US action will include both covert and explicit response, President says. Meanwhile, a Russian-speaking hacker was discovered behind a data breach of the US Election Assistance Commission (EAC).

4 Min Read

With just weeks left before he leaves office, President Obama Friday vowed to take action against Russia for attempting to interfere with the US election process by having hackers break into Democratic Party systems and leak data that proved detrimental to the Clinton campaign.

In an interview with NPR that aired Friday, Obama said there should be no doubt about the need for forceful action when any foreign government tries to impact the integrity of the US election system. "We need to take action, and we will at a time and place of our own choosing," President Obama said.

Obama did not elaborate on what actions are under consideration, but noted that "some of it may be explicit and publicized, and some of it may not be."

Obama said the US realizes that foreign intelligence agencies - including those belonging to foreign allies - will use cyberattacks to gather information on the inner workings of other countries. "There is a difference between that and activating intelligence in a way that is designed to influence elections. We have been working hard to make sure that what we do is proportion; that what we do is meaningful," Obama said.

The President’s threat of action drew a sharp and immediate rebuke from the Kremlin's spokesman, who demanded that the US either show proof of Russian government involvement in the cyberattacks or stop talking about it, The New York Times reported.

Nathan Wenzler, principal security architect ASTech Consulting, says there are two likely scenarios for a US response. One, the US could launch covert retaliatory strikes at Russian targets to demonstrate that it is capable of the same level of sophisticated cyberattacks as the Russians. But the long-term merits of such a strategy are dubious, he says.

"While this may satisfy a more primal need for direct retaliation, in today's cybersecurity space, this will most likely only cause a series of tit-for-tat attacks back and forth, escalating with each volley," he says, "It's typically a no-win scenario, despite the more immediate reward of getting back at the aggressor."

The second option is to impose sanctions and other forms of political restrictions on Russia and get US allies to do the same, he says.

Hackers broke into systems belonging to the Democratic National Committee (DNC) earlier this year and stole 19,000 emails, which they later leaked on whistleblower website Wikileaks. Many believe the contents of the emails damaged the Clinton campaign and caused it to lose momentum in the critical months leading up to the presidential elections.

The FBI and US intelligence agencies have blamed Russia for the intrusions. They have described the attacks as an attempt by people at the highest levels of the Russian government to influence the outcome of the US election. President-elect Trump himself has dismissed the US intelligence community’s conclusions as being politically motivated and insisted that there is no proof of any Russian government involvement, despite all the claims to the contrary.

Russian 'Rasputin'

Meanwhile, in a separate but related development, threat intelligence firm Recorded Future late yesterday said its investigation of chatter related to a suspected breach of the US Election Assistance Commission (EAC) shows that a Russian-speaking hacker is involved.

Recorded Future identified the hacker—whom it has named as Rasputin—as being involved in an attempt to sell access credentials to the EAC database to interested buyers. The researchers there said they have also seen Rasputin attempt to sell access to zero-day vulnerability on the EAC system to a buyer believed to be working on behalf of a Middle Eastern government.

Rasputin appears to have stolen more than 100 access credentials, including many that provide highest-level administrative privileges on the EAC systems. The admin accounts can be used to plant malware or modify the EAC site, Recorded Future warned. It is unclear how long the vulnerability that Rasputin attempted to sell has remained unpatched.

According to Recorded Future, its analysis of Rasputin's activities suggests the hacker is acting alone.

Related Content:

 

 

About the Author(s)

Jai Vijayan, Contributing Writer

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year career at Computerworld, Jai also covered a variety of other technology topics, including big data, Hadoop, Internet of Things, e-voting, and data analytics. Prior to Computerworld, Jai covered technology issues for The Economic Times in Bangalore, India. Jai has a Master's degree in Statistics and lives in Naperville, Ill.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights