This site may earn affiliate commissions from the links on this page. Terms of use.

Ever since the DNC was hacked earlier this yr, there'south been an ongoing tussle in the media over what the government knew, why it suspected the Russians, and what actions, if whatsoever, the Obama Administration would take in response. While some initial evidence of foreign interest was presented by tertiary-party security firms, the regime had refrained from sharing its ain conclusions or whatsoever of the underlying material. Every bit of yesterday, we have both a joint report from the US' various federal agencies as well every bit a formal announcement of sanctions to be taken confronting the Russian government. Permit's take a await at both.

The report, which yous can read here, is a joint product of the FBI and Department of Homeland Security on the actions of the Russian noncombatant and war machine intelligence services (RIS). Similar the independent cybersecurity reports of earlier this yr, the FBI and DHS assert that 2 entities — labeled APT28 and APT29 — worked in concert every bit office of a deliberate try to penetrate United states government infrastructure. APT29 (Advanced Persistent Threat) first penetrated a political party'south servers in 2022, while APT28 did then in 2022.

APTAttack

The two groups have related but distinct skill sets and attack methods. The report states: "In spring 2022, APT28 compromised the same political political party, again via targeted spearphishing. This time, the spearphishing email tricked recipients into changing their passwords through a faux webmail domain hosted on APT28 operational infrastructure. Using the harvested credentials, APT28 was able to gain access and steal content, likely leading to the exfiltration of information from multiple senior party members. The U.S. Government assesses that information was leaked to the press and publicly disclosed."

The use of common practices and methodologies is function of why the government is confident that both APT28 and APT29 are associated with RIS. As we've previously discussed in very unlike contexts, armed services cyberwarfare divisions don't have much in common with the kinds of script kiddies and assault profiles you see from run-of-the-factory zombie botnets. A cryptocurrency-mining botnet just wants to spread itself to as many systems as possible to brand as much more money as possible. It'south not necessarily concerned with remaining hidden for months or years at a time, and information technology's non going to be written to target specific and particular computers. The government'south written report states that beginning in September 2022, APT29 targeted over 1,000 recipients as part of a spearphishing campaign. That might sound huge, but information technology's ludicrously tiny compared to any commercial botnet. This was a precise, targeted strike, not a broad salvo aimed at converting every bit many systems as possible. The report doesn't accept as much specific data every bit nosotros might similar, but it'due south now the formal determination of the entire authorities.

The Obama Administration's decision to enforce sanctions against the Russians reflects this conclusion in a rather interesting mode. Instead of targeting full general sections of the Russian economy or interests, Obama appear that the regime would specifically enforce sanctions confronting 35 specific individuals identified every bit intelligence operatives. The individuals in question were ejected not for the DNC hack itself, only in response to "harassment of our diplomatic personnel in Russia by security personnel and police force." That's according to a White Business firm fact canvass distributed on the attacks, the government's response, and its rationale for various actions. There are also reports that the regime volition shut a known Russian spy base.

The reason it's interesting to see the United States taking these kinds of actions is considering spycraft isn't simply about what you know — it'south most what the other team knows you know. The reason the regime would leave known enemy assets in play is simple: If you force the other team to reestablish a new fix of procedures or recruit new agents, y'all guarantee that you'll have to penetrate their security once again.

U.s. Speaker of the Firm Paul Ryan called the new sanctions "overdue," adding "Russian federation does not share America's interests. In fact, it has consistently sought to undermine them, sowing dangerous instability effectually the globe." That's not to say Speaker Ryan is endorsing Obama'south Russian federation policies, which he described as "a prime example of this administration's ineffective strange policy that has left America weaker in the optics of the world."

Initial reactions from GOP leaders to news of the hacks were muted throughout the fall and into December. Of course, implementing effective policies against future Russian or enemy state incursions will be the responsibility of President Trump, who has previously dismissed intelligence agencies' conclusions and briefings by noting that he is "like, a very smart person." Trump over again called on the land to "move on to bigger and improve things," only stated "I will see with leaders of the intelligence community next week in order to be updated on the facts of this situation." Trump has generally pursued a very friendly human relationship with Russian President Vladimir Putin and his Secretary of Country pick, Rex Tillerson, was revealed as the director of ExxonMobil's Russian subsidiary, Exxon Neftegas, from 1998 – 2006.