File photo of Pres. Barack Obama and DHS Secretary Jeh Johnson at the National Cybersecurity and Communications Integration Center. DHS photo

Obama Hits Russia With Sanctions — And More — Over Cyber Attacks

Here’s what you can do to protect yourself now

War Is Boring
War Is Boring
Published in
7 min readDec 30, 2016

--

by ROBERT BECKHUSEN & JOSEPH TREVITHICK

In the lead up to and after the 2016 presidential election, the United States made a series of escalating allegations about Russian cyber attacks against government agencies and private groups. On Dec. 29, 2016, these accusations came to a head with a flurry of American sanctions, expulsions of Kremlin officials and a joint report from the Department of Homeland Security and Federal Bureau of Investigation.

“These actions follow repeated private and public warnings that we have issued to the Russian government, and are a necessary and appropriate response to efforts to harm U.S. interests in violation of established international norms of behavior,” Pres. Barack Obama said in a statement.

“All Americans should be alarmed by Russia’s actions.”

President-elect Donald Trump — who at times in the campaign seemed to be the Kremlin’s preferred candidate — seemed less convinced. “It’s time to move on to bigger and better things,” he said in a statement.

“Nevertheless, in the interests of our country and its great people, I will meet with leaders of the intelligence community next week in order to be updated on the facts of the situation.”

The facts as the public quickly understood them, both in terms of the U.S. allegations and response, were significant.

On Dec. 29, 2016, in what may be one of his last such actions, Obama amended a 2015 executive order that already gave the U.S. government new authority to respond to “malicious cyber activity.” With the change, the president can sanction foreign agents who try to interfere with the country’s election processes.

But Obama’s actions were not limited individuals or groups involved in attacks during the 2016 campaign. He quickly sanctioned Russia’s main internal and military intelligence agencies, commonly known by the acronyms FSB and GRU respectively, for leading the breaches.

“This activity by Russian intelligence services is part of a decade-long campaign of cyber-enabled operations directed at the U.S. Government and its citizens,” DHS, FBI and Office of the Director of National Intelligence said in a statement. “The U.S. government can confirm that the Russian government, including Russia’s civilian and military intelligence services, conducted many of the activities generally described by a number of these security companies.”

With help from these private firms, the U.S. government linked the Russian agencies to various attacks. The joint DHS and FBI report compiled a list of nearly 50 different hacking “campaigns.”

“The U.S. government is referring to this malicious cyber activity … as Grizzly Steppe,” the summary review states early on. “Previous [joint analysis reports] have not attributed malicious cyber activity to specific countries or threat actors.”

“However, public attribution of these activities to [Russian civilian and military intelligence Services] is supported by technical indicators from the U.S. Intelligence Community, DHS, FBI, the private sector and other entities.”

Above and below — FBI photos

In addition, four specific GRU agents and three private companies the U.S. believed aided the hacking ended up on the sanctions list. The U.S. Treasury Department hit two more Russian nationals with financial and travel restrictions under a separate executive order.

On top of all that, the U.S. State Department ordered 35 of Moscow’s diplomats working in offices in Washington, D.C. and San Francisco, California to leave the country within three days. State added that it would close off all access to Russian-occupied facilities in Pioneer Point, Maryland and Oyster Bay, New York by mid-day on Dec. 30, 2016.

The Soviet Union had originally purchased these properties. Just hours after the announcement, American authorities had arrived at the site on Long Island to oversee the closure.

“The Department took these actions as part of a comprehensive response to Russia’s interference in the U.S. election and to a pattern of harassment of our diplomats overseas that has increased over the last four years,” Deputy State Department spokesperson Mark Toner said in a statement.

“The Russian Government has impeded our diplomatic operations by, among other actions: forcing the closure of 28 American corners which hosted cultural programs and English-language teaching; blocking our efforts to begin the construction of a new, safer facility for our Consulate General in St. Petersburg; and rejecting requests to improve perimeter security at the current, outdated facility in St. Petersburg.”

In a conference call on Dec. 29, 2016, White House officials added that Obama was still considering more actions in response to Russia’s activities. These could include measures not announced to the public, possibly a reference to retaliatory cyber attacks.

Regardless, as Obama and Toner implied in their comments, Russia knew very well that America’s response was coming from months of both public and private discussions.

“The outgoing U.S. administration has not given up on its hope of dealing one last blow to relations with Russia, which it has already destroyed,” Russian Foreign Ministry spokesperson Maria Zakharova said in a statement on Dec. 28, 2016. “Using obviously inspired leaks in the U.S. media, it is trying to threaten us again with expansion of anti-Russian sanctions, ‘diplomatic’ measures and even subversion of our computer systems.”

Already under pressure from the media, privacy groups and legislators to provide evidence of its assertions, and perhaps sensing a need to get ahead of Russia’s response and Trump’s impending inauguration, the Obama administration apparently decided it could not wait any longer. DHS even set up a website dedicated to the Grizzly Steppe investigation, implying more information may be forthcoming.

In addition to the names of “campaigns” associated with the Russian government, the initial joint report from DHS and FBI offered new, if still limited specifics about how the U.S. government believed the attacks proceeded, the electronic clues cyber attackers left behind.

The DHS and FBI specifically say their analysis built on an earlier statement Homeland and the Office of the Director of National Intelligence released together in October 2016. Without providing many granular details, that press release stated the U.S. Intelligence Community — 16 different groups in all — was “confident” the Russian government was responsible for a series of breaches.

In spite of this joint statement, the FBI and the Central Intelligence Agency reportedly disagreed on the exact reason for the intrusions. The new joint report did not spell out any motivations.

The authors appear to have aimed the bulk of the information primarily at network administrators of organizations which could be targeted by Russian hackers, including universities, political organizations and think tanks. It provided basic examples of how the exploits worked and explained what I.T. professionals could and should do to check their networks immediately.

If you think this is just about the Democratic Party — you’re wrong. Russian influence operations are ideologically diffuse, and reach across the political spectrum from left to right. Russian kompromat tricks have also targeted individual human rights activists and Russian dissidents living in Western countries.

If that isn’t bad enough, it’s plausible to expect these attacks to grow more sophisticated — as they already have — and become the purview of a wider variety of actors both domestic and international. Chances are, if you’re reading this, you’re more likely to become a target of organized crime than a foreign state.

Yet the steady revelations of extensive state-sponsored hacking should also serve as a reminder that there are no foolproof ways to stop from being hacked, though there are ways to make it more difficult.

Fortunately, the joint report includes tips which are applicable to everyday users.

But remember to read Brian Krebs’ security rules and pay attention to his warning that protection means cocooning your digital world in layers.

It also doesn’t have to be complicated. Make sure you have a good anti-virus system and put its settings as high as they’ll go. If you can afford to buy an annual subscription for extra security, do it.

Use long, complicated and unique passwords — and change them frequently and lock them in a password safe. Require two-factor authentication wherever possible.

In most cases, state-sponsored hackers — like hackers everywhere — access systems by betting on computer users’ laziness. Clinton campaign chief John Podesta fell for a simple phishing email.

So here’s a reminder to never click on a link you don’t trust and never download an unfamiliar attachment. Really, before technological safeguards even come into it, most victims become that way by making stupid mistakes.

Lock yourself down — and be afraid.

--

--