Hacked by Russia (Again)
Russia has carried out cyber attacks against the United States for the last quarter century.
By Brendan Wilson
Russia hacked us again. Once more our leaders suffer the humiliation of admitting that the Kremlin penetrated the cyber defenses of the world’s foremost technological superpower. Russia's most recent attack is the most audacious and dangerous since the Kremlin aired out the DNC’s dirty laundry during the election of 2016.
Last week, Reuters reported that a high-level White House meeting had taken place to discuss a massive hack on several cabinet-level departments. While no smoking gun exists, the sophistication of the hack and agencies targeted whiffs of the Russian brand, with evidence pointing to the SVR, its foreign intelligence service. Warren Strobel of the Wall Street Journal wrote on Friday that “a handful of senators who have received briefings in recent days have openly referred to it as a Russian operation.” This suggests that non-public information exists that is, in effect, blood in the white bronco tying Putin to the attack.
In response, the Russian Embassy issued a statement claiming that it “does not conduct offensive operations in the cyber domain.” Oh, well that’s a relief.
Admittedly, the operation was brilliant. In lieu of a frontal assault that would have been quickly flagged, Russian intelligence opted for a “supply chain attack,” embedding malware in a popular network monitoring software created by a company called Solar Winds. Once in the belly of the digital trojan horse, the malware was funneled past the cyber defenses of Solar Winds' customers via routine software updates, allowing the hackers access to sensitive data. The Department of Homeland Security, the Pentagon, the State Department, and the nuclear research laboratory at Los Alamos are just a few of the government agencies that have been compromised. The full extent of the damage wrought could take months if not years to ascertain. Federal officials have reported that the yearlong breach poses a “grave risk to the federal government.”
Grave indeed. Sensitive communications, tax information, identities of undercover assets, and weapons technology are just a few of the recent additions to Putin’s evening briefing. If that’s not enough to keep you up at night, consider that among the 18,000 public and private organizations compromised in the attack, many are the tech, IT, and security firms with which we blithely share our personal data every time we hit “I accept" at the end of the unread terms and conditions.
Though the revelation of the attack is jarring, it should come as no surprise. Russia has engaged in this cyber horse play almost completely unchecked for over quarter century. For some context on how we got here, we look back to the days of the USSR.
The economy of the Soviet era was an engine powered by state demand. The Union’s dissolution in 1991, therefore, led to the collapse of most key industries, including science and technology. What ensued was a technological dark age caused by a dearth of investment and a brain drain of Russian tech talent. The 1990s saw the rise of the internet and the explosion of tech companies in the western world. The Kremlin, lagging woefully behind its former western rivals, looked on in envy.
Russia eventually began to rise from the ashes of the former USSR, stabilizing its economy and growing its tax revenues. Swelling state coffers created the opportunity for massive investment in critical capabilities like tech. Moscow coupled this burgeoning technological capability with its Soviet-era tool kit of information warfare, resulting in an inexpensive, highly effective suite of cyber weapons it could deploy against its enemies without the risk of sparking a traditional war.
The first known offensive began in 1996, when Russian Intelligence gained access to various branches of the US military. Knowing that certain American universities maintained links with military bases, SVR hackers exploited them as a springboard to penetrate the cyber defenses of the Army, NASA, the Pentagon, and the Nuclear Research Facility at Los Alamos. By the time the Moonlight Maze hack was discovered three years later, enough sensitive documents been stolen that, if printed and stacked, would reach three times the height of the Washington Monument.
As they honed their craft, the Russians became bolder. In 2008, SVR operatives sprinkled USB drives in the parking lot of a US military base in the Middle East. One unsuspecting chap, believing he had scored a free thumb drive, inserted it into his government laptop, unleashing malware called agent.bte that gave the Kremlin access to reams of sensitive military documents. The American effort to clear the network of the worm, Operation Buckshot Yankee, was an arduous, two-year effort that ultimately led to the creation of US Cyber Command to defend the US and its interests from cyber attacks.
Little good it did. In November 2014, a phishing campaign targeting the State Department allowed the SVR access to the unclassified emails of high-level state department employees. The following month, “suspicious cyber activity” was identified on the White House email network. Surprise! The activity was Russian hackers snooping the White House's unclassified email server and reading the communications of officials at the highest levels of our government.
Aside from public condemnation and a few placid warning shots, these attacks went largely unpunished.
Unchecked by meaningful retaliation, Moscow carried out its most brazen attack on the 2016 presidential election. SVR hackers operating under the pseudonym Guccifer 2.0 hooked John Podesta, Hillary Clinton’s then campaign manager, in another phishing campaign, eventually granting them access to thousands of DNC emails. During the runup to the election, the Kremlin dumped 19,000 emails and 8,000 files via Wikileaks. The leak exposed embarrassing rifts within the Clinton campaign and a concerted effort by the DNC to advance Clinton's campaign over that of her rival, Bernie Sanders. It took two years for the US to respond, when Special Counsel Robert Mueller indicted 12 members of an elite military intelligence group with the adorable nickname “Fancy Bear” for their role in the hack.
There are two explanations for our unwillingness to vigorously retaliate. There is a reluctance among our political leaders to risk any action that would prompt a damaging escalatory response. No president wants a tit for tat cyber exchange that leaves New York City without electricity. There is also the perception that Russian cyber activities are garden variety espionage that everyone, including our NSA, practices daily. But this is wrong for three reasons.
First, Moscow’s hacking operations go beyond benign information gathering. Their cyber-attacks have disrupted critical communication networks in Estonia and knocked out electricity for millions of Ukrainians. The attack on our election in 2016 was carried out to influence the outcome and sow distrust in our Democratic process. Each attack grows bolder. If unchecked, what will they do next?
Second, the United States is the world’s most technologically and militarily advanced superpower. As far as we know, compromised documents over the years have been mostly of the unclassified variety, but if hacking continues unabated, it's a matter of time before Moscow steals advanced weapons technology. In the hands of a belligerent state this would have a destabilizing effect on the global order. Let's not forget that Soviet spies, not Soviet physicists, made the USSR a nuclear power.
Finally, our current approach to Russia is a signal to our adversaries in China, North Korea, and Iran that our digital infrastructure is an all you can eat buffet. “It’s a clear dilemma for this nation about how we continue to be pounded by other countries…and don’t have a response,” said a former top U.S. intelligence official. “We’re incredibly vulnerable, and nothing that any administration has been able to do has changed that.”
After a thorough investigation that ascertains Russia was the culprit, the Trump administration must respond forcefully with sanctions against high level Kremlin officials and a strong retaliatory cyber attack of our own. As Trump has been unwilling to publicly acknowledge the severity of this attack, retaliation will be left up to the incoming Biden administration.
“A good defense isn’t enough; we need to disrupt and deter our adversaries from undertaking significant cyberattacks in the first place,” Mr. Biden said last week, adding, “I will not stand idly by in the face of cyber assaults on our nation.” Hopefully, there are teeth behind the rhetoric, because it’s high time we byte back.
Bing, C. (2020, December 13). Suspected Russian hackers spied on U.S. Treasury emails - sources. Retrieved December 19, 2020, from https://www.reuters.com/article/us-usa-cyber-treasury-exclusive-idUSKBN28N0PG
Doman, C. (2018, January 22). The First Sophistiated Cyber Attacks: How Operation Moonlight Maze made history. Retrieved December 19, 2020, from https://medium.com/@chris_doman/the-first-sophistiated-cyber-attacks-how-operation-moonlight-maze-made-history-2adb12cc43f7
Ellen Nakashima, S. (2018, July 14). How the Russians hacked the DNC and passed its emails to WikiLeaks. Retrieved December 19, 2020, from https://www.washingtonpost.com/world/national-security/how-the-russians-hacked-the-dnc-and-passed-its-emails-to-wikileaks/2018/07/13/af19a828-86c3-11e8-8553-a3ce89036c78_story.html?outputType=amp
Hackett, R. (2015, April 08). Report: U.S. officials say Russians hacked White House computer system. Retrieved December 19, 2020, from https://fortune.com/2015/04/07/russians-hacked-white-house/amp/
Shachtman, N. (n.d.). Insiders Doubt 2008 Pentagon Hack Was Foreign Spy Attack (Updated). Retrieved December 19, 2020, from https://www.wired.com/2010/08/insiders-doubt-2008-pentagon-hack-was-foreign-spy-attack/
Strobel, W. (2020, December 18). Computer Hack Blamed on Russia Tests Limits of U.S. Response. Retrieved December 19, 2020, from https://www.wsj.com/articles/massive-hack-blamed-on-russia-tests-limits-of-u-s-response-11608309198