13 October 2021

Hacking

'The Simulation of Scandal: Hack-and-Leak Operations, the Gulf States, and U.S. Politics' by James Shires in (2020) 3(4) Texas National Security Review 10–29 comments 

Four hack-and-leak operations in U.S. politics between 2016 and 2019, publicly attributed to the United Arab Emirates, Qatar, and Saudi Arabia, should be seen as the “simulation of scandal" — deliberate attempts to direct moral judgment against their target. Although “hacking” tools enable easy access to secret information, they are a double-edged sword, as their discovery means the scandal becomes about the hack itself, not about the hacked information. There are wider consequences for cyber competition in situations of constraint where both sides are strategic partners, as in the case of the United States and its allies in the Persian Gulf. 

Hack-and-leak operations (HLO) are a new frontier in digital forms of foreign interference, epitomized by the success of Russian intelligence agencies in obtaining and disseminating documents from the Democratic National Committee (DNC) during the 2016 U.S. presidential election campaign.1 HLO and other information operations are widely seen as a severe threat to liberal democratic structures and U.S. policymakers have mobilized significant resources in response, including threat intelligence and cyber security protections, increased election and voting security, legislative pressure on social media companies, and even offensive cyber attacks. 

This “whole-of-nation” approach is largely based on the events of the 2016 U.S. election, and specifically Russian interference in the election process. However, it is hard to pinpoint the exact impact of the Russian disinformation operations. Controversial candidates, a combative and polarized media environment, and entrenched economic and social divisions were all key factors in the 2016 election result. Furthermore, foreign interest in the U.S. election was not limited to the Russian government; other state and nonstate actors also sought to influence candidate campaigns in their favor. The danger is that academic and policy understandings of HLO are over-reliant on a single case. This article therefore asks: How do other HLO cases alter our understanding of this new phenomenon, including motives, means, and consequences? 

HLO occur frequently worldwide, but their political contexts vary widely and have uncertain implications for U.S. politics.6 Consequently, this article expands our understanding of HLO through a detailed qualitative analysis of four operations that targeted political figures in the United States in the period following the DNC operation (October 2016 to January 2019), thus keeping the political and media environment constant as far as possible. These cases replicate many of the striking features of the DNC operation: access through phishing, the release of large collections of emails, publication in national media outlets, and even direct references to “DCLeaks,” the identity assumed by the Russian intelligence agencies to disseminate the DNC documents. These cases have been publicly attributed to governments in the Middle East, namely Qatar, Saudi Arabia, and the United Arab Emirates (UAE), and thus broaden conceptions of digital foreign interference to allies as well as adversaries. 

This article argues that HLO are the “simulation of scandal”: deliberate attempts to direct public moral judgment against their target. The success of HLO depends on the shifting power dynamic between the scandal-maker and the scandal-subject, referred to in Arabic as kāshif and makshūf, respectively. At the center of this dynamic are the digital technologies used to obtain and release secret information. These hacking tools are a double-edged sword, as their discovery often means the scandal becomes about the hack itself, not about the hacked information; in other words, the kāshif becomes the makshūf. These cases also highlight other overlooked aspects of HLO: the utility of “activist” cover, the involvement of new actors such as public relations (PR) agencies and law firms, and the leaker’s wary reliance on mistrustful relationships with traditional media. Finally, the article identifies wider consequences for cyber competition in situations of constraint where both sides are strategic partners. In such situations, HLO offer a powerful but indirect and unpredictable means of influence. 

The first section places HLO within the literature on cyber conflict and information operations. The second section draws on sociological accounts of mediatized and digitalized leaks to explore the simulation of scandal. The rest of the article concerns the four case studies: The third section provides an overview of each case; the fourth analyzes their coverage in prominent media outlets; and the fifth discusses reasons behind their differing effects. A conclusion places this discussion in a broader strategic context, highlights limitations, and suggests further work.