Feds Pin Political Hacks on Russia. But How to Respond?
Nearly four months after hackers stole and leaked the internal files and communications of the Democratic National Committee, the U.S. government has finally stated what everyone from members of the cybersecurity industry to Hillary Clinton had already argued: That the hackers behind that breach and a series of others were in fact agents of the Russian government. But naming Russia as the source of those attacks only raises equally murky questions: Why go public with that blame now? And how to respond?
In a public statement Friday, the Department of Homeland Security and the Office of the Director of National Intelligence formally accused the Russian government of political hacking aimed at influencing the November election. Their joint statement specifically connects the Russian government to everything from a prolific “DCLeaks” platform for publication of hacked politicians’ emails, to the Democratic National Committee attack that resulted in the organization’s emails being published by WikiLeaks, to the supposedly Romanian hacker persona Guccifer 2.0 that took credit for that hack.
After months of speculation from the cybersecurity community, Friday’s statement offered an unequivocal finger pointing at the Kremlin. “These thefts and disclosures are intended to interfere with the US election process,” the joint statement reads. “Such activity is not new to Moscow — the Russians have used similar tactics and techniques across Europe and Eurasia, for example, to influence public opinion there. We believe, based on the scope and sensitivity of these efforts, that only Russia’s senior-most officials could have authorized these activities.”
That announcement is the first time the Obama administration has publicly confirmed that it attributes these hacks to Russia. As concern grows about the destabilizing influence of the incidents on the upcoming presidential elections, it’s not just a reassurance to the American public that the source of the hacks have been identified. The statement might in theory serve as the formal first step toward U.S. sanctions or other forms of retaliation meant to punish the country for its attempts to meddle in American democracy.
A Strong Response
“The administration’s acknowledgement that Russian intelligence agencies are attempting to influence the U.S. election and undermine public confidence conveys the seriousness of the threat,” Senator Dianne Feinstein (D-Calif.), the vice chairman of the Senate Select Committee on Intelligence, wrote in a statement Friday afternoon. “Attempted hacking of our election system is intolerable, and it’s critical to convince the Russian government to cease these activities. If it does not, we must develop a strong response.”
For months, the U.S. government has been mulling new economic sanctions as at least part of that “strong response.” As early as August, the Wall Street Journal reported that government officials had considered that measure, but hadn’t reached a decision—and couldn’t without publicly naming Russia as the source of the attacks.
Exactly why public attribution of the attacks and any resulting sanctions have taken so long to materialize remains unclear. At the beginning of 2015, by contrast, President Obama authorized sanctions against North Korea in response to the Sony Pictures hack a month earlier. Later in 2015 he signed an executive order to make it easier to impose economic sanctions on individual international hackers, especially those involved in state-sponsored attacks. But even with some officials pointing the finger at Russia—plus evidence from the private sector—the Obama administration has waited until now to formally come forward.
One reason for that delay could be that Syrian peace talks with Russia have been ongoing for months. But on Friday Secretary of State John Kerry called for the Russian and Syrian governments to be investigated for war crimes related to bombings of civilians.
On the other hand, diplomats may have been confronting Russian officials privately about the hacking incidents in the hopes of stemming the attacks more discreetly, says Jason Healey, a cyber conflict researcher at Columbia University. “It might have been for the last two months that the Obama administration had been trying to work quietly with Russia to get them to back off the election,” says Healey. “And it is entirely possible that we’ve said ‘they’re making this confrontational, so we have to be equally confrontational in what we do.’”
An Overplayed Sanctions Card
If that confrontation comes in the form of sanctions, however, some question whether they would have the desired effect in deterring Russia. “It’s very difficult for us to push back on Russia in some ways,” says Dave Aitel, a former NSA analyst who now runs the security firm Immunity. He points out that the U.S. has sanctioned Russia in the past with little success, and over the Syrian conflict. That card can only be played so many times. “We’ve already done quite a lot of these sanctions and when we bargain away our sanctions we bargain them away for very strategic actions such as Syria. So at this point it’s hard to say, ‘oh we’re going to re-sanction you for all this cyber weapons stuff that you’re doing.’”
Even if sanctions did have a long term effect, they might come too slowly to deter Russia from continuing to sway this presidential election, says Columbia’s Healey. “It’s a smart idea and we should go ahead and do it, but there’s no way it’s going to affect Russian behavior in the short term,” says Healey. “And in the short term we want to make sure Russia backs off from the election. This is our democracy. They could throw the election one way or the other, and I don’t think we can accept that.”
Instead, Healey argues that “hacking back,” a kind of counter-offense that attempts to proactively disrupt the hacking groups, could have a more immediate effect. And America’s military hacker division known as its Cyber Command has been ramping up its capacity, he notes. “If the intel community is saying that they’re trying to disrupt our election, then the fight is on,” says Healey. “So we need to be throwing some punches as well.”
But complicating any form of retaliation are lingering questions about the validity of the evidence linking the attacks to Russia, a perennial problem in investigating cyber attacks. Friday’s joint statement, for instance, stopped short of definitively accusing Russia of having been behind the recent probes and scans of state voting databases and other state election systems. Russian President Vladimir Putin, for his part, has repeatedly denied that Russia is behind any of the U.S. political hacks. And it’s still not clear if Friday’s WikiLeaks release of thousands more emails from Hillary Clinton’s advisors were also attributed to Russia in the DHS’s and ODNI’s assessments.
Even without an immediate response aimed at deterring the Kremlin’s cyberattacks, Friday’s announcement still serves another purpose: As the consistent hacks and disinformation campaigns create increasing uncertainty and instability in the U.S. voting process, officials are working to reassure citizens that voting systems are secure and that the results of the upcoming presidential election won’t be skewed. In its Friday joint statement, DHS and ODNI repeated what they and other officials have been saying for weeks about how the decentralized nature of U.S. elections, where each state has its own election board and voting apparatus, makes hacking unlikely. But some research still indicates that tampering is possible, and the reassurances have come with significant government urgency, especially from DHS, to lock down voting defenses.
“People always say deterrence is about punishment, but a lot of deterrence is about securing yourself,” Aitel says. And that response, between now and November 8th, may be the one that matters most.
Link to original –