Ever since the U.S. government hit Russia with economic sanctions last year, Russian hackers have started new cyberspying campaigns to steal information from U.S. government agencies and corporations, according to current and former American intelligence officials and cybersecurity experts.
Now, American officials are fighting backâby outing the hackers and issuing what some see as veiled threats to Moscow.
Three former U.S. intelligence officers who worked on counterintelligence and cyber operations told The Daily Beast that a new report this week accusing Russia of infiltrating unclassified networks at the White House was apparently designed to send a message to the Kremlin: We know what youâre up to, and how youâre doing it.
âWe are seeing a dramatic rise in cyber intrusion activity from the Russian government since the sanctions regime was put in place against them last year,â Dmitri Alperovitch, the co-founder of cybersecurity company CrowdStrike, told The Daily Beast. Beginning in March 2014, the Obama administration imposed a series of sanctions designed to punish Russia for its invasion of Crimea and subsequent military incursions in eastern Ukraine, and U.S. officials have said theyâre helping to depress Russiaâs economy, already hurting because of falling oil prices.
Alperovitch said there was âno indication that [the cyberintrusions] are retaliatory.â Rather, as Russia finds itself struggling to stay afloat, âthey are using cyber espionage to at least in part compensate for loss of competitiveness they are experiencing.â Alperovitch said the hacking has been tied to a single source, or âactor,â that CrowdStrike refers to as Cozy Bear.
In the past year, researchers have also linked Russian hackers believed to be working for the government to other spying campaigns, including against NATO, the Ukrainian government, energy companies in Poland, and an academic at an American university who was targeted because he studies Ukraine.
On Tuesday, CNN reported that according to U.S. officials, Russian hackers had penetrated portions of the White House computer network by gaining access from another âperch,â at the State Department, where intruders had gotten inside the unclassified email system.
The intrusion reported by CNN is not âa new incident,â a spokesman for the National Security Council said. Rather, it was acknowledged by the White House last year after intruders accessed an unclassified network used by the Executive Office of the President.
Disclosing the new details posed little risk to ongoing operations, the former officials said, because the hack had already been disclosed and it concerned sensitive materialsâsuch as President Obamaâs travel scheduleâbut not any classified information.
One former intelligence official read the information in the new report as âa veiled threatâ to Russia that there could be further consequences for malicious hacking. Last week, Obama signed an executive order that allows the U.S. to impose sanctions on individuals and entities for hacking that poses a âsignificantâ threat to U.S. national security, including economic and financial stability.
A former senior U.S. intelligence official told The Daily Beast that Russian hackers are among the best at posing as U.S. government employees or other trusted parties and then tricking others into disclosing login credentials that allow the hackers to get access to more computer networks.
In recent months, U.S. intelligence officials have been sounding the alarm about Russian hackers, who they see as more sophisticated and harder to track than their cohort in China, the other major source of cyberspying on the U.S. government and companies.
Director of National Intelligence James Clapper told a Senate committee in February that âthe Russian cyberthreat is more severe than we have previously assessed.â And last year, he twice singled out Russian hackers as among the most significant cyberthreats to the United States.
Russia is âgoing to town on us and exploiting our information, our intellectual property,â Clapper said after a speech at the University of Texas in Austin last October. âWe know a lot about the Chinese only because theyâre a lot noisier about it,â Clapper said, echoing remarks by other U.S. officials and experts who say that Chinese hackers seem not to care if theyâre detected.
âI worry, frankly, more about the Russians, who are a lot more subtle and a lot more sophisticated about purloining our information,â Clapper said. The spy chief had previously identified the Russian government as a source of cyberspying, telling the House Intelligence Committee, âRussian intelligence services continue to target U.S. and allied personnel with access to sensitive computer network information.â
A spokesperson for Clapperâs office told The Daily Beast that the directorâs warnings about Russia were âdeliberateâ and intended to ensure that a âbroader audience of Americans,â and not just cybersecurity experts, know that China wasnât the only significant threat. Chinese cyberspying has tended to grab headlines, particularly after the Justice Department last year indicted five Chinese military officers for an espionage campaign targeting U.S. industries, including aluminum processors and solar-panel manufacturers.
CrowdStrikeâs Alperovitch said Russian hacking over the past year has been targeting a broad range of industries, but all ones that are important to Russiaâs economy. âWe are literally tracking hundreds of breaches that theyâve been initiating against both government and commercial targets and have been battling and stopping their intrusion attempts at a number of our customers,â Alperovitch said. âWe are seeing them across energy, finance and defense sectors, as well government agencies and national-security nonprofits.â
Clapper has spoken approvingly of the current sanctions regime and credits it with helping to depress the Russian economy and inflate the value of the ruble. But, Clapper told the Senate Armed Services Committee in February, those measures still havenât changed President Vladimir Putinâs strategy in Ukraine. Russian military forces continue to back separatist rebels who have threatened to take more territory in the eastern portion of the country.
Clapper also said the bigger threat to Russiaâs financial stability was the low price of oil on the global market. âThe greater impact frankly on the economy has been the drop in oil prices,â Clapper said.
That could be another motivator for Russia to ramp up spying on U.S. energy companies. In that respect, they may be borrowing a page from the Chinese playbook. A report in 2013 by the security research firm Critical Intelligence concluded that âChinese adversariesâ have infiltrated the networks of U.S. energy companies to steal information about fracking and gas extraction. The report said Chinese hackers had also targeted companies that make petrochemicals, such as plastics, for which natural gas is a precursor ingredient.
Alperovitch said it wasnât clear whether the Russian hackers are working directly for the government or are contractors. (U.S. intelligence officials have noted that Moscow uses both its own hacking teams and outsources some work, as well.)
âWe are confident they are working on behalf of the Russian intelligence agencies,â he said.
Alperovitch didnât provide any technical details about the case. Nor have current U.S. officials offered any technical evidence that could support their claims of Russian hacking and be independently examined.
And not everyone agrees that Moscow is behind the recent assaults. In an interview with the Russian state-owned RIA Novotsi, Aleksandr Gostev of the Russian security company Kaspersky Labs said it would be âextremely difficultâ to pin the activity on Russia, and noted that circumstantial evidence could be used to fabricate a case.
Similar doubts about attributing hacks to foreign governments emerged when U.S. officials blamed North Korea for an attack on Sony last year. Ultimately, President Obama and FBI Director James Comey publicly asserted that they were confident that North Korea was to blame. At the time, current and former officials told The Daily Beast that their confidence was based in large part on intelligence operations against North Korea that showed hackers in the Hermit Kingdom were hitting U.S. targets.
With regards to attributing hacks to Russia, one of the former U.S. intelligence officials said that analysts have catalogued the specific tools Russian hackers use and have developed signatures that, he said, give analysts across the intelligence community confidence that Russia is a major source of cyber espionage.
Certainly Clapper shares that view. âIt is a serious, serious problem,â he said during his remarks in Austin. âWe are not configured collectively as as government and as a nation to defend against this as we should.â
