Suspected Russian hack: Was it an epic cyber attack or spy operation?
Category: News & Politics
Via: perrie-halpern • 4 years ago • 13 commentsBy: Ken Dilanian
American officials suspect a Russian spy agency has carried out what may be the most successful cyber infiltrations of U.S. government and corporate institutions in history.
It's being described as an epic hack. But was it an attack?
That's a more complicated question than might be imagined, and how it is answered may dictate how the incoming Biden administration responds.
For Microsoft president Brad Smith, the formulation is clear: "This latest cyber-assault is effectively an attack on the United States and its government and other critical institutions, including security firms," he wrote in a blog post Thursday, after it emerged his own company was breached by what U.S. officials say was likely the Russian SVR, a rough equivalent to the CIA.
U.S. security officials surveying scope of suspected Russian hack
But for many current and former American officials, that's not the right way to look at it. By hacking into dozens of corporations and government agencies, they say, the hackers have pulled off a stunning and distressing feat of espionage. But they note that it's just the sort of cyber spying that the American National Security Agency attempts on a regular basis against Russia, China and any number of foreign adversaries.
It might constitute an attack if the intruders destroyed data, for example, or used their access to do damage in the physical world, say, by shutting down power grids. But breaking into unclassified government and corporate networks? Reading other people's emails? That's spying.
"I don't think under anybody's definition who works in this field is this any kind of cyber attack," said Gary Brown, a former Pentagon cyber official who is Professor of Cyber Law at National Defense University.
"This is really just a very successful espionage operation. It's the kind of thing we would love to carry out. And it's sort of a wake-up call - we have got to get better. The Russians are way better at this than we even knew about."
Jamil Jaffer, former senior counsel to the House Intelligence Committee and a vice president at IronNet Security, noted that "we have no evidence yet that any information has been deleted, destroyed, manipulated or modified, leading me to believe that this is an intelligence collection operation."
It's alarming but not surprising, for example, that the Energy Department's National Nuclear Security Administration was among those agencies breached—its unclassified business networks were hacked, according to the agency.
"If we could access Russia or China's nuclear programs and information, we would," he said.
American officials should be careful how they describe this incident, said one senior Congressional official who oversees intelligence. It is different from what North Korea is said to have done in 2014 to Sony Pictures, hacking into its networks, destroying data and computers and making public private emails.
It's also different from the U.S. and Israeli operation known as Stuxnet, which a decade ago used a cyber attack to damage Iranian nuclear centrifuges. That was clearly a cyber attack.
The latest suspected Russian cyber intrusion is more akin to China's hack of the Office of Personnel Management (OPM), gaining the Chinese access to millions of sensitive personnel records.
After that incident, then Director of National Intelligence James Clapper said: "You have to kind of salute the Chinese for what they did. If we had the opportunity to do that, I don't think we'd hesitate for a minute."
"Obviously if somebody breaks into your systems and starts destroying stuff, as happened with Sony, well, that's an attack," the official said.
"But in the case of OPM, when hackers come in and exfiltrate reams of data, while that is not welcome, it's not necessarily in the same ballpark as offensive action. We need to be careful here, because the United States should be conducting cyber espionage as well, so if we're sitting around and labeling as 'attacks' stuff that would normally fall into the espionage and intelligence bucket, we risk reaping what we've sown."
He added: "We are now wringing our hands over what other people are doing to us without a great visibility for the public into what we are doing to others."
In fact, American officials have been careful in their language. The top senators on the armed services committee, Republican James Inhofe and Democrat Jack Reed, issued a joint statement calling what happened a "significant, sophisticated cyber intrusion" -- not an attack.
Likewise, Mark Warner, the ranking Democrat on the Senate intelligence committee, called it a "devastating breach," a "malign effort," and an intrusion.
"International law on cyber operations is not well developed, but for something to be considered an attack, it must involve force or the use of force," said James Lewis, a former State Department official now with the Center for Strategic and International Studies.
Much is still yet to be understood about exactly what the intruders have done with nine months of unfettered access to government and corporate networks. It's possible they have done things that would be considered more than simple espionage, said a Western intelligence official who would not be named discussing a sensitive matter.
If they just took data, that would be one thing, he said, but if they planted "cyber bombs" that could cause physical destruction if detonated, that would be at least positioning for attack, he said.
Then again, he and others noted, that wouldn't be much different from what officials say the Russians have already done by positioning cyber weapons on parts of the American power grid, or by stationing nuclear weapons-equipped submarines off the U.S. coast.
The Russian SVR, which is believed to have carried out the hacks, has no history of manipulating or destroying data - they are a spying outfit, the congressional official said.
But even if this remains merely a Russian espionage success, it has shown, experts say, that the Russians don't feel they will pay a price for such a brazen operation. President Trump has said nothing about the matter, but President-elect Joe Biden has vowed to respond.
In doing so, he used the exact language that some intelligence officials said went too far, raising expectations for a more robust response than, in the end, he may be prepared to deliver.
"A good defense isn't enough; we need to disrupt and deter our adversaries from undertaking significant cyberattacks in the first place," Biden said in a statement. "I will not stand idly by in the face of cyber assaults on our nation."
Tags
Who is online
436 visitors
This is worrisome not because Russia was spying but because the way the media has been covering this and Biden's vow to "disrupt and deter our adversaries from undertaking significant cyberattacks in the first place". It show's the Left is still committed to restarting the cold war with Russia while ignoring the much more dangerous China. Like the article says this is "just the sort of cyber spying that the American National Security Agency attempts on a regular basis against Russia, China and any number of foreign adversaries." Just as Russia tried to influence our elections we have been doing the same thing in dozens of countries including Russia for decades. The effort to frame these tit for tat acts as Unprecedented Attacks verging on Acts of War that warrant a greater response while downplaying the much larger Chinese Spying and Political Manipulations is astounding. So apparently it is the Biden Administrations intent to Wag the Dog at Russia while giving away the farm to China. Not really surprising but worrisome just the same.
It is very interesting that the left considers Russia to be our mortal enemy, while finding no fault with China.
Everyone knows this happens there is only one type of security that can stop it, closed systems stop putting secret stuff on computers that are connected in any way to the web. Russia was probably particularly successful this time because of the work from home because of the virus movement. It's like naked pictures if you don't want them stolen don't put them on a computer, phone, or in the cloud. It was a lot harder to steal secrets when they were only written on paper but on a computer they can do a mass download, steal everything and spend the next six months sifting through the data to see what they stole.
It is very interesting that the Trump considers China to be our mortal enemy, while finding no fault with Russia.
If Russia is responsible, big question is what can the US even do about it? Probably not much...
Since we're also doing it to them on a regular basis what should we do. If it's important to keep it secret keep it off the computers. It might make life harder but that's the only thing we can do.
A start would be investing in cyber security, something McConnell has shot down over and over again for years.
I proved that wrong yesterday
I think it's likely that trump endorsed this attack as a way to get back at people that didn't vote for him. He is vindictive and revenge isn't something trump would rule out if his ego has been bruised. The fact that he had the balls to blame China when his own intel people told him it was Russia only reinforces this. Deflection is something donny has used since day one to cover up something else he is doing that he knows people wouldn't approve of.
If trump had a hand in the Russian cyber attacks, that meets the definition of treason, (putting the interests of another country ahead of the USA).
do you have any idea how crazy that all sounds?
TDS has that side effect on those so afflicted.
[Deleted]