US Gov't Officially Accuses Russia Of Hacking... Question Is What Happens Next

It's been quite a crazy Friday, and in the midst of it all, the US government finally came out with an official accusation that Russia is behind various hack attacks concerning the US election:

The U.S. Intelligence Community (USIC) is confident that the Russian Government directed the recent compromises of e-mails from US persons and institutions, including from US political organizations. The recent disclosures of alleged hacked e-mails on sites like DCLeaks.com and WikiLeaks and by the Guccifer 2.0 online persona are consistent with the methods and motivations of Russian-directed efforts. These thefts and disclosures are intended to interfere with the US election process. Such activity is not new to Moscow-the Russians have used similar tactics and techniques across Europe and Eurasia, for example, to influence public opinion there. We believe, based on the scope and sensitivity of these efforts, that only Russia's senior-most officials could have authorized these activities.

The same report says that they don't (yet) have enough information to also accuse Russia of the recent hacks on state election computers:

Some states have also recently seen scanning and probing of their election-related systems, which in most cases originated from servers operated by a Russian company. However, we are not now in a position to attribute this activity to the Russian Government.

But they also stick with the party line that actually hacking the election would be difficult:

The USIC and the Department of Homeland Security (DHS) assess that it would be extremely difficult for someone, including a nation-state actor, to alter actual ballot counts or election results by cyber attack or intrusion. This assessment is based on the decentralized nature of our election system in this country and the number of protections state and local election officials have in place. States ensure that voting machines are not connected to the Internet, and there are numerous checks and balances as well as extensive oversight at multiple levels built into our election process.

Of course, people have been pointing the finger at Russia over these hacks for a while, and according to various reports there's been widespread debate within the Obama administration about making a public accusation. There are two main issues here:

1. Attribution for computer attacks is really really difficult. No one knows for sure, and there are ways to spoof where attacks come from. There does appear to be quite a lot of evidence pointing back at Russia for these hacks, so it does seem like a safe bet. But that doesn't mean it's definitely them. It would be nice if people gave actual confidence values when they make statements like these, but no one in politics ever does that these days.
2. The much bigger question is what comes next. There are political benefits and costs to naming Russia. But the big thing here is that by naming Russia, it gives the US government more leeway to do something in response. And, as we warned many months ago, this is a horrifically bad idea. It will only escalate matters and make things worse overall.

As I noted just the other day, cybersecurity should be a defensive game. Going offensive is really, really dangerous, because things will get worse, and we really don't know what the capabilities of the other side(s) truly are. Focus on protecting critical infrastructure, not on some meaingless symbolic strike back.

But, of course, in this day and age, people seem to feel that every action requires some sort of reaction, and in a computer security realm, that's just stupid. But it seems to be where we're inevitably heading. The cybersecurity firms will get wonderfully rich off of this. But almost everyone will be less safe as a result.

Permalink | Comments | Email This Story