MOSCOW — It has become something of a ritual over the past decade. Revelations of a cyberattack against a geopolitical foe of Russia, accusations from Western leaders, and then the inevitable Kremlin response: “Prove it.”
Plausible deniability has long been a key attraction in cyberespionage, a practice that most governments, including the United States, pursue. And while the hacking of Democratic National Committee servers and the subsequent release of stolen documents on WikiLeaks during a heated U.S. presidential race have brought a squall of attention to Moscow, it may all have been expected, analysts said, if the Russian government indeed intended to see the documents leaked.
“It’s not so much about the anonymity, it’s more about deniability,” said Mark Galeotti, an expert in Russian security issues and professor of global affairs at New York University. “What the Russians have always done is to say: ‘You know that it was us, but you can’t prove it. And unfortunately you in the West are bound by the rules of the game, unlike us.’ ”
Since 2007, when a powerful cyberattack knocked the Estonian government offline, security analysts and Western governments have intermittently accused Russia of using a variety of tactics, including recruiting hacker proxies engaged in cybercrime, to keep its fingerprints off of attacks against Western targets. Russian opposition activists have been targeted by pro-Kremlin hacktivists who deny connections to the Kremlin, while distributed denial of service attacks like the one against Estonia have been aimed at unfriendly governments.
Several recent attacks have targeted democratic institutions, raising concerns that breaches could soon have significant political effects. On the eve of a crucial post-revolution presidential vote in Ukraine in 2014, a hacking attack nearly crippled the country’s Central Election Commission. Pro-Moscow hackers calling themselves the CyberBerkut claimed responsibility, saying they were not state-affiliated. Kiev blamed Moscow.
“Right now there isn’t a good answer to the question, unfortunately: What do you do?” said Tate Nurkin, a defense and aerospace analyst at the IHS research firm. “You do what you can to signal that you suspect it’s these people — and you have means that you can leverage to cause them trouble, too.”
A similar attack in the United States during a presidential election could be a “nightmare scenario,” he added.
As the political fallout from the DNC hack has spread in the United States, Moscow has dug in its heels.
On Monday, a Russian Foreign Ministry official said that the accusations were “insulting and inappropriate for the very level of a presidential election campaign.”
In a telephone interview on Monday, Kremlin spokesman Dmitry Peskov said that no government agencies were involved in the leak, and he accused Hillary Clinton’s campaign of mounting a politicized attack on Russia.
“First they blame, and then the FBI announces an investigation,” he said. “It’s nonsense.”
But he was tranquil about what the upshot of the scandal would be. “We are at such a black spot in our relationship, it is unlikely that anything could make it worse,” Peskov said. Later he added: “It’s a cycle, and we know pretty well the physical laws of development. So we know that it’s at the top of its activity but it will gradually slow down.”
In a call with reporters Tuesday, the former U.S. ambassador to Russia, Michael McFaul, cited his own experience with hacking and eavesdropping.
“We know that the Russian government has tremendous capacity to intercept communications all over the world, including in the U.S.,” he said. Cases that come to light, he said, are always accompanied by denial from the Kremlin.
“To underscore: It is the job of press spokespeople to deny that they do it,” said McFaul, who was in Moscow from 2012 to 2014 and is now teaching at Stanford University.
Russia was accused of launching 2008 attacks on Lithuania and later on Georgia. Russia has been blamed for attacks on the White House’s unclassified servers, the Ukrainian power grid, a German steel mill and the TV5Monde French television channel. The TV5Monde attack was tied to one of two hacking groups discovered inside the Democratic National Committee network in June, known as the Sofacy, or Fancy Bear. In each case, Moscow has denied the accusations.
Peskov said that the security companies accusing Russia of complicity in the DNC attack were influenced by U.S. politicians. But the Moscow-based Kaspersky Lab, a Russian-founded antivirus and internet security software firm, has also called both hacking teams found inside DNC servers “Russian-speaking” and “nation-state sponsored.” (Kaspersky Lab has a policy of not placing blame on any governments.)
The Sofacy group focuses on “NATO countries, Ukraine, governments and military contractors,” a statement from Kaspersky read, and during 2015, it “increased its activity almost tenfold when compared to previous years.”
The increasing focus on democratic institutions by foreign hackers is cause for concern, said Tim Maurer, an associate at the Carnegie Endowment for International Peace who focuses on cybersecurity. He called the attack a “serious escalation.”
Conceptually, he said, the United States and Russia also look at cybersecurity differently. While the United States is primarily focused on military applications of cyber operations, Russia’s definition of information security is “more inclusive of other types of actions that might not have a military purpose but could very well have a political effect, like the DNC hack.”
Tom Hamburger in Washington contributed to this report.