29 Jul 2016
Speculation is rife that Vladimir Putin's government is behind the cyber hacking
Speculation about the release of emails and other records from the Democratic National Committee (DNC) is consuming headlines in the political and technical press. The technical evidence suggests that Russian actors, possibly linked with state intelligence agencies are responsible. This raises many questions about how the US might respond.
The incident highlights several things; the difficulty of proportional and timely responses to cyber incidents, the opaque nature of attribution and how easily it can be clouded in public discourse, and probably the most concerning, the increasing risk that the information we trust has been subtly manipulated to achieve an outsider's objectives.
Cyber Security firm CrowdStrike's report on the hack has identified two sophisticated groups operating inside the DNC network. APT 28 (or 'FancyBear') has been linked with Russian military intelligence and APT29 (or 'CozyBear') with the Federal Security Service . Two other firms (FireEye and Fidelis) also confirmed CrowdStrike's findings. Immediately following the CrowdStrike report, a new blog and twitter account named 'Guccifer 2.0' (Guccifer being a well-known Romanian hacker) were established that quickly sought to denigrate CrowdStrike's work and claim responsibility as a lone hacker. Guccifer 2.0 also claimed to have provided a trove of documents to WikiLeaks which have now been released.
It isn't clear who or where Guccifer 2.0 is from. While they claim to be Romanian, when asked to respond in Romanian, Guccifer 2.0's response was short and littered with errors. Many of the documents have had information deleted from them before release, likely subtly changing their meaning and interpretation.
If this is a genuine attempt to destabilise US political affairs then it is direct interference in a sovereign state's affairs, breaking the principle of "non-interference" which is in violation of international law. Intelligence agencies seeking information on the political machinations of their rivals, and even their friends is entirely legitimate espionage. But then using this information in an attempt to change the outcome is clearly a step beyond.
To make matters worse Donald Trump's response encouraging Russia to conduct further cyber interference in the election is at best irresponsible and with little understanding of its implications and at worst the actions of a mad man.
Thomas Rid on Motherboard has called this a "game changer". Rid notes that not reacting sets a dangerous normative precedent. But how could the US respond to this interference? If the US chooses to respond, it will firstly have to prove who is behind it, information that the actors involved have worked hard to hide, and when exposed to obfuscate through anonymous twitter accounts run by a "Romanian" with good English and Russian but poor Romanian.
Other experts have cautioned against making conclusions on the evidence provided so far, pointing out that CrowdStrike had made some assumptions, but that there is no hard proof about a link to Russian intelligence agencies, and that proving the actors are Russian doesn't mean they are a representative of the state.
There also remains the question about what is a necessary and proportionate response. Policymakers should consider the range of diplomatic, economic, and military responses at their disposal. Clearly in this case extreme military responses wouldn't be appropriate, but there are a range of other levers at the disposal of policy makers.
Responses need not be limited to cyberspace – nothing bars a state from using other channels, though each carries its own risks. There has been little direct response to Russian cyber activity in the past, despite a list of incidents that display Russian intent to use cyberspace to coerce opponents. The US has reacted to Chinese commercial cyber espionage by indicting PLA members and has also threatened sanctions. This appears to have had some effect, but arguably interfering in an election is a big step beyond commercial espionage.
However the US has already placed heavy political and economic sanctions on Russia, and options to respond are beginning to look thin on the ground.
The subtle or not so subtle manipulation of information can clearly have a significant effect on society and its actions. Cyberspace almost uniquely allows an actor to manipulate trusted information in one's interest to influence decision making and national issues. The international community needs to address this incident collectively and carefully.
The implications of Russia meddling with US elections, when the US is arguably the greatest cyber power and remains the greatest military power, are significant. Those states at the other end of the capability scale have little hope of preventing interference in their affairs if information campaigns of this scale are left unpunished.
Liam Nevill is an Analyst and Dr Tobias Feakin is Director - National Security Programs at the Australian Strategic Policy Institute.
Originally published: Australian Financial Review. 29 July 2016