Cyber Security

Experts: Obama Likely To OK Secret Cyber-Retaliation Against Russia

Thursday's announced sanctions may not be the extent of Obama's departing revenge

Cyber Security
Photo Illustration: R. A. Di Ieso
Dec 30, 2016 at 5:55 PM ET

President Obama has named a number of sanctions against Russia, citing interference in the 2016 U.S. election — but will likely impose additional, possibly cyber attacks that could be kept from the public.

On Thursday, Obama and multiple government agencies announced a long string of accusations against Russia, which it says is the culprit behind hacks on the Democratic party earlier in 2016, indirectly helping Republican Donald Trump secure the presidency.

Obama’s announced retaliations were largely diplomatic, and didn’t include threats of retaliatory hacking. They included sanctions against the two Russian intelligence agencies believed responsible for the hacks, including four related officers, as well as three private Russian companies it accused of helping the operation. The State Department also shut down two Russian compounds in the U.S., respectively located in New York and Maryland, and expelled 35 employees from the country.

Crucially, though, Obama noted in his official statement that more would be coming: “These actions are not the sum total of our response to Russia’s aggressive activities. We will continue to take a variety of actions at a time and place of our choosing, some of which will not be publicized.”

Those unpublicized actions leave the door wide open for various forms of online retaliation, experts say.

“I suspect anything we do in the cyber realm would be covert because that would be proportional and we probably don’t want to throw the very first public cyber blow, especially over this. I think we’d reserve that for a traditional conflict, if we ever did it at all,” a source who has worked in U.S. cyber operations told Vocativ.

“I could venture broad guesses and speculate on the likelihood of particular suggested scenarios (interfering with bank accounts, leaking docs, etc.), but there is essentially no limits to the universe of possibilities,” added Susan Hennessy, a Brookings Institute fellow and former National Security Lawyer.

The Obama administration has previously made it clear that it would consider multiple avenues of retaliation, not just diplomatic sanctions. In October, Lisa Monaco, Obama’s Homeland Security and Counterterrorism Advisor, said of Russian hacking that when it responded to Russia,it would “consider a full range of tools: economic, diplomatic, criminal, law enforcement, military. And some of those responses might be public, some of them might not be.”

Specifics aren’t public knowledge, but even if they’ve already been put into action, it’s likely the U.S. would want to act “in kind” — what it sees as a proportional kind of retaliation to hacking Democrats, and those hacks’ distribution — and as a means of dealing damage to Russia without damaging the U.S.’s own sources and methodology for identifying Russia in the first place.

“My guess is the bulk of covert action will be in the form of attacks on [Russian intelligence’s] malware command and control infrastructure, and degrade and deny their ability to coordinate attacks on the U.S. and the E.U. (especially French and German elections),” Matt Tait, a former information security specialist for the U.K.’s GCHQ spy agency and the founder of cybersecurity company Capital Alpha Security, told Vocativ. That would likely take place as an NSA operation that relied on CIA covert ops, he said.

Hennessy speculated that the White House’s retaliation would be one obvious to Russia but not to the world at large, similar to the effect the DNC hack had on the U.S.

“My general guess would be that the retaliation will be non-public but not covert,” she said. “Meaning we will find a way to claim credit that is visible and unmistakable to Putin but perhaps not others — and that it will be designed to reveal either a previously unknown technical capability or our ability to reach areas or systems that would be surprising to adversaries.”

Trump has largely dismissed the consensus of the FBI, NSA, CIA, and Department of Homeland Security — agencies that will work for him when he assumes the presidency in January — that Russia was indeed behind the DNC hack. On Thursday, he seemed acquiesce, as a Presidential Transition Team statement quoted him saying, “In the interest of our country and its great people, I will meet with leaders of the intelligence community next week in order to be updated on the facts of this situation.”

By Friday, however, he seemed to have moved to a different angle. In reference to Vladimir Putin’s announcement that he would not pursue proportionate countermeasures to Obama’s sanctions before Trump takes office, he tweeted “Great move on delay (by V. Putin) – I always knew he was very smart!”