The United States and its allies are stepping up a campaign to “name and shame" Russian hackers involved in the Kremlin’s widespread campaign to sow discord in Western democracies.
U.S. prosecutors on Thursday indicted seven agents from the GRU, Russia’s military intelligence unit, on hacking charges related to the leaking of Olympic athletes’ drug-test data in 2016, as my colleagues Ellen Nakashima, Michael Birnbaum and William Booth reported. On the other side of the Atlantic, British officials for the first time publicly accused the GRU of carrying out a range of cyberattacks, including the 2016 hack of the Democratic National Committee. And Dutch authorities described how they thwarted an attempted GRU hack an international chemical weapons watchdog. Australia’s prime minister also condemned the GRU for what he called a “pattern of malicious cyberactivity.”
The moves represent an aggressive push to link the digital attacks directly to Moscow and project solidarity in hopes of deterring the Kremlin from launching future offensives. And although the accusations are unlikely to stop Russia from carrying out further sophisticated cyberattacks against the United States and its allies, the barrage of new evidence and denunciations may mark a turning point in the West’s efforts to combat Russian aggression in cyberspace by exposing a web of malicious operations in new detail.
“Hopefully it is the new normal,” Adam Segal, director of the Digital and Cyberspace Policy Program at the Council on Foreign Relations, told me. “Large-scale, coordinated attribution across multiple partners, followed by concrete sanctions.”
Indeed, the goal seemed to be to paint an irrefutable picture of Russia's malicious activities by unveiling the array of accusations all at once. “Shedding official light on them makes it harder” for Moscow’s hackers to operate and for the Kremlin to deny involvement, said John Hultquist, director of intelligence analysis for the cybersecurity firm FireEye, which tracks Russian threat actors . “The evidence is right there.”
To date, punitive actions by Western governments have done little to curb Russia’s digital offensives. The U.S. government has sanctioned Russia for its interference in the 2016 election and other malicious activities. And this year the U.S. and British governments jointly attributed to Moscow the 2017 NotPetya cyberattack that wreaked havoc on banks around the world. The Justice Department has also indicted Russian government hackers and Internet trolls for their roles in the Kremlin’s ongoing efforts to disrupt U.S. politics. But Thursday's announcements were a step in the right direction, Hultquist told me. “This isn’t a touchdown, but we’re moving the ball down the field,” he told me.
Still, even as U.S. and Western officials took aim at Russia, the White House was focused on China. In a speech at the right-leaning Hudson Institute, Vice President Pence doubled down on President Trump’s claim last week that China is seeking to interfere in the midterm elections, saying Russian interference “pales in comparison” to China’s.
Rep. Adam B. Schiff (Calif.), ranking Democrat on the House Intelligence Committee, took note:
Russia continues to threaten the U.S. and our allies through sophisticated cyber-attacks, disinformation campaigns — even the use of chemical weapons.— Adam Schiff (@RepAdamSchiff) October 4, 2018
Instead of confronting Russia, Trump embraces it.
What will it take for Trump to see the threat clearly and act appropriately? https://t.co/vzZKj8LCNJ
So did CNN's Jim Sciutto:
Note this juxtaposition: DOJ and US allies announce new charges against Russian military intelligence officers for “conspiracy to hack” while @VP Pence claims Russian interference “pales in comparison” to China’s.— Jim Sciutto (@jimsciutto) October 4, 2018
But consider what authorities revealed publicly in the span of just 24 hours:
— The Justice Department accused GRU officers of hacking sporting organizations and anti-doping agencies. The aim was allegedly to discredit a probe into a Russian state-sponsored doping program that resulted in a ban on Russian athletes in international sporting events. The indictment describes how the GRU's "close access" teams jet-setted around the world to hack WiFi networks used by anti-doping officials in their hotels, and later leaked medical information on 250 athletes from more than two dozen countries.
— U.S. prosecutors also alleged that GRU officers tried to hack the Organization for the Prohibition of Chemical Weapons in Switzerland, where technicians were testing a chemical agent used to poison former GRU officer Sergei Skripal in Salisbury, England, in March.
— Dutch authorities revealed how they disrupted the operation, released surveillance images of the GRU officers. My colleagues report: “The GRU plot unraveled when authorities caught the Russians in a rental car parked just outside the agency’s semicircular building. The spies were carrying taxi receipts for the trip from GRU’s barracks to a Moscow airport. And one of their phones had been activated on a transmission tower near the barracks... One man had hidden an antenna in the car’s trunk that was pointed at the OPCW to try to intercept log-in information to the organization’s wireless Internet network, officials said."
— In addition to the DNC hacks, British and Australian officials blamed Russia for the hacking of Olympic athletes’ medical records, disruptions on the Kiev subway system and cyberattacks on a British television station in 2015.
Cybersecurity experts said the flurry of accusations was significant. “This should be remarkable on any day,” tweeted Thomas Rid, a security studies professor at Johns Hopkins.
Rid added that it would be “unthinkable just a few years ago” for investigators to publish a list of specific targets of the attacks. “We’ve come so far since the first big attribution cases," he said.
|You are reading The Cybersecurity 202, our must-read newsletter on cybersecurity policy news.|
|Not a regular subscriber?|
PINGED: In his Hudson Institute speech, Pence said China has sought to undermine U.S. interests across the globe and sabotage President Trump in the midterm elections, as my colleagues David Nakamura and Anne Gearan reported. Beijing “wants a different American president” and “is meddling in America’s democracy” ahead of November, he said.
But Pence "failed Thursday to offer many examples of what he called an ‘unprecedented effort to influence American public opinion, the 2018 elections and the environment leading into the 2020 presidential elections,’ ” David and Anne wrote. “He cited the tariffs aimed at agricultural industries in Midwest states where Trump enjoyed significant support in 2016, as well as an advertising supplement purchased by Chinese state media in the Des Moines Register, as examples of Beijing’s influence campaign.”
And the vice president also had a message for Google. “He called on Google to halt development on ‘Dragonfly,’ a new search engine for the Chinese market that critics have said would allow information searches to more easily be tracked by the government,” my colleagues reported. “The application ‘will strengthen Communist Party censorship and compromise the privacy of Chinese customers,’ Pence said.”
Homeland Security Secretary Kirstjen Nielsen later said on Twitter that the United States has “not seen Chinese attempts to compromise election infrastructure,” but that China seeks to influence American politics.
Thank you @VP for your speech today. While we have not seen Chinese attempts to compromise election infrastructure, they’ve embarked on an ‘unprecedented effort to influence American public opinion, the 2018 elections & the environment leading into the 2020 presidential election’ https://t.co/LIThFcu8mb— Sec. Kirstjen Nielsen (@SecNielsen) October 4, 2018
PATCHED: Three Democratic senators want to know if the intelligence community agrees with Trump's claim about Chinese interference in the midterm elections. In a letter to Director of National Intelligence Daniel Coats on Thursday, Sens. Ron Wyden (Ore.), Martin Heinrich (N.M.) and Kamala D. Harris (Calif.) asked if Trump's “statement aligns with the Intelligence Community's assessments of Beijing's intentions, plans and activities.” The three lawmakers, who sit on the Senate Intelligence Committee, asked Coats to reply by Monday “so that the public and members of Congress have the information in advance of the election.”
“We request that you state publicly whether the President's statement is consistent with the assessments of the Intelligence Community,” Wyden, Heinrich and Harris said in the letter. “We further request that you release as much relevant detail and supporting intelligence as possible. To the extent that intelligence sources and methods must remain classified, we request that this information be provided to Congress.”
The Wall Street Journal's Dustin Volz wrote that while American intelligence officials have said that adversaries other than Russia could also seek to interfere in U.S. elections, “current and former U.S. officials have taken issue with the comparison between Chinese interference and Russia’s efforts to attack the 2016 presidential campaign using a multi-pronged cyber operation intended to boost Mr. Trump’s candidacy.”
PWNED: Amazon.com and Apple on Thursday rebuked an article by Bloomberg Businessweek that reported that China implanted surveillance microchips in servers used by the companies. In a blog post, Steve Schmidt, chief information security officer at Amazon Web Services, called the story “erroneous” and said the reporting on the company is “untrue.” “There are so many inaccuracies in this article as it relates to Amazon that they’re hard to count,” Schmidt said. (Amazon.com founder and chief executive Jeffrey P. Bezos owns The Post.)
"What Bloomberg is reporting about Apple is inaccurate,” Apple said in a statement Thursday. “Over the course of the past year, Bloomberg has contacted us multiple times with claims, sometimes vague and sometimes elaborate, of an alleged security incident at Apple,” the tech company said. “Each time, we have conducted rigorous internal investigations based on their inquiries and each time we have found absolutely no evidence to support any of them. We have repeatedly and consistently offered factual responses, on the record, refuting virtually every aspect of Bloomberg’s story relating to Apple. On this we can be very clear: Apple has never found malicious chips, 'hardware manipulations' or vulnerabilities purposely planted in any server. Apple never had any contact with the FBI or any other agency about such an incident. We are not aware of any investigation by the FBI, nor are our contacts in law enforcement."
Moreover, my colleagues Craig Timberg, Ellen Nakashima and Hamza Shaban reported that several “U.S. officials contacted by The Washington Post said they were uncertain about the accuracy of the Bloomberg Businessweek report. One U.S. official who said Thursday morning that the thrust of the article was true later expressed uncertainty about that conclusion.”
— "China represents a 'significant and growing risk' to the supply of materials vital to the U.S. military, according to a new Pentagon-led report that seeks to mend weaknesses in core U.S. industries vital to national security," Reuters reports. "The nearly 150-page report, seen by Reuters on Thursday ahead of its formal release on Friday, concluded there are nearly 300 vulnerabilities that could affect critical materials and components essential to the U.S. military... The analysis included a series of recommendations to strengthen American industry, including by expanding direct investment in sectors deemed critical."
— More cybersecurity news from the public sector:
— “Fast-food chain Burgerville revealed Wednesday that its customers’ credit and debit card information was stolen by the international cybercrime group known as FIN7,” CyberScoop's Greg Otto reported Thursday. “The company, which has over 40 locations in Oregon and Washington, said customers that used a credit card at any of its locations between September 2017 and September 2018 should consider their cards compromised. Burgerville says the information taken includes names, card numbers, expiration dates and CVV numbers.”
— A provision in the new North American trade agreement has some Canadians worried about the fate of their data, The Post's Selena Ross reported Thursday. “‘No Party shall prohibit or restrict the cross-border transfer of information, including personal information,’ for business purposes, reads the text of the provisional deal signed Sunday by Canada, the United States and Mexico,” Selena wrote. “It adds that no member country can require a company to store ‘computing facilities’ on its soil. These measures mean abandoning rights that Canadians have often seen as privacy bulwarks against their powerful southern neighbor, especially in the post-9/11 era in which sweeping legislation has given government agencies wide latitude to surveil individuals.”
However, Omer Tene, vice president of the U.S.-based International Association of Privacy Professionals, told Selena that just because data is stored in one place doesn't meant that it could not be accessed by a foreign agency. “I think, realistically, if you’re looking at superpower intelligence agencies, they would be able to access the data regardless of whether it’s stored in a server in Toronto or in Chicago,” Tene said, as quoted by my colleague. “There’s very close collaboration between intelligence agencies, and they can overcome bigger technological obstacles than [the border].”
- DerbyCon 8.0 conference in Louisville through Sunday.
- 2018 National Cyber Symposium in Colorado Springs on Monday through Tuesday.
- Senate Homeland Security and Governmental Affairs Committee hearing on “threats to the homeland” on Wednesday.
- Senate Commerce Committee hearing on consumer data privacy on Wednesday.
The shifting explanations on Kavanaugh's limited FBI probe:
Melania Trump visits school in Malawi receiving U.S. aid:
Aerial footage shows Utah's un-be-leafable fall foliage: