NSA Hackers Believed to Be Attacking Russian Computer Networks
Jason Ditz, AntiWar.com, Jul 31 2016
Hackers working for the NSA are believed to be attacking Russian government computer networks as part of the government’s “hack back” policy, which allows for retaliation in the event that a foreign nation is implicated in an attack on “US interests,” in this case centering on claims of Russia being behind hacking of DNC computers. NSA officials declined to confirm such attacks are underway, but Robert Joyce, chief of the Tailored Access Operations, did confirm that the agency had “technical capabilities and legal authorities” to conduct such operations if they were of a mind to do so. Russia’s FSB has reported a considerable spyware-centric attack, saying some 20 computer networks of the Russian government and associates, including defense companies, have been under an intense and coordinated attack in recent days. The Russians did not publicly accuse the US of being behind them, however. Former White House Director for Cyber-Security Policy Chris Finan was harshly critical of plans to launch attacks on Russia over the DNC hacks in recent days, saying that attribution of the hacks to Russia was little more than a “guess,” and that “idiots” in the administration were advocating revenge attacks without considering the wisdom of doing so.
Russia says spyware found in state computer networks
Lidia Kelly, Reuters, Jul 30 2016
Russia’s intelligence service said on Saturday that the computer networks of 20 organizations, including state agencies and defense companies, have been infected with spyware in what it described as a targeted and coordinated attack. The FSB said the malware and the way the networks were infected were similar to those used in previous cases of cyber espionage found in Russia and other countries. The agency did not say who it suspected of being behind the attacks. The FSB said in a statement on its website:
Information technology resources of government agencies, scientific and military institutions, defense industry companies and other entities involved in crucial infrastructure have been infected.
The FSB’s announcement follows reports of cyber attacks on the DNC and the fund-raising committee for Democrat candidates for the House of Reps Cyber security experts and Pindo boxtops have said there is evidence that Russia engineered the DNC hack to release sensitive party emails in order to influence the presidential election. The Kremlin has denied any involvement in the incident.
Former WH cyber official: ‘Idiots’ want to attack Russia over hack
Joe Uchill, The Hill, Jul 29 2016
A former White House head of cyber-security policy is hitting back at suggestions that Pindostan should target Russia with a cyber-attack in response to its suspected involvement in hacking the DNC. Finan was Obama’s director of cyber-security legislation and policy for 18 months, starting in 2012. Finan also has had stops at the DARPA and Google, and is currently the CEO of Manifold Technology, which he founded. In the same interview, he also recommended patience with the investigation into who was behind the attack. Chris Finan said in an interview in the Daily Dot:
Frankly, the idiots that immediately think about just retaliating in kind in cyberspace aren’t thinking very creatively or critically about how you do deterrence or how you send signals or how you make people feel pain.
A policy of responding in kind might not be more effective than other tactics, Finan said, and would be difficult to implement when the other nation knows a cyberattack is coming.
The reality is, it’s messy and hard. You’re playing poker. You’re often guessing based on probabilities. You can make great guesses. There are really good poker players, but you’re often guessing.
Obama’s former cyber-security adviser says only
‘idiots’ want to hack Russia back for DNC breach
Patrick Howell O’Neill, Daily Dot, Jul 29 2016
When the hell are we going to know, with absolute certainty, who hacked the Democrats? And what are Pindosis going to do about it? More and more fingers are pointing to Moscow as Pindo boxtops mull a government reaction. But many experts say that certainty is extremely difficult to come by when it comes to cyber-attacks at the highest level. Chris Finan is a former director of cyber-security legislation in the Obama administration, and now CEO of the security firm Manifold Technology. Finan described the process of combing through forensic evidence, the guts of the hack including potentially many millions of files, and comparing it to previous malware. But nothing is so simple as it seems. He told the Daily Dot:
I think there’s a disconnect between the rhetoric and what people assume is possible because of Hollywood and CSI. The reality is, it’s messy and hard. You’re playing poker, you’re often guessing based on probabilities. You can make great guesses, there are really good poker players. But you’re often guessing. If the guys are really good, they’re not leaving much evidence or they’re leaving evidence to throw you off the scent entirely. Those are known as false flag operations. If they’re a really-high end intelligence service, they could route their attack through China and somebody might think the attack emanated from China where it in fact came from somewhere else. But they made it look Chinese. It’s some combination of the forensic evidence coupled with some other information, like human intelligence or signals intelligence, like an intercept or a phone call where someone directed somebody to do this hack. You want some other intel source that corroborates the forensic evidence. But the ones who are really good at it, it’s hard to know they’re even there. And they’re there for years.
If the Pindosi government does definitively blame Russia for the DNC hack (and, very possibly, the hack of another, related Democratic group), the next question is how the Pindosis can react.
Frankly, the idiots that immediately think about just retaliating in kind in cyberspace aren’t thinking very creatively or critically about how you do deterrence or how you send signals or how you make people feel pain. Attribution is hard. That’s your disadvantage as a defender but your advantage once you go on the offense. Telegraphing an attack in advance is asking for failure. Why would you want to send a signal in a space where stealth is your biggest advantage? Whereas sanctioning the head of the FSB and GRU, that’s pain, and it sends a really crisp signal.
The Pindosi response is a potential political minefield if it appears to be trying to help Hillary Clinton be elected president. That appears less and less likely today as more Republicans are calling for action. But in that sense, retaliation becomes a political decision. Finan said:
Some people say it’s in the DNC’s interest to focus on the act and not the content. My response is, do you really think the DNC is the only political party hacked? Look at the glass house you’re living in before you start throwing rocks.