[ad_1]
U.S. officials suspect that a Russian spy agency carried out what could be the most successful cyber infiltrations of the U.S. government and corporate institutions in history.
It is described as an epic hack. But was it an attack?
It’s a more complicated question than one might imagine, and the way it’s answered may dictate how the incoming Biden administration responds.
For Microsoft President Brad Smith, the wording is clear: “This latest cyber attack is actually an attack on the United States and its government and other critical institutions, including security companies,” a- he wrote in a blog post Thursday, after his own company was raped by what US officials say is the Russian SVR, a rough equivalent of the CIA.
But for many current and former US officials, that’s not the right way to look at it. By hacking dozens of businesses and government agencies, they say, hackers have achieved an astonishing and painful spy feat. But they note that this is just the kind of cyber espionage that the U.S. National Security Agency routinely attempts against Russia, China, and a number of foreign adversaries.
This could constitute an attack if intruders destroy data, for example, or use their access to cause damage in the physical world, for example by shutting down power grids. But breaking into unclassified government and business networks? Read other people’s emails? It’s espionage.
“I don’t think that by anyone’s definition of working in this field, there is some kind of cyber attack,” said Gary Brown, a former Pentagon cyber official who is a professor of cyber law at Defense University. national.
“This is actually a very successful spy operation. This is the kind of thing we would like to achieve. And it’s kind of a wake-up call – we need to get better. The Russians are much better at it than we even knew.
Jamil Jaffer, former senior counsel for the House Intelligence Committee and vice chairman of IronNet Security, noted that “we do not yet have any evidence that any information has been deleted, destroyed, manipulated or altered, which leads me to believe that it is a collection of information. surgery.”
It is alarming but not surprising, for example, that the Department of Energy’s National Nuclear Security Administration is among the agencies violated – its unclassified business networks have been hacked, according to the agency.
“If we could access Russian or Chinese nuclear programs and information, we would,” he said.
U.S. officials should be careful how they describe this incident, said a senior congressional official who oversees intelligence. It’s different from what North Korea allegedly did in 2014 to Sony Pictures, hacking its networks, destroying data and computers, and creating public and private emails.
It’s also different from the US and Israeli operation known as Stuxnet, which used a cyberattack ten years ago to damage Iran’s nuclear centrifuges. It was clearly a cyberattack.
The latest suspected Russian cyber intrusion is more akin to the Chinese hack into the Office of Personnel Management (OPM), giving Chinese people access to millions of sensitive personal files.
After this incident, Director of National Intelligence James Clapper said: “You kind of have to salute the Chinese for what they have done. If we had the chance, I don’t think we would hesitate a minute. . “
“Obviously, if someone breaks into your systems and starts destroying things, as happened with Sony, well, it’s an attack,” the official said.
“But in the case of OPM, when hackers come in and exfiltrate tons of data, while it’s not welcome, it’s not necessarily in the same sense as offensive action. We have to be careful here, because the United States should be carrying out cyber espionage as well, so if we sit back and label things that would normally fall in the espionage and intelligence bucket as “ attacks ”, we are in danger of reap what we’ve sown. “
He added: “We are now wringing our hands about what others do to us without great public visibility of what we do to others.”
In fact, US officials have been careful in their language. Senior Senators on the Armed Services Committee, Republican James Inhofe and Democrat Jack Reed, issued a joint statement calling what happened a “significant and sophisticated cyber-intrusion” – not an attack.
Likewise, Mark Warner, the senior Democrat on the Senate Intelligence Committee, called it a “devastating breach”, “malicious effort” and intrusion.
“International law on cyber operations is not well developed, but for something to be considered an attack it must involve force or the use of force,” said James Lewis, a former official in the Department of Cyber Operations. ‘State now at the Center for Strategic and International Studies.
Much remains to be understood about what the intruders did with nine months of unimpeded access to government and corporate networks. It is possible that they did things that would be considered more than mere espionage, said a Western intelligence official who would not be appointed to discuss a sensitive issue.
If they just took data, that would be one thing, he said, but if they planted “cyber bombs” that could cause physical destruction in the event of an explosion, it would at least be a positioning for it. attack, he said.
Then again, he and others have noted, this wouldn’t be much different from what officials say the Russians have done before by positioning cyber weapons on parts of the US power grid or by stationing submarines equipped with them. nuclear weapons off the US coast.
The Russian SVR, which allegedly carried out the hacks, has no history of data manipulation or destruction – it is a spy team, the congressional official said.
But even if it remains just a Russian spy success, it has shown, experts say, that the Russians don’t think they are paying the price for such a brazen operation. President Trump hasn’t said anything about it, but President-elect Joe Biden has promised to respond.
In doing so, he used exact language that some intelligence officials said went too far, raising expectations for a more robust response than he would ultimately be prepared to provide.
“A good defense is not enough; we need to disrupt and deter our adversaries from undertaking significant cyber attacks in the first place, ”Biden said in a statement. “I will not stand idly by in the face of cyber attacks on our nation.”
[ad_2]
Source link