Perspective: Hack-and-leakHack-and-Leak Operations and U.S. Cyber Policy

On 27 November 2019, Jeremy Corbyn, then-leader of the U.K. Labour Party, held a press conference in which he held up a hefty, official-looking, heavily redacted document – it was a heavy tome of about 400 pages. The press conference took place less than three weeks before the general election, which was the second election in three years after the United Kingdom voted, in June 2016, to leave the European Union.

James Shires writes in War on the Rocks that the documents Crobyn held in his hand were purported to show the details of discussions between the U.K. and U.S. governments on a post-Brexit trade deal, including demands by U.S. representatives to open access to the United Kingdom’s National Health Service (NHS) for American companies — an inflammatory issue for many voters.

Conservative Prime Minister Boris Johnson won the December election by a wide margin, and Corbyn resigned the Labour Party leadership shortly afterwards.

But the interest in the documents and, more importantly, their provenances, have outlasted Corbyn’s leadership. Shires notes that shortly after Corbyn’s exposé, cybersecurity company Graphika argued that the same documents had originally been posted on Reddit in a manner practically identical to a suspected Russian disinformation operation identified by the Atlantic Council’s Digital Forensics Research Lab earlier in 2019. In August 2020, Reuters reported that “suspected Russian hackers” had obtained the documents from the compromised email account of former U.K. Secretary for Trade Liam Fox.

Shires adds:

This is one example of a hack-and-leak operation where malicious actors use cyber tools to gain access to sensitive or secret material and then release it in the public domain. Hack-and-leak operations pose difficult questions for scholars and policymakers on how best to conceptualize and respond to this new frontier in digital foreign interference. Scholars need to take hack-and-leak operations seriously as a challenge to theoretical understandings of the boundary between legitimate and impermissible political practice. But hack-and-leak operations are also an urgent policy challenge for both offensive and defensive cyber security policies as U.S. government agencies receive greater latitude to conduct such operations around the world.

In a recent article in Texas National Security Review, I argued that hack-and-leak operations should be seen as the “simulation of scandal”: strategic attempts to direct public moral judgement against the operation’s target. Hacking tools provide a new and relatively accessible means to obtain the secret information necessary to simulate scandals. However, they pose an equal danger for those who use them: that the target of the scandal will successfully portray the hack as more media-worthy than the content of the leak. Hack-and-leak operations are thus a double-edged sword, as their discovery often means the scandal becomes about the hack itself, not about the hacked information.

Shires concludes: “In a landscape of permanently competing narratives, this dynamic is never fully decided, and a new scandal — especially one revolving around illicit hacking — can open a crucial window of opportunity for adversaries.”