Modern field guide to security and privacy
In this Sept. 5, 2016 file photo, Russian President Vladimir Putin, left, speaks with US President Barack Obama in Hangzhou in eastern China's Zhejiang province.
Alexei Druzhinin/Sputnik, Kremlin Pool Photo
|
Caption

Pressure rises on Obama to retaliate against Russia for hacks

A shift in thought

Lawmakers and cybersecurity experts say the Obama administration should have acted faster to retaliate against Moscow once it learned that Russian hackers tampered with the US presidential election. President Obama defended his response so far, and promises more is coming.

This story has been updated to reflect the latest news.

President Obama is facing mounting criticism for failing to publicly retaliate against Russia after accusing the country of orchestrating a campaign to undermine confidence in the American election.

In October, the US intelligence community blamed Moscow’s senior-most officials for orchestrating the hacks on political groups such as the Democratic National Committee and the Democratic Congressional Campaign Committee.

Now, with just weeks left in his term, Mr. Obama promised Friday to take some unspecified action against Russia – but many lawmakers and cybersecurity experts say the White House missed an opportunity to act sooner to respond to the meddling and want him to strike back more forcefully.

“What is the consequence of this behavior? Once you attribute a particular activity to a threat actor, what is the response?” says Congressman Will Hurd (R) of Texas, a former undercover CIA agent who now chairs the House Oversight and Government Reform subcommittee on Information Technology. “We should have, at a minimum, kicked the Russian ambassador out of the country, and the senior Russian intelligence officer out of the country. That’s a first step that should have easily been automatic."

The top Democrat on the House Intelligence Committee also says he’s been pushing the White House for months for a stronger response, not just to determine and announce publicly who was responsible but work with European allies to impose sanctions and take covert action to discourage Russian attacks.

“Had the administration begun months ago, we would now be much further along,” Representative Adam Schiff (D) of California told the Washington Post. “Failure to push back against Russia was seen by them as an open door … . There need to be costs or they will do it again.”   

Usually, outgoing presidents try to avoid taking major action that could provoke a firestorm on the international stage after an election, so as not to saddle their successors with new challenges. But some in Washington worry that if Obama doesn’t act, President-elect Trump won’t. Mr. Trump has repeatedly stressed he does not believe the Russians interfered with American elections – in a public break with not just the US intelligence community but his own incoming national security adviser, retired lieutenant general Michael Flynn.

Officials say Trump’s comments casting doubt on even the ability to pinpoint the hackers involved (such as tweeting that “unless you catch ‘hackers’ in the act, it is very hard to determine who was doing the hacking”) and their attribution specifically (telling Time magazine that “it could be Russia. And it could be China. And it could be some guy in his home in New Jersey”) are not helpful.

Given this, it’s an open question to some former intelligence officials whether Trump will act on the findings of America’s spies.  

“What happens if the incoming administration directs that the ‘Russia did it’ file be closed?” former CIA and NSA chief retired Gen. Michael Hayden wrote in the Washington Post. “What about the statute that requires the CIA and the rest of the intelligence community to keep Congress ‘fully and currently informed’ about all significant intelligence activities? Data on a foreign power manipulating the federal electoral process would certainly qualify. What will the White House position be when the agency is asked by Congress if it has learned anything more on the issue?”

As Washington is engulfed in debate, Obama vowed in a press conference on Friday to strike back against Russia. “Our goal continues to be to send a clear message to Russia and others not to do this to us, because we can do this to you," he said. "But it is also important to do this in a thoughtful, methodical way." 

While this is the strongest public promise of retaliation by Obama himself, he still did not specify what that response might look like. "At the point when we've taken certain actions we can divulge public, we will do so," he said, but also hinted at covert action, adding there will also be "times when the message will be directly received by the Russians and not publicized."

Obama says he's already taken some steps to prevent further meddling. He disclosed that back in September – before the intelligence community's formal attribution of the hacks – he confronted Russian President Vladimir Putin to "tell him to cut it out and there would be serious consequences if he didn't." Obama says the US did not see further tampering in the election, although antisecrecy site WikiLeaks already had the stolen documents and continued to leak them.  

The president has ordered the intelligence community to conduct a “full review" of the election process to be completed before the end of the term, and the Office of the Director of National Intelligence said Wednesday that, once completed, the report would be made public and officials would be ready to brief Congress, but that there would be no official comment until that review was completed.

Members of Congress from both parties – including Majority Leader Mitch McConnell – also say they support Congress investigating the hacks through its Intelligence Committees. The Foreign Relations Committee also plans to look at it.

But there’s more the administration can do right now, says Dmitri Alperovitch, cofounder and chief technology officer of Crowdstrike, the company the Democratic National Committee hired to investigate the breaches.

“I believe they have enough information,” Mr. Alperovitch says, about the specific Russian officials involved in the cyberattacks to indict them. “It’s a political decision not to do it, just like it was a political statement not to issue a statement until October… when the confidence [in knowing who was responsible] was very high, very early in these events.”

Mr. Alperovitch, whose company is working with many governments on this issue, says “we are starting to see intrusions into European governments from Fancy Bear,” the hacking group linked to Russia’s military intelligence service that Crowdstrike found infiltrated the DNC networks. “So that is a very worrisome sign.” 

“The real problem is that Russia now feels emboldened,” he says. “They interfered with our election, and they certainly feel like they got away with it,” Mr. Alperovitch says.

Still, during this presidential transition process, "Obama is absolutely hampered," says Jason Healey, a senior research scholar at Columbia University's School of International and Public Affairs and a former member of an Air Force cyber war-fighting unit. "Probably they were figuring [Democratic candidate Hillary] Clinton would win so they could handle all of this in 2017.

"But if he ordered a continuing action, like disrupting [the Russian hacking groups'] operations, he could maybe leave it as a standing order and dare the Trump team to stop it," Mr. Healey continued. "That would quickly be leaked and they would appear even softer on Russia." There's another option, he adds. "Obama could give Putin a taste of his own medicine, and release information on Putin’s corruption and cronyism. We have hesitated on this, as it seems to legitimize doxing as a tactic."

It's clear that determining what a “proportional” response looks like is not easy – especially during a tense and close presidential election. Obama explained the special sensitivity during an election cycle about appearing to politicize intelligence or favor one candidate over another. "In this hyper partisan atmosphere, my primary concern was making sure the election process was not in any way damaged," he says. "At a time when anything that was said by me or anyone in the White House would immediately be seen in a partisan lens, I wanted to make sure people knew we were playing it straight." 

Administration officials also reportedly worried retaliatory action risked escalating the cycle of leaks or a broader cyber conflict with a nation-state – and potentially disrupting other US foreign policy objectives, such as the push to strike a ceasefire deal with Russia for the conflict in Syria.

What’s more, experts say determining tit-for-tat responses for digital attacks – unlike traditional military attacks – is complex. A digital attack to undermine public trust in democracy is serious – but the response may not be as clear as it might be if it were destructive or caused loss of life.Coming up with guidelines for responding to cyberattacks has been something the administration has tried to flesh out for a long time. And in this case, a response could be even more complicated since US intelligence officials, according to NBC, have high confidence that Mr. Putin personally oversaw how the material pilfered from the Democrats was used.

Defending his response so far, Obama said "the idea that public shaming is going to be effective doesn't read the thought process in Russia very well."

Still, more broadly, the Obama administration has made “naming and shaming” those responsible for attacks a central component of its strategy of holding hackers responsible. The administration has also used other tools such as sanctions and indictments to punish individuals and countries engaged in digital spying.

“Attribution may be difficult, but we’ve shown time and time again … that we can hold people accountable. Not just generally who did it, but specifically who did it,” says John Carlin, who until October was the assistant attorney general in charge of of the Justice Department’s national security division. “[That’s] thanks to good work by investigators that involved both forensic analysis, and also all the same real-world investigative techniques that we use – ranging from witnesses to behavior analysts.”

Some hackers the Justice Department charged – such as Ardit Ferizi, a hacker from Kosovo who sent stolen personal details of US military and government personnel to the Islamic State – have received jail time. Government attribution has also played a role in other decisions to hold nation state-linked hackers responsible, such as when the Justice Department charged five Chinese nationals with ties to China's People's Liberation Army for economic espionage, trying to steal sensitive information from American companies, in 2014. Obama also levied sanctions on North Korea after investigators determined Pyongyang was responsible for the attack on Sony Pictures, which destroyed computers and servers and caused in millions of dollars in damages to the company.

With the election over, Obama said he hopes concern over Russian hacking will be bipartisan and that his successor "is going to be similarly concerned to make sure we don't have foreign influence in our election." 

Once sworn in January 20, Trump will have "a different set of responsibilities and considerations," Obama says. "I think there is a sobering process when you walk into the Oval Office."