Russian Hackers’ Motive Baffles U.S.:
Mere Espionage, or Worse?
By William Turton
December 23, 2020, 4:43 PM GMT
Attackers accessed
emails, suggesting espionage was purpose
Investigation into
widespread computer breach in early stages
As researchers from Silicon Valley to Washington race to
understand the full impact of the massive cyber-attack that breached computer
networks in the government and private sector, one of their thorniest
unanswered questions centers on motive.
Already, investigators and government officials have pointed
to an elite group of hackers tied to the Russian government and suggested a
fairly obvious rationale: that it was an espionage operation aimed at nabbing
classified intelligence and other inside information.
But some lawmakers and people involved in the investigations
have said that the magnitude and breadth of the hack point to other
objectives, including undermining
Americans’ faith in the systems themselves. U.S. cybersecurity officials
have warned that the attackers pose a “grave risk” to federal, state and local
government agencies, in addition to the private sector and critical infrastructure, which could include anything from the
electrical grid to transportation networks.
Some have even likened the attack to an act of war, raising the stakes in how the U.S. might respond.
Chris Inglis, former deputy director of the U.S. National
Security Agency, said the attack extended beyond typical cyber-espionage
because the attackers dispersed their malicious code so widely, even to
potential targets with no obvious intelligence value.
“They’ve blown out the possibility that this is a simply an
intelligence operation,” he said. “They’re clearly
attacking the confidence that we as a society have in those systems.”
Melissa Hathaway, former cybersecurity adviser to presidents
George W. Bush and Barack Obama, said in a panel discussion on the attacks
Tuesday that “key utilities” in the U.S.
were also at risk. “We cannot ignore the fact that this is also a protocol that can be used against the
industrial control systems.”
The hacks are ongoing too, with the hackers still operating within breached networks, according to
Microsoft Corp. That access gives them the ability to conduct a more
damaging attack, like deleting data or shutting down systems. “When you
have this much of persistent access, you have leverage,” Hathaway said.
The debate over the motive comes as some members of Congress
and former U.S. officials are calling for an aggressive response beyond what has
been tried following previous cyber-attacks. Determining the motive for the suspected Russian hackers’
ambitious attack is important as it
will help determine in part how President Donald Trump -- or more likely
incoming President-elect Joe Biden -- responds.
Trump has downplayed
the attack, while Biden has vowed to hold the culprits to account. “They
can be assured we will respond and respond in kind,” Biden said.
A wide range of
possibilities are on
the table, including both overt measures and others that are unlikely to ever
become public. They include targeted sanctions, Justice Department indictments
against the hackers, covert operations and the use of the U.S.’s own formidable
offense cyber capabilities, according to a person familiar with the discussions.
Biden’s incoming chief of staff, Ron Klain, said on “Face
the Nation” on Sunday that the options aren’t limited to sanctions. “It’s steps
and things we could do to degrade the capacity of foreign actors to engage in
this sort of attack.” But he added, “I think there’s still a lot of unanswered
questions about the purpose, nature and extent of these specific attacks.”
Inquiries into the attack are ongoing, and it may take
months before investigators determine what the hackers stole -- or secretly
reviewed -- and what their motivations were.
The U.S. response may also be muddied by its own
cyber-attacks in Russia and elsewhere, much of which haven’t been made public. In
2015, after Chinese hackers breached the Office of Personnel Management, then
Director of National Intelligence James Clapper suggested the U.S. would do the
same thing if given the chance. “You have to kind of salute the Chinese for
what they did,” he said. “If we had the opportunity to do that, I don’t think
we’d hesitate for a minute.”
In the
most recent cyber-attack, the hackers installed malicious code into updates of
popular IT software from Texas-based SolarWinds Corp., whose customers include
U.S government agencies and Fortune 500 companies, authorities have
said. SolarWinds has said as many as
18,000 customers received the malicious update, which served as a sort of secret backdoor that hackers could later
use to dive deeper into computer networks.
The hackers breached the departments of Treasury, Commerce,
State and Homeland Security as well as the National Nuclear Security
Administration. They also hacked into the cybersecurity
company FireEye Inc., whose investigation of its own breach led to the
discovery of the malicious update in SolarWinds’s Orion software.
Bloomberg News reported that investigators have identified
at least 200 government agencies and companies that were hacked using
SolarWinds’s backdoor, but the identities of many of the victims aren’t yet
publicly known.
U.S. officials including outgoing Attorney General William
Barr, as well as cybersecurity experts, have fingered Russia as the most likely
culprit; some experts have suggested the attack bears the hallmarks of Russia’s
APT 29 hacking group, which is also known as Cozy Bear.
In the days after the attack, Senator Mark Warner, Democrat
from Virginia, was among those who pointed to spying as motive. The vice
chairman of the Senate Intelligence Committee, Warner said the attack was “a
very, very sophisticated espionage attempt to take information, key
information.”
Dmitri Alperovitch, co-founder and former chief technology
officer of the cybersecurity firm CrowdStrike, agreed with Warner’s take.
“Motive has been obvious since the beginning. This is a data
and intelligence collection operation,” said Alperovitch, who is now chairman
of the Silverado Policy Accelerator.
The fact that the hackers gained access to the email accounts of high-ranking U.S.
government officials supports the idea that the suspected Russian hackers
were engaged in a massive spying operation. On Monday, Senator Ron Wyden,
Democrat from Oregon and the ranking member of the Senate Finance Committee,
provided the most compelling evidence to date to support the espionage theory.
Following a briefing from Treasury officials, Wyden said hackers had gained
access to the email accounts of the department’s highest-ranking officials but
that Treasury still doesn’t have a full accounting of what the hackers did.
The hackers also broke into about three-dozen email accounts
at the Commerce Department’s National Telecommunications and Information
Administration, including those of senior leadership, Wall Street Journal
reported.
Frank Cilluffo, director of the McCrary Institute for Cyber
and Critical Infrastructure Security at Auburn University and an adviser to the
Department of Homeland Security, said it’s simply too soon to know for sure
what the hackers were after, even as it looks initially like a “massive
intelligence coup.”
“That doesn’t necessarily mean they can’t use those
footholds for more disruptive actions in the future,” he said. “It’s hard to
know until the damage assessment is complete.”
No comments:
Post a Comment