Today the FBI and the Department of Homeland Security released a joint report directly accusing the Russians of hacking into the servers of “a U.S. political party,” including a spearphishing campaign “launched as recently as November 2016, just days after the U.S. election.” I’m not quite sure why they’re being so precious about naming the DNC, which has gotten several miles of press coverage, but the ways of intelligence organizations are mysterious:
This document provides technical details regarding the tools and infrastructure used by the Russian civilian and military intelligence Services (RIS) to compromise and exploit networks and endpoints associated with the U.S. election….This activity by RIS is part of an ongoing campaign of cyber-enabled operations directed at the U.S. government and its citizens.
The report doesn’t actually say an awful lot about how they know this hacking comes from Russia, but it does include one bit of signature code to watch out for. We also learn about lots of funky code names for Russian hacking operations:
APT28, APT29, Agent.btz, BlackEnergy V3, BlackEnergy2 APT, CakeDuke, Carberp, CHOPSTICK, CloudDuke, CORESHELL, CosmicDuke, COZYBEAR, COZYCAR, COZYDUKE, CrouchingYeti, DIONIS, Dragonfly, Energetic Bear, EVILTOSS, Fancy Bear, GeminiDuke, GREY CLOUD, HammerDuke, HAMMERTOSS, Havex, MiniDionis, MiniDuke, OLDBAIT, OnionDuke, Operation Pawn Storm, PinchDuke, Powershell backdoor, Quedagh, Sandworm, SEADADDY, Seaduke, SEDKIT, SEDNIT, Skipper, Sofacy, SOURFACE, SYNful Knock, Tiny Baron, Tsar Team, twain_64.dll, VmUpgradeHelper.exe, Waterbug, X-Agent
So what are we going to do about this? Here’s the New York Times:
The Obama administration struck back at Russia on Thursday for its efforts to influence the 2016 election, ejecting 35 Russian intelligence operatives from the United States and imposing sanctions on Russia’s two leading intelligence services.
The administration also sanctioned four top officers of one of those services, the military intelligence unit known as the G.R.U., which the White House believes ordered the attacks on the Democratic National Committee and other political organizations….In addition, the State Department announced the closing of two “recreational facilities” — one in New York, another in Maryland — that it said were used for Russian intelligence activities, although officials would not say whether they were specifically used in the election-related hacks.
This brings back memories, doesn’t it? It’s just like the Cold War, and Russia will no doubt expel 35 Americans in a few days. However, this also puts Donald Trump on the spot. Will he reverse the sanctions on GRU when he takes office? It’s one thing to do nothing and hope everyone forgets about it, but it’s quite another to actively reverse sanctions that are based on the conclusions of our own intelligence agencies. What are you gonna do, Donald?