Is there a cyberwar brewing between the U.S. and Russia? It certainly looks like it — and, online or off, the main targets are likely to be civilian infrastructure.
The Department of Homeland Security and the Office of the Director of National Intelligence formally accused the Russian government of cyberattacks against American political institutions and leaders last month. The announcement confirms what many cybersecurity experts had already concluded — that Russian state-affiliated actors are hacking and releasing information in an attempt to disrupt U.S. elections and discredit the U.S. political process.
To be absolutely certain about the adversary’s identity typically requires access to evidence we won’t ever have — there will always be a margin of error. But there is a strong consensus among experts in and out of government.
When it comes to cyber attribution, the standard should be beyond reasonable doubt — not beyond any doubt at all.
Russia’s involvement is beyond a reasonable doubt. We’re very confident that the malware we examined from the Democratic National Committee breach came from Russian state-sponsored actors dubbed Fancy Bear. We’re also confident that the metadata we found in the 20,000 emails dumped by WikiLeaks and the documents dumped by DC Leaks and Guccifer 2.0 reveal various indications of a Russian actor.
The Russians have used similar tactics and techniques across Europe and Eurasia. For example, Fancy Bear was linked to the attack that sought to take down French television channel TV5Monde last year. Other researchers may come to their own, different, conclusions, but few credible alternative culprits exist at this point.
Sadly, the repercussions of this current breach are unlikely to be far from over.
Last month’s announcement heralds a crossing-the-line-in-the-sand moment in which escalations and tit-for-tat responses are likely to be imminent. We are treading into new territory. Unlike physical conflicts, cyber conflicts could escalate in unforeseen ways and have large, unintended consequences.
For example, bank accounts for the Kremlin-run news channel RT were closed in Britain, and Russia announced its intention to retaliate against UK journalism institutions. It’s easy to envision a scenario in which non-government and non-military targets could become wrapped up in the escalation of cyberattacks and tit-for-tat diplomatic conflict between the U.S. and Russia and their respective allies.
The unfortunate reality is that America’s options are limited.
Our relationship with Russia is already deteriorating over the conflict in Syria, so there is no diplomatic incentive to pulling punches. Criminal prosecution is almost impossible in these situations. While the U.S. could retaliate with cyberattacks and propaganda operations of our own, it’s unclear what outcomes we could expect.
Everyone gets caught up in the Jason Bourne-esque excitement of attribution. But more important than tracking down who did it, we must understand what they did to prevent it from happening again – next week, next month, or four years from now during the 2020 elections.
As we head into voting booths on Tuesday, it’s critical we take a look at the facts and not fall victim to propaganda perpetuated by nation-state actors intent on disrupting the democratic process.
John Bambenek is manager of threat systems at Fidelis Cybersecurity. His areas of specialty include digital forensics, global cybercrime investigation, and threat intelligence.