who do not want to give them anything. Others are forged in the signals intelligence world, where all data is just a massive electronic puzzle to be constantly analyzed, turned over, and fused together into an exploitable product, or into a final code to be decrypted or broken. Some, like myself, come from both worlds, and are at turns analytical and skeptical of seemingly obvious information. This hybrid mindview doesn’t approach the world as streams of linear data; it attempts to analyze information like a constantly flowing game of three-dimensional chess. All the moves are technically the same as in regular chess, but the traditional allowances of forward and backwards one square, or a lateral or L-shaped pattern, are too limiting for those trained to sniff out hostile intent; we require additional ways of processing information to be satisfied. Up vertically, down every angle of the compass rose and then across every median, line of longitude, latitude, and every other angle of measure are just about right . . . then we add layers of frequency analysis figuring out the timing, spacing, depth and distance between each item we call data points. When an event has been then identified on the continuum of intelligence, we compare it with everything that has ever occurred in history to see if it resembles other patterns played by another spy who employed that process. We then process the context and precedence of each observed activity against common sense to determine if an event chain is coincidence, or if it bears the marks of hostile intent. Ian Fleming, the old British Secret Intelligence Service officer who created the fictional character of James Bond, characterized the amazing events in his books with an observation in his 1959 book "Goldfinger": “Once is happenstance. Twice is coincidence. Three times is enemy action.”

Times have changed since Mr. Fleming’s Dictum. In light of current trends in the intelligence business, I like to characterize this phenomenon as Nance’s Law of Intelligence Kismet: “Coincidence takes a lot of planning.”

Reading about the DNC hack was not initially alarming; hackers had also penetrated the Obama and McCain campaigns in 2008. The DNC hack was newsworthy but not really noteworthy until it was paired with two additional events. At the time of the hacks I was writing a massive tome on hackers associated with ISIS and al-Qaeda, so I was attuned to any information about electronic data theft. Then on June 1, 2016 one of my military hacker friends pointed out that an entity who called himself Guccifer 2.0 had opened a WordPress page and was dumping information stolen from the DNC hack.

Guccifer 2.0 claimed he had all the hacked material from the DNC and would be releasing it through his webpage. The name Guccifer struck a nerve, as the real Guccifer, a prolific Romanian hacker, had just been extradited to the United States. Guccifer 2.0 was a copy-cat, and a lazy one at that. My hyper-suspicious intelligence mind started kicking into gear and the game of multidimensional chess was on.

Two weeks later Sam Biddle, the national security writer for the snarky web magazine Gawker, posted the entire Donald J. Trump opposition file from the DNC’s servers. Immediately both Fleming’s Dictum and Nance’s Law struck at the same time. There was no way that the single most damaging (and dull) file from the DNC hack would be “accidentally” released weeks before the Republican National Committee convention. It was straight from the Karl Rove political playbook: Release damning information early, hold bad information until appropriate. More startling was that word was spreading across the global cyber security community that the DNC hack and Guccifer 2.0 had Russian fingerprints all over it.

I started my career in Naval Intelligence when I entered as a Russian language interpreter sent to DLI, the Defense Language Institute. For years before my Navy enlistment I had studied the Soviet Union and the KGB’s history of political intrigue in preparation for a career in intelligence. Little did I know that two years of studying Russian on my own and four months of waiting at the Presidio of Monterey for my language school slot would result in my taking a completely different language. I was assigned to study Arabic, then I spent decades watching the Russian client states of Libya, Syria, and Iraq, as well as their ties to European terrorist groups Red Army Faction, Action Direct, the Irish Republican Army, and the Combatant Communist Cells. No matter what my target was, the KGB cast a shadow across every spectrum of my operations. Whenever we conducted a mission involving Syria, we watched for Russian cruisers and destroyers heading to Tartus, or the IL-38 “May” surveillance aircraft that dogged us and kept a weather eye on the Soviet naval units in the Gulf of Sollum anchorage off the Egyptian and Libyan border. Russian “Illegals” — covert intelligence officers — would try to attach themselves to us like leeches in seedy strip clubs in Naples or when puking on the streets of the Marseilles red light district. We went to monthly counterintelligence briefings that explained how the KGB recruited assets, and how they manipulated even the lowest-level young soldier, sailor, or marine through heterosexual and homosexual “honeytraps.”

The formerly classified briefings of Yuri Bezmenov, now posted up on, are where we learned of the targeting and recruitment techniques of the KGB. Until the fall of the Soviet Union the watchword was “Beware of the Bears. The Bears are everywhere.”

After the fall of the Soviet Union the KGB became known as the FSB. In the last ten years Russian intelligence melded all of its offensive techniques to create a new kind of war: Hybrid Warfare — a melange of hostile cyber, political, and psychological operations in support of their national objectives, whether during peacetime or in open war. It is now standard operating procedure.

A few months after the hacks, at the start of the Democratic Party Convention in Philadelphia, the WikiLeaks organization, led by the information transparency activist Julian Assange, leaked the stolen documents with the intent to “damage” Hillary Clinton. The information leak had the intended effect, as airing the DNC’s dirty tricks conducted against the Sanders campaign created a rift between diehard Bernie Sanders supporters, and led to the resignation of Representative Debbie Wasserman-Schultz as chair of the DNC.

Once the emails were released the source of the hacking became the number one question asked by global security and intelligence experts. The story was literally a Whodunnit? How did information from just one political party get released to the benefit of the unpredictable Republican nominee, Donald Trump? Civilian security specialists joined the U.S. and NATO allies as they commenced a massive cyber-sleuthing operation. The United States Cyber Command, headquartered at the National Security Agency (NSA) on Fort George G. Meade in Maryland, as well as the FBI and their cyber subcontractors, detected the leak source: The FSB and its sister the GRU — Russia’s national and military intelligence bureaus. The metadata — information inside the emails showing the pathway from the DNC computers to WikiLeaks — led straight back to a suspected Russian intelligence organization, a conglomeration of cyber spying groups codenamed CYBER BEARS.

All of the old lessons of identifying Russian mantraps started to come back to me as the stolen DNC data was revealed. It had a pattern that was familiar and that virtually every other intelligence officer could recognize. The pattern showed that someone was playing 3-dimensional chess with our democracy.

Russia has perfected political warfare by using cyber assets to personally attack and neutralize political opponents. They call it Kompromat. They hack into computers or phones to gather intelligence, expose this intelligence (or false data they manufacture out of whole cloth) through the media to create scandal, and thereby knock an opponent or nation out of the game. Russia has attacked Estonia, the Ukraine, and Western nations using just these cyberwarfare methods. At some point Russia apparently decided to apply these tactics against the United States and so American democracy itself was hacked.

The president received a briefing days before WikiLeaks released the data to the public. The Russian spy agency had been ordered to make a bold move, hack the American elections, and engage in political warfare to elect Donald Trump President. Whether he knew it or not, Trump was the perfect candidate for a political asset. Former KGB officer Yuri Bezmenov said the KGB targeted “Ego-centric people who lack moral principles—who are either too greedy or who suffer from exaggerated self-importance. These are the people the KGB wants and finds easiest to recruit.”

This activity could only have been directed from the highest level of the Russian Federation, from Vladimir Putin himself.

In "The Plot to Hack America," I have attempted to explain the story of the first massive Russian cyberwarfare operation against the United States electorate, and how Vladimir Putin attempted to engineer Donald J. Trump’s improbable election as president of the United States. Here you will find a fairly detailed breakdown of the entire CYBER BEARS organ of the Russian Federation: the FSB, the GRU, Russian military intelligence, and criminal cyberwarfare subcontractors. It will become clear that they are using every weapon in the Kremlin’s propaganda arsenal. It will catalog the entirety of all of their known cyber and media activities related to the 2016 US political campaign. Within its chapters are revelations about how television media, global communications, and cyber operations were used to exploit and attack the US electoral system. There is strong evidence their work with WikiLeaks met clearly scripted dates and actively responded to events in order to destroy Hillary Clinton and the Democratic Party and to elect Donald Trump as president.

"The Plot to Hack America" will also try to explain how the CYBER BEARS group was detected; how CYBER BEARS hacks personal and intelligence data from its enemies and then uses that intelligence to choose political allies and “useful idiots” to do their bidding in the target nation; and why they may or may not be disseminating Black propaganda, forged emails, false statements, and computer viruses, that are released into the WikiLeaks data dumps. CYBER BEARS teams also often masquerade as American voters and post Pro-Trump positions and materials on Twitter, Facebook and other sites to support the election of Donald Trump.

"The Plot to Hack America" details how Russian intelligence, the FSB’s “Active Measures” units, created and structured a strategic political warfare campaign, and how it influences the internet via distribution of international media through Russia Today (RT) television, which pushes political propaganda daily. The Russian television media arm of the Kremlin, Russia Today (RT) television is engaged in a strategic propaganda campaign to further Russia’s political goals and has been used to co-opt the extreme wings of the American political parties including tacit and open support for neo-Nazis, anti-government extremist libertarians, conspiracy theorists, and the marginalized left such as the Green Party. RT gives these organizations an international mouthpiece in an attempt to validate them in mainstream media to the detriment of American stability.

This is a real-life spy thriller, happening in real time. It is my hope that "The Plot to Hack America" will inform the American electorate of how Russia executed a full-scale political and cyberwar on America, starting with Watergate 2.0, to elect Donald Trump president of the United States.

By Malcolm Nance

Malcolm Nance is a globally recognized counterterrorism expert and intelligence community member who has been deployed to intelligence operations in the Balkans, the Middle East and sub-Saharan Africa. He is the author of "The Plot to Hack America" and "Defeating ISIS" and he appears regularly on MSNBC. He lives in Philadelphia.

MORE FROM Malcolm Nance

Related Topics ------------------------------------------

Book Excerpts Dnc Email Hack Elections 2016 National Security Russia Hack