Trump should take Russian cyberattacks seriously

Getty

The recent Grizzly Steppe Report, published by U.S. intelligence agencies to outline the findings of Russian malicious cyber activity, is probably one of the most unusual yet intriguing reports published in recent years by the American intelligence community.

{mosads}Several insights can be derived from the report. First, it is clear that the attackers’ objectives were focused on achieving long-term strategic achievements rather than quick wins. The attackers infiltrated the Democratic National Committee’s email systems and became active a year and a half ago. During this time they systematically mapped the terrain and gathered information, as well as planned a second attack focused on more valuable assets like senior party members. 

 

The report indicates that the attack against the Democratic Party’s email system was conducted in two phases. The first phase was a relatively broad one (“over 1000 emails”) and was aimed at finding random cracks through which the attackers could infiltrate. The second penetration was more sophisticated as the attackers targeted specific users (probably executives) and tricked recipients into changing their credentials through a fake webmail domain. The attackers then used these harvested credentials and stolen information to target other party members. 

In both cases, the hackers used third-party servers from the federal government and educational institutions to host malware and give the fake websites credibility. 

Interestingly, the methods used to execute these ambitious attacks (spear phishing, remote access tools and obfuscating information) were pretty simple and didn’t require breath-taking James Bond-style operations. In fact, none of these methods, or the combination of them, is new or innovative but has been widely used by hackers for years. The main technical sophistication was the attackers’ ability to “hide” in the party’s system for so long despite protective measures being taken. 

The relative simplicity of these measures taken vis-à-vis the impressive operational success illustrates, once again, that albeit sophisticated protective measures within organizations, there’s always a weak link: humans. The attackers only needed one unaware individual to press a link in their email to allow them to enter the system and collect data for their next attack.

But who was the entity that stood behind this attack? The report claims that it was the Russian government but it provides no real evidence for this claim. Are any other non-government groups capable of conducting such an attack? Most certainly, especially if one takes into account that the methods used were not too technologically advanced. Even the most sophisticated element of the attack, the ability to remain clandestine inside the system, could have been achieved without government support.

However, before clearing the Russians entirely, let us remember several things. First, the report does not reveal the whole picture that the Intelligence community likely possesses. It is safe to assume that there’s classified information that wasn’t published and within which lies the “smoking gun” needed to blame the Russians. It is doubtful that the Obama administration took extreme measures against Russian “diplomats” based on speculation alone. 

Second, the Russians certainly have the motivation and capability to launch such an attack. Though Russia’s military interventions in Georgia, Ukraine and Syria have been the most prominent features of its foreign policy, they represent one point on a broad spectrum of activities, among them the use of information operations, propaganda and engaging in covert actions that are non-linear and considered hybrid warfare.

Sadly, but as predicted, the issue continues to be a partisan matter. President-elect Donald Trump has every right to demand that the IC present clear proof of Russian involvement, especially when the current administration has taken prominent measures against the Russians since its twilight days. 

However, Trump needs to overcome his tendency to reduce reality into a situation of “us vs. them,” with “us” being Trump supporters and “them” being his American opponents. Whoever conducted this attack, presumably the Russians, has asserted unprecedented political warfare on the U.S. with the intention of affecting the democratic process through which the American people elects its representatives. In a world that is struggling to redefine the terrain of international relations, the U.S. and its newly elected president cannot risk their national interests because of internal politics. 

President Obama’s recent decision to expel 35 Russian diplomats and close two compounds should therefore be perceived in the light of a new form of political warfare, aimed at creating deterrence that is highly required in light of the tectonic changes in the realms of intelligence and diplomacy. 

Twenty days before his inauguration, Trump should cease from painting this affair as a political attempt to tarnish his legitimacy. Unless the U.S. draws a very clear and uncompromising line in the sand, sometime in the near or far future, the elected administration, and potentially even Trump himself, could become the target of similar attacks.

 

Shay Hershkovitz, Ph.D., is chief strategy officer at Wikistrat, Inc. and a political science professor at Tel Aviv University specializing in intelligence studies. He is also a former IDF intelligence officer whose book, “Aman Comes To Light,” deals with the history of the Israeli intelligence community.


The views expressed by contributors are their own and are not the views of The Hill.

Tags cybersecurity Donald Trump Hacking Russia Shay Hershkovitz

Copyright 2023 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.