1 August 2016 (Milos, Greece) – The theft and leak of embarrassing Democratic National Committee emails has created a political firestorm with cybersecurity experts saying the email release resembled past examples of political interference that other countries have tied to Russia.
FireEye and CrowdStrike … two of the “Big Three” firms (the other being Stroz Friedberg) that deal with threat forensics and advanced cyber threats … have published intense analysis on their web sites on why they suspect Russian government sponsored groups – due in large part to the level of sophistication behind the group’s attacks and their high-level experience with these groups. It’s the same group(s) that hit the State Department, the White House, and the civilian email of the Joint Chiefs of Staff. The group’s modus operandi (a spearphishing attack that uploads a distinctive remote access tool on the target’s computer) is well known to cyber-security researchers. Quoting from CrowdStrike:
“We’ve had lots of experience with both of these actors attempting to target our customers in the past and know them well. In fact, our team considers them some of the best adversaries out of all the numerous nation-state, criminal and hacktivist/terrorist groups we encounter on a daily basis. Their tradecraft is superb, operational security second to none and the extensive usage of ‘living-off-the-land’ techniques enables them to easily bypass many security solutions they encounter.”
The political pundits? This is all aimed to influence the U.S. election. Putin has “weaponized” Wikileaks.
To many analysts, it is payback for Georgia’s Rose Revolution in 2003, Ukraine’s Orange Revolution in 2004, and Ukraine’s Euromaidan movement in 2013-2014 as US-backed coups aimed at limiting Russian influence in the region. Of course the U.S. has claimed neutrality in all elections in the region, which Russia sees this as nonsense. In Washington the U.S. never takes sides in foreign elections … except when it does.
But history and context are everything. One of the many paradoxes of U.S. policy is that it becomes involved in the politics of foreign countries in an effort to promote democracy, but we would never tolerate any foreign country attempting to take a similar role (or a much smaller one) in our own politics.
And to the cable news networks and other “Main Street” media outlets whose sense of history only goes as far back as today’s breakfast (will somebody PULEEZ lock up Wolf Blitzer in his “Situation Room”) it is all “new”.
Influencing elections is something Russia’s intelligence agencies and U.S. intelligence agencies have doing since the 1950s … consistently. The KGBs First Chief Directorate had an entire Directorate basically dedicated to political sabotage. For those of you so inclined to learn the details I recommend Tim Weiner’s “A Legacy of Ashes” which is a critical overview of the CIA’s history. Currency manipulation to destabilize countries, political and economic sabotage, political assassinations, etc. It’s all in there.
If you are interested in the KGBs history of Western operations I highly recommend “The Sword and the Shield”, a book sourced from stolen documents by one of the KGBs chief archivists Vasili Mitrokhin which he smuggled out of Russia and handed to a Cambridge professor after the fall of the USSR. Almost all of it was subsequently verified from multiple sources. The same manipulation, sabotage, assassination that we deny we do.
Of course the DNC hack all looks “new” today because cyber attacks are the issue of the day. Well, at least until Elon Musk gets killed by a robot-gone-mad or Eric Schmidt gets run over by an autonomous Google car.
The U.S. response to the DNC hack is … so far … muted.
Since 2014, Obama has punished three of the four states considered the top cyber threats to U.S. computer networks: China, Iran and North Korea. The curious exception is … Russia. Despite what U.S. Defense Department has called “the most aggressive of all cyber attack countries”. The countries that were punished:
1. In 2014, the Justice Department charged five members of China’s People’s Liberation Army for stealing trade secrets from U.S. industries in cyberspace.
2. This year, the Justice Department charged seven Iranian hackers it said were linked to the country’s Revolutionary Guard Corps with hacking into U.S. banks and a Rye, New York, dam between 2011 and 2013.
3. At the beginning of 2015, Obama sanctioned North Korea for the 2014 Sony hack.
But Russia has yet to face any consequences like that. All of this raises the question why Russia has gotten off the hook when other countries haven’t. After all, this isn’t the first time the Russians have done this kind of thing. U.S. officials have alleged that Russia was also responsible for hacking the State Department’s unclassified email system in 2015 and other unclassified White House computer networks. In 2014, the Russians were widely viewed as having intercepted and leaked a phone conversation between Assistant Secretary of State Victoria Nuland and the U.S. ambassador to Ukraine, Geoffrey Pyatt.
Eli Lake, an American journalist who writes for Bloomberg and who was the former senior national security correspondent for Newsweek, has some ideas. He blogged over the weekend:
To start, U.S. intelligence agencies traditionally have seen cyberattacks by other nations as a window to collect intelligence on the attackers’ own sources and methods. In this sense, the less said about an intrusion the better. The National Security Agency often chooses to respond to foreign government hacking with hacking of its own.
There are also diplomatic considerations. While the U.S. has sanctioned sectors of Russia’s economy for the annexation of Ukrainian territory, Secretary of State John Kerry has also tried unsuccessfully now for a year to entice Russia to use its leverage with the Syrian regime to end the civil war there. A public response to Russian cyber-aggression could invite a diplomatic response from Russia in Syria.
Yes, complex. But as stated by other cyber analysts over the weekend, given the grave nature of this breach and the fact that it clearly is a state-sponsored attempt to manipulate the U.S. presidential election there must be a response. Or, as Eli Lake himself noted:
There is a consequence for doing nothing. It might give Russian hackers the impression that the U.S. is uninterested in deterring them. Indeed, it appears they are under that impression already.