Before most Americans woke up last Wednesday and learned Donald
Trump had won the presidential election, hackers linked to Russian
intelligence had already launched a sweeping cyberespionage campaign to
find out what his victory meant for Vladimir Putin's government.
Russia has always placed a top priority on
vacuuming up whatever intelligence it can about a new American president
and their top advisors and plans, to gain strategic advantage, Sean
Kanuck, the nation's first National Intelligence Officer for Cyber
Issues from 2011 to 2016 told NBC News.
"And especially after the largest electoral
upset in recent American history, it would be all the more important to
collect as much information as possible on the new administration and
its probable policies," said Kanuck, now an affiliate with the Center
for International Security and Cooperation at Stanford University.
Russian hackers didn't stop working after the election. Oliver Nicolaas Ponder / Getty Images/EyeEm
As Team Trump ramps up the transition and then
takes over the levers of power, Kanuck said, "I would expect it will
only increase against all of his close confidants and advisors."
The Nov. 9 attack especially targeted "people
who are or will be associated with the incoming administration,"
according to Steven Adair, founder of Volexity, the cyber security firm
that first disclosed the campaign.
Cybersecurity experts and current and former
U.S. officials said they would have been surprised only if they did not
see an aggressive post-election intel-gathering campaign by Russia."I
assume the need for intelligence is greater than normal right now.
Nobody knows what's going to be, what's going to happen," under Trump,
said John Hultquist, director of cyberespionage analysis at the security
firm iSIGHT Partners.
The attack came from the hacking crew known as
Cozy Bear that U.S. officials have linked to earlier attacks on the
Democratic National Committee, the White House, State Department and
Joint Chiefs of Staff.
What's noteworthy, some said, was how quickly
and aggressively the Russian-linked group is moving, especially when the
new president-elect is the candidate Putin favored during the campaign.
Even though Trump and Putin have expressed support for improved
U.S.-Russia relations, via his win Trump has suddenly become an opponent
for a Russian president who views the U.S. as not just a competitor but
in many ways as an enemy, experts said. As such, aggressive collection
of intelligence on the Trump transition effort would be part of Putin's
playbook, in terms of how the former KGB intelligence officer seeks to
gain leverage over his opponents, said Shawn Henry, a former top FBI
cybersecurity official who is now at the CrowdStrike security firm.
"They are interested in anything that is going
to demonstrate and dictate the direction that the U.S. is going,"
including key players and policies, said Henry, whose security firm has
tracked Cozy Bear for several years.
"It is a whole-cloth collection across the U.S.
and how they can use that information in negotiations," Henry told NBC
News. "If you know the answer before the test you are in a stronger
position."
Two targets come forward
Cozy Bear's flurry of activity on the morning of
Nov. 9 targeted think tanks, non-governmental-organizations and
university researchers, said Adair. Most of those targeted had ties to
the national security, defense, international affairs, public policy,
and European and Asian studies realms, according to Adair and other
experts at cybersecurity firms that track the Russian hackers.
"Before 9 a.m., we started seeing it," said
Adair. "What are they after? We can't say with certainty. But one of the
goals is to gain early access to the people who will have influence
over where things are going, and to increase their foothold in
organizations that are already playing, or will continue to play, a role
in what happens next."
Adair told NBC News that the campaign especially targeted "people
who are or will be associated with the incoming administration" or with
those in Congress and other places who will be working with them. Also
targeted: those with subject matter expertise in public policy matters
that have suddenly risen in importance now that a Republican
administration is taking over, he said.
"They want an early view of what happens," Adair said, "before it becomes policy or law." Related: The Trail of Russian Hackers
Adair said the hacking campaign used
sophisticated spearphishing techniques to send emails to hundreds of
people that look so legitimate that they won't hesitate to click on
links that are included, or to download files. That installs malware on
their system and enables the hackers to get their emails and files and
to move on to others they communicate with.
Two of the five separate "attack waves" included
purported messages forwarded on from the Clinton Foundation giving
insight and postmortem election analysis, a Volexity web report said.
So far, at least two targets have come forward.
Maeve Whelan-Wuest of the Brookings Institution and Adam Segal of the
Council on Foreign Relations tweeted that they received suspect emails.
Neither are Russia experts, but Segal directs the council's Digital and
Cyberspace Policy Program. And since both think tanks are prominent and
focus on U.S.-Russia relations, it's likely the hackers targeted
non-Russia experts who might be less suspicious of emails as a way of
gaining access to the entire roster of experts and their contacts, one
former senior U.S. intelligence official told NBC News.
The former intelligence official said the spearphishing campaign was
also timed to maximize its chances of success: "People were in such a
frenzy about the coming political change that their hesitation in
opening an email or attachment would probably be greatly reduced."
Adair said the speed and intensity of the
campaign suggests the hackers were planning their cyberattack no matter
which candidate had won, but that they appear to have tailored the
specifics to focus on people who were suddenly more important in a
future Trump administration.
The big question is whether Russia will continue
to use information it steals through cyberespionage to meddle in U.S.
political affairs. How Worried Should We Be About Russian Hackers?
Many experts bet yes, and say Putin often
undermines foreign leaders by leaking enough true information to show
that Russia has stolen their secrets, and then releasing manipulated or
completely fabricated material that creates huge problems for them.
"They could quote Trump or his advisors saying
things that they didn't say, to create added instability and
uncertainty," Kanuck said. "Countries like Russia have a long history of
influence operations and information confrontation. We should expect
that to continue in the digital media space."
No comments:
Post a Comment