U.S.
government hackers at the National Security Agency are likely targeting
Russian government-linked hacking teams to see once and for all if
they're responsible for the massive breach at the …
The NSA Is Likely 'Hacking Back' Russia's Cyber Squads
Maksim Blinov/Sputnik via AP
U.S. government hackers at the National Security Agency
are likely targeting Russian government-linked hacking teams to see
once and for all if they're responsible for the massive breach at the
Democratic National Committee, according to three former senior
intelligence officials. It's a job that the current head of the NSA's
elite hacking unit said they've been called on to do many times before.
Robert Joyce, chief of the NSA's shadowy Tailored Access Operations,
declined to comment on the DNC hack specifically, but said in general
that the NSA has technical capabilities and legal authorities that allow
the agency to "hack back" suspected hacking groups, infiltrating their
systems to gather intelligence about their operations in the wake of a
cyber attack.
"In terms of the foreign intelligence mission, one of the things we have
to do is try to understand who did a breach, who is responsible for a
breach," Joyce told ABC News in a rare interview this week. "So we will
use the NSA's authorities to pursue foreign intelligence to try to get
back into that collection, to understand who did it and get the
attribution. That's hard work, but that's one of the responsibilities we
have."
The NSA deferred direct questions about its potential involvement in the DNC hack investigation to the FBI,
which is the leading agency in that probe. Representatives for the
bureau have not returned ABC News' request for comment. Lisa Monaco,
President Obama's homeland security and counterterrorism adviser whose
responsibilities include cyber policy, declined to comment.
A former senior U.S. official said it was a "fair bet" the NSA was using
its hackers' technical prowess to infiltrate two Russian hacking teams
that the cybersecurity firm Crowdstrike alleged broke into the DNC's system and were linked to two separate Russian intelligence agencies, as first reported by The Washington Post.
In some past unrelated cases, the former official said, NSA hackers
have been able to watch from the inside as malicious actors conduct
their operations in real time.
Rajesh De, former general counsel at the NSA, said that if the NSA is
targeting the Russian groups, it could be doing it under its normal
foreign intelligence authorities, as the Russian government is "clearly
... a valid intelligence target." Or the NSA could be working under the
FBI's investigative authority and hacking the suspects' systems as part
of technical support for investigators, said De, now head of the cyber
security practice at the law firm Mayer Brown.
In the aftermath of an attack, a CIA official said that if there is an
"overseas component," the NSA would be involved along with the CIA's own
newly formed Directorate of Digital Innovation. The two agencies would
work, potentially along with others in government, to sniff out
suspects' "digital dust."
"It turns out that the people who carry out these activities use their
keyboards for other things too," said Sean Roche, Associate Deputy
Director for Digital Innovation at the CIA. Any attribution
investigations, Roche said, would also include offline information --
the product of old fashioned, on-the-street intelligence gathering.
Like Joyce, Roche said he was speaking generally and could not comment on the DNC hack.
While U.S. officials have told news outlets
anonymously they concur with Crowdstrike and other private
cybersecurity firms who have pointed to Russian culpability, the U.S.
government has declined to publicly blame the Russians.
The Russian government has said the hacking allegations are "absurd".
Director of National Intelligence James Clapper told the audience at the
Aspen Security Forum Thursday that the U.S. intelligence community was
"not quite ready to make a call on attribution," though he said there
were "just a few usual suspects out there." The next day CIA Director
John Brennan said that attribution is "to be determined" and a lot of
people were "jumping to conclusions."
Professional hackers often use proxies, Brennan said, so investigators
have to make two or three "hops" before tracing cyber attacks back to a
state's intelligence agency, which makes the attribution process more
difficult.
Kenneth Geers, a former cyber analyst at the Pentagon who recently
published a book about Russian cyber operations, told ABC News earlier
this week that he didn't necessarily doubt it was the Russians, but said
that even in the best cases when doing cyber investigations, "You can
have a preponderance of evidence -- and in nation-state cases, that’s
likely what you’ll have -- but that’s all you’ll have."
That, he said, opens the possibility, however remote, that a very clever hacker or hacking team could be framing the Russians.
Michael Buratowski, the senior vice president of cybersecurity services
at Fidelis Cybersecurity which studied some of the malicious code, said
the evidence pointing to the Russians was so convincing, "it would have had to have been a very elaborate scheme" for it really to have been anyone else.
The NSA's Joyce said that in general it's very difficult to properly
frame someone for a complex attack, since too many details have to be
exactly right, requiring a tremendous amount of expertise and precision.
But Joyce said that before the U.S. government pins blame on anyone for a
cyber attack publicly, the evidence has to pass an "extremely high
bar."
So when they do come forward, he said, perhaps based on the results of
attribution techniques that have not been publicly described, "You
should bank on it."
No comments:
Post a Comment