By Bill Gertz
Cyber actors linked to Russia’s intelligence service carried out a sophisticated cyber attack against Democratic National Committee computer networks in a bold attempt to influence the U.S. presidential election.
That’s the consensus view of U.S. intelligence agencies and private computer security firms regarding the covert intrusions by Moscow into DNC networks over the course of at least one year that resulted in the theft and release of sensitive internal information.
As with other state-sponsored cyber attacks, the White House is refusing to condemn the incident or take action despite ample electronic intelligence indicating the DNC hacking was a Russian cyber operation.
It is not the first major Russian cyber attack. Others in recent months have included cyber penetrations of the Pentagon’s Joint Staff email server and infiltrations of unclassified networks at the White House and State Department.
White House National Security Council spokesman Mark E. Stroh told The Cyber Threat it does not regard the DNC hacking operation as a Russian state-sponsored cyber attack. “That’s a supposition,” he said. “The USG has not made that determination.”
The comment suggests that the Obama administration is again avoiding any action in response to major and damaging cyber attack against the United States. Its questionable rationale is that the DNC attack cannot be linked to Russia without courtroom-level evidence, despite intelligence indicating that it is. The issue of attack attribution—the ability of intelligence agencies to conclusively link cyber intrusions to known state sponsors of cyber attacks—is once against letting the bad guys off the hook.
China’s large-scale cyber attacks, notably attacks against the Office of Personnel Management and an American health care provider discovered last year, are among the most damaging cyber attacks by a foreign state. However, President Obama and his aides refused to hold Beijing accountable despite policies and the president’s own executive orders calling for the imposition of sanctions or diplomatic and financial costs against foreign hackers. Economic sanctions against China were considered but rejected last September.
The only state-sponsored cyber attack the president has identified publicly was the North Korean hack of Sony Pictures Entertainment in November 2014. That cyber attack destroyed computer networks, publicly disclosed sensitive corporate information, and sought to influence the release of a comedy film critical of North Korean dictator Kim Jong Un. The attack was made public because the National Security Agency had been able to break into North Korean hacking networks and map their activities. Again, almost no action was taken in response, other than the imposition of meaningless sanctions on several North Korean officials.
Lt. Gen. James K. “Kevin” McLaughlin, deputy commander of the U.S. Cyber Command, said this week that Obama attributed the Sony hack to the North Koreans because of interagency cooperation. “It’s pretty rare that that kind of strong attribution is able to be done,” McLaughlin told the Wall Street Journal. “I think the fact that all of us on the government side were sharing information, it allowed the leadership of the nation to make some rapid decisions on how they wanted to respond to it.”
McLaughlin said Cyber Command did not have a direct role in investigating the Sony hack but that it could play a role in the future. The general noted that “we learned a lot from how the military and cyber community participate rapidly with our interagency partners.”
The DNC hack reveals that Russian intelligence agencies are learning to game the weakness of the White House by adding a new layer to advanced cyber attack operations: Deception.
Russian intelligence agencies, either the Federal Security Service or GRU military intelligence service, are steeped in the tradition of deception stemming from Soviet-era strategic disinformation operations.
In the DNC hack, Russian hackers diverted the NSA’s attention and masked the origin of the attack by claiming the perpetrator was a lone hacker who was connected to Guccifer, the Romanian hacker who claims to have hacked the private email server used by former Secretary of State Hillary Clinton. Someone claiming to be Guccifer 2.0 tried to take credit for breaking into the Democratic Party’s servers.
Former NSA cyber analyst Dave Aitel believes the DNC hack was not just a cyber intelligence-gathering operation. It was a cyber warfare strike against critical U.S. infrastructure, namely the political party system of the United States.
Aitel, CEO of the cyber security firm Immunity Inc., sees the DNC hack and the release of sensitive information obtained from it on a WordPress website as “more than an act of cyber espionage or harmless mischief.”
“It meets the definition of an act of cyberwar, and the U.S. government should respond as such,” Aitel stated. Claims that the lone attacker Guccifer 2.0 conducted the action are not credible. “Of course, anything is possible, but the attack looks to be an operation conducted by Russian intelligence services,” he said.
A cyber attack limited to intelligence-gathering would reduce the need for an urgent response under the notion that electronic spying is fair game. But the DNC attack is different. It exceeded the threshold for cyber warfare. The Russians deliberately dumped the Clinton campaign’s opposition research playbook on a public website for the purpose of spreading misinformation about the source of the intrusion, while meddling in the U.S. presidential campaign.
“The U.S. government has a decision to make here,” Aitel asserts. “If it does not come out strongly against this action by the Russian intelligence services now, then when will it?”
It’s no secret that Russian President Vladimir Putin favors likely Republican nominee Donald Trump. Trump has said he has always felt “fine” about Putin and regards him as a strong leader.
Like the 1996 Chinagate scandal involving covert Chinese efforts to back the reelection of Bill Clinton and Al Gore, foreign intelligence operations during the presidential season are not unprecedented.
But the global information infrastructure in 1996 was nothing like it is today, and the Russian cyber gambit threatens the integrity of the American election system. To prevent foreign influence operations, the U.S. government must declare political parties and their networks to be worthy of strategic protection as part of its critical infrastructure protection strategy. Other examples of critical infrastructure include the electric grid, financial system, and transportation and telecommunications networks.
The Russians need to be punished—with sanctions, at a minimum—for their cyber attacks.
Better yet, to foster a deterrent-based dissuasion strategy, the NSA and Cyber Command should be unleashed to conduct retaliatory cyber attacks on Russian government and private sector networks. U.S. cyber capabilities, as shown by Edward Snowden’s pilfered NSA documents, are impressive and could easily penetrate Russian computer networks.
Revealing some of Russia’s most cherished secrets would go a long way toward deterring future actions in cyberspace. Key targets could include internal Russian government communications exposing Putin’s strategy to create a pan-Eurasian sphere of influence stretching from the Pacific to the Atlantic. And stealing and publishing details of the Russian leader’s hidden wealth, estimated to be at least $20 billion, would send a message to the Kremlin that attacking U.S. networks is not cost free. A third target could be details about Russian arms control violations, such as recent breaches of the 1987 Intermediate-Range Nuclear Forces Treaty and cheating on SS-25 missile dismantlement that violates the terms of the 2010 New START strategic arms accord.
As McLaughlin put it, Russia and China are “very, very capable cyber actors” whose hackers pose the threat of “taking full control of our networks” and passing themselves off as trusted users once inside.
“On the military side, you can imagine the difficulty that would cause a commander, if he didn’t trust his own network or his data,” he said.
The continued failure by President Obama to ignore Russian and Chinese cyber attacks guarantees that further and possibly more damaging attacks will be carried out.
— June 21, 2016