Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

05:00 PM
Connect Directly

Russia, Russia, Russia: What Clinton Or Trump Can Do About Nation-State Hacking Gone Wild

US mulls 'proportional' response to Democratic Party hacks in midst of an unprecedented presidential campaign clouded by cybersecurity concerns (among other things).

Whether the next President of the United States likes it or not, she or he will be faced with a whole new era of nation-state cyberattacks that now have crossed a fine line from accepted cyber espionage to a form of cyberattacks aimed at sabotaging the election season.

In the wake of a rare declaration by the Office of the Director of National Intelligence and US Department of Homeland Security last week that named Russia as the actor behind recent hacks of the Democratic National Committee (DNC) and personal emails of US political officials and organizations, the White House this week said the US will respond in a "proportional" manner to the breaches, which have gone glaringly public with online data dumps via WikiLeaks.

Russia may be the first nation to move from cyber espionage to cyber sabotage in an apparent quest to influence or wreak chaos on the US election, but it wasn't the first nation the US has called out for damaging cyberattacks. First there were the US Department of Justice's indictments of five Chinese military officials in 2014, followed by the Obama administration's naming and shaming of North Korea for the epic and massive data breach, data-wiping and doxing of Sony Pictures Entertainment later that year. Earlier this year, the DOJ indicted an Iranian hacker working on behalf of the Iranian government for allegedly infiltrating a server at a dam in New York.

Even so, Russia's propaganda-driven campaign in the breach and doxing of the DNC and other Democratic Party operatives, takes this destructive cyber espionage activity to a whole new level. While most experts say it's unlikely Russia can or will be able to go as far as hack US voting systems to alter the vote-count, there are plenty of ways for the nation-state to sow seeds of distrust, doubt, and fear, in the election.

This threat won't end after Nov. 8, either.

"We have never been here before. No one really knows what is socially acceptable and what is not when it comes to cyber. We have no 'Geneva Convention' for cyber," says security expert Cris Thomas, aka Space Rogue, who says the administration needs to provide some evidence of Russia's involvement in the breach.

Thomas says the US should be careful with attribution "and set the stage now as to what is and is not acceptable as we move into the future, when these sort of actions will become more and more commonplace," he says.

Lisa Monaco, assistant to the President for Homeland Security and Counterterrorism, at a security conference hosted by The Washington Post last week, said the administration would consider tools including "economic, diplomatic, criminal law enforcement, military, and some of those responses may be public, some of them may not be." 

An Executive Order issued in April 2015 by President Barack Obama gives the president authorization to impose some sort of retribution or response to cyberattacks. The EO, which the administration has not used in any case as of yet, allows the Secretary of Treasury, in consultation with the Attorney General and Secretary of State, to institute sanctions against entities behind cybercrime, cyber espionage, and other damaging cyberattacks. That includes freezing the assets of attackers.

"Our primary focus will be on cyber threats from overseas. In many cases, diplomatic and law enforcement tools will still be our most effective response," Obama said when announcing the Executive Order. "But targeted sanctions, used judiciously, will give us a new and powerful way to go after the worst of the worst."

In response to the US allegations of Russia's election-hacking activities, Russian President Vladamir Putin this week said the attacks "have nothing to do with Russia's interests."

"They started this hysteria, saying that this (hacking) is in Russia's interests. But this has nothing to do with Russia's interests," Putin said at a Moscow business forum, according to Reuters.

Putin appeared to shift the discussion to the contents of the information breached and dumped publicly via WikiLeaks. "Everyone is talking about 'who did it' [the hacking]," said Putin. "But is it that important? The most important thing is what is inside this information."

45th President In The Hacker Hot Seat

While the Obama administration wrestles with how to implement its retribution policy for the first time, Russia's alleged hacking activity isn't likely to subside after the new President is elected, nor is the problem of nation-state hacking at this new level. So either new President Hillary Clinton or new President Donald Trump will be forced to tackle this new chapter in nation-state cyber espionage.

John Bambenek, threat systems manager at Fidelis Cybersecurity, says the next President of the US will have some big challenges here. "Ultimately, nations have to behave like economic actors," he says.

Retribution, like attribution, to a cyberattack, can be a slippery slope.

Unlike the diplomatic agreement between Obama and China's Xi Jinping, where both nations promised not to conduct cyber espionage for economic gain in the wake of China's infamous intellectual property theft-related hacks, a deal with Russia would be much trickier and less likely. "You're going to have to do it adversarily with Russia," Bambenek says. There's definitely danger of escalation and "tit-for-tat" responses, he says.

"History tends to favor sanctions in these matters," he says. Take the US's economic sanctions against Russia in response to Putin's aggression in Crimea, he says. "That remains a pain point for Russia."

But Russian doctrine supports escalation as a way to de-escalate tensions or conflict, notes Christopher Porter, manager of the Horizons team at FireEye. "If the US administration puts in place a proportional response, Moscow could do something even worse to stop a future response … I think that is very dangerous."

Even if the US were to out the tools or infrastructure used by the Russian attack groups, it likely wouldn't pressure Russia to dial back the hacks. Porter points to a previous year-long study by FireEye of Russian threat groups that concluded that even after being outed more than 20 times in one year, the groups continued their operations.

"It had no demonstrative effect on their ability to compromise" their targets, he says. "They are well-resourced" and FireEye has seen them just shift their operations with infrastructure from outside Russia or with other resources, he says.

FireEye's Porter says there are two things the next US administration could do differently to handle these attackers. "They need to have better delegation for decision-making on the US side," he says. "Don't wait until a lot of incidents pile up before formulating a response. The White House has to weigh in on every decision now."

Second, don't treat state-sponsored hacks like a legal case. "We still talk about state-sponsored attacks as though they are a case for a lawyer, and we treat them like we have to prove them beyond a reasonable doubt … with forensic evidence," he says.

That approach doesn't work because savvy nation-states can easily sow reasonable doubt in their attacks, he says.

New Normal Norms Needed

Ultimately, without any global cyber-norms from which to operate, the US is limited in its response.

"I would love to see the next president somehow reach consensus with other nations as to what is and what is not acceptable in the world of cyber and what responses are acceptable to nations who violate those norms," Thomas, aka Space Rogue, says.

That would entail defining just what cybersecurity violations would entail when it comes to nation-states. "We should have very defined sanctions regarding hacking and cyberwarfare," says Miller Newton, president and CEO of data encryption company PKWARE.

But neither Presidential candidate has been eager to embrace the cybersecurity policy issues, despite both of their campaigns directly being drawn into the Russian hacks: Clinton via the DNC email breach as well as that of her campaign manager John Podesta, and Trump, who went so far as to say in the most recent debate that "maybe there is no hacking" in reference to the US government calling out Russia over the alleged data breaches.

Newton says the candidates aren't emphasizing cybersecurity because it's just not a hot topic for voters. "It's not a vote-getting issue," he says. "They [the candidates] don't want to hit the privacy versus national security issue head-on [either]. It's a quagmire: there is no easy solution, but it needs to be front and center."

But apparently, millennials do care about cybersecurity policy: more than half of US adults ages 18-26 surveyed by Raytheon and the National Cyber Security Alliance (NCSA) say that a candidate's position on cybersecurity weighs into their decision to support that candidate. Half don't think cybersecurity has been sufficiently discussed in this election season.

Related Content:

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Kelly Jackson Higgins
Kelly Jackson Higgins,
User Rank: Strategist
10/17/2016 | 4:11:45 PM
Re: Leading survey?
I know some security-savvy millennials, but they have been well-coached by their mom. =)
Joe Stanganelli
Joe Stanganelli,
User Rank: Ninja
10/17/2016 | 4:04:21 PM
Re: Leading survey?
@Kelly: Judging by the Millennials I have come to know, I think it's more a matter of wanting to appear as if they fit in and are doing the right thing.

If Millennials as a whole truly cared -- genuinely cared -- about information security and data privacy to the level being discussed here, they sure as shootin' wouldn't use so many apps or live on their mobile devices.

Now get off my lawn.
Kelly Jackson Higgins
Kelly Jackson Higgins,
User Rank: Strategist
10/17/2016 | 9:22:55 AM
Re: Leading survey?
Good point about "leading" questions in surveys. But I think it's also not surprising that millennials, who unlike their parents grew up with technology/Internet, are more concerned about cybersecurity. 
Joe Stanganelli
Joe Stanganelli,
User Rank: Ninja
10/16/2016 | 8:14:28 PM
Leading survey?
I question the survey results reported in that last graf.  It is an automatically leading question merely by virtue of asking it.  It makes people feel like they *should* be concerned about cybersecurity when it comes to politics, even if they're not -- or it triggers in people the feeling that they, as rational human beings, OF COURSE factor cybersecurity into their voting decision-making, even when they do not.

I seriously doubt that cybersecurity is a significant factor for the vast majority of US voters. 
COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/23/2020
7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer,  10/19/2020
Russian Military Officers Unmasked, Indicted for High-Profile Cyberattack Campaigns
Kelly Jackson Higgins, Executive Editor at Dark Reading,  10/19/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-10-23
A Cross-Site Request Forgery (CSRF) vulnerability is identified in FruityWifi through 2.4. Due to a lack of CSRF protection in page_config_adv.php, an unauthenticated attacker can lure the victim to visit his website by social engineering or another attack vector. Due to this issue, an unauthenticat...
PUBLISHED: 2020-10-23
FruityWifi through 2.4 has an unsafe Sudo configuration [(ALL : ALL) NOPASSWD: ALL]. This allows an attacker to perform a system-level (root) local privilege escalation, allowing an attacker to gain complete persistent access to the local system.
PUBLISHED: 2020-10-23
NVIDIA GeForce Experience, all versions prior to, contains a vulnerability in the ShadowPlay component which may lead to local privilege escalation, code execution, denial of service or information disclosure.
PUBLISHED: 2020-10-23
An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, where an attacker can gain access to the server.
PUBLISHED: 2020-10-23
NVIDIA GeForce Experience, all versions prior to, contains a vulnerability in NVIDIA Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which may lead to code execution, denial of service, escalation of privileges, and information disclosure.