Next-generation cyber-attacks target specific individuals and organizations in order to steal data. They use multiple vectors including email, web, and malicious files to dynamically adapt and exploit zero-day and other network vulnerabilities. This phenomenon also is starting to happen also among public institutions and States.
The two presidential candidates clashed over a claim that hackers tied to Russia were trying to influence the election. Critics of Russia have argued that any role would be part of a growing trend of not just stealing information but also using such information as a weapon.
Last month the US Government formally accused the Russian Presidency of stealing and disclosing emails from the Democratic National Committee and a range of other institutions and individuals. James R. Clapper Jr, the director of national intelligence stated that the emails “are intended to interfere with the US. election process.” The emails were posted on WikiLeaks, DCLeaks.com and Guccifer 2.0, with the latter two being associated with Russian intelligence. He also stated how “such activity is not new to Moscow – the Russians have used similar tactics and techniques across Europe and Eurasia, for example, to influence public opinion there. However, Russia has rejected these allegations. We believe, based on the scope and sensitivity of these efforts, that only Russia’s senior-most officials could have authorized these activities.”
In the weeks prior to the formal accusation, assistants to President Obama have been discussing whether to openly attribute the cyberattacks to Russia. However, with a month left before the presidential election, the administration was scrambling to take a stance, partially because a declaration closer to Election Day would appear to be a particularly political one.
During the first presidential debate, former Secretary of State Hilary Clinton blamed Russia for the cyberattacks on the Democratic National Committee. On the other hand presidential candidate Donald Trump stated that there was no factual evidence that Russia was involved in the cyberattacks, and that it could have been anyone conducting them, from the Chinese government to an American citizen.
The major issue currently at hand is determining how President Obama and his administration could respond to these attacks without escalating cyberspace conflict between Russia and the United States, especially now that November 8 is rapidly approaching. The hope is that the announcement alone, showing that the US is aware of who is conducting these attacks, will deter further action.
Another key point from a legal perspective is how to treat these cyberattacks and if they should be legislatively equalized to a form of physical attacks. Former secretary of state Hillary Clinton called for the US. to begin treating cyberattacks like any other form of assault on the country. “As president, I will make it clear that the United States will treat cyberattacks just like any other attack,” the Democratic presidential nominee stated. “We will be ready with serious political, economic and military responses.”
Clinton called for the US. to “lead the world in setting the rules in cyberspace”. “If America doesn’t, others will,” she said. These remarks address one of the central challenges the Obama administration has faced in responding to cyberattacks. Without any international rules of engagement, officials must assess a response to each attack individually, with the result being that the Obama administration has often been accused of not having an adequate deterrence strategy.
Critics say that a lack of policy has muted government responses to incidents such as the massive hack of the Office of Personnel Management, which is believed to have been carried out by Chinese hackers. Clinton commented the recent attack on the Democratic National Committee (DNC), one thought to be carried out by Russian intelligence, stating that it has the aim and scope of influencing the public prospective driving them to the republican nominee
Lawmakers from both parties have called for a coherent cyber war strategy; something similar to the Geneva Conventions that would set a policy to define what is considered “an act of war” in the digital world, and how to address such threats. This past December, the White House issued a policy on cyber deterrence, however it was poorly evaluated by lawmakers due to a lack of seriousness consideration and focus.
According to experts in the field, another major issue related to cyberattacks is the challenge of determining who carried out the attack with a high level of certainty. This issue stems from the use of specific servers that are very hard to locate. Since many high-profile cyberattacks could be interpreted as traditional intelligence-gathering, something the US. itself also engages in, the White House is very often in a political predicament when it comes to its response.
The United States has tried to create serious boundaries on hacking private companies for economic gain. In September, an anti-hacking pledge was signed with China that prohibits such operations. In April, President Obama issued an executive order giving the Treasury Department the authority to impose sanctions on individuals or entities behind malicious cyberattacks and cyber espionage.
The story begins in May, when the Democratic National Committee (DNC) became concerned about suspicious behavior on its computer network. It called in the security firm CrowdStrike to take a look. Two hacker groups were found on the system, one that had just entered and another that had been there for nearly a year.
But after the DNC and Crowdstrike went public in placing blame, material was released into the public domain, shifting the focus from traditional espionage and stolen data to a potential influence operation designed to have an impact on the public. This is part of a wider trend of Russian activity that Western officials have been watching with alarm for some time. “We are seeing a more open and aggressive use of cyber, so that the information becomes a weapon and a weapon of influence,” former director of Britain’s GCHQ, Sir David Omand stated.
One additional concern is that information released in the web might be manipulated before it is leaked online. False information could be planted amongst a mass of real data which will be picked up and reported on before people even have a chance to verify it. A number of US states have also reported scanning and probing of election related systems such as voter databases. US intelligence said this may have originated from servers operated by a Russian company but it said it was not in a position to attribute this activity to the Russian government. However it would be very difficult for a hacker to alter ballot counts because of the decentralized nature of the US election system and protections in place. It should also be noted that even the attempt or the possibility of intrusion may be enough to cause problems when it comes to public perception around election time.
“The only reason I can see why you would want to do that is to sow doubt about the outcome of the election,” Sir David Omand says of the activity. “Because if you are in a district where you have to rely on the voting machines and you know the voting machines [and]the database has been penetrated can you really trust the result? You will very quickly get rumors after the election that the result in some areas could be in doubt. I can see plausible reasons why – at the moment – Russia would be quite happy to see the United States inconvenienced in that way.”
Russia has pioneered techniques of hybrid warfare and information operations in recent years including in conflicts in Ukraine and Georgia. Russian intelligence also has a long history of “active measures” and “influence operations” with roots in the Cold War. Cyberspace, however, offers a new means for pursuing this agenda and on a transformative scale. As the discussion about how the US should respond increases, the trend worries experts.
Next month, the US will elect a new President, representing one of the most influential figures on the world stage. Most likely there will be no cyber hanging-chad time, no massive breach that calls into question election results or faith in the democratic process of the country.
However, it would be a mistake to breathe a collective sigh of relief on November 9th and conclude that the problem is passed. Is this danger just beginning? It is safe to say that the 2016 election is a warning of darker hacks to come.
It remains unclear just how cyber escalation would work or where it could lead. Many cyber weapons have a “use it and lose it” quality. Once they are in the wild of the online web, they can be reverse engineered and possibly used against any connected individual.
The strategy starts by building better defenses, both technical and legislative standards. Such defenses would include audit trails in every state, starting with large battlegrounds, so that the election process can be resilient in the case of an attack.
Building resilience also requires changing minds, not just systems. Public education is essential. Future cyber-attacks could alter the integrity of data so that the truth will be hard to find. This could easily lead to the failure of modern democracy running through the net.
Now, when a breach occurs, we tend to assume that the information released must be true. For example, with the Clinton emails being published on WikiLeaks, the public is assuming that everything written there is legitimate, but caution is needed. None of these leaks are guaranteed to be completely legitimate or trustworthy. Anything leaked could be false, and it could have been designed specifically to deceive and manipulate the public.
Last week President Obama stated in an interview, “We are all connected. We are all wired now. One of the biggest challenges for the next president is going to be how do we continue to get all the benefits from being in cyberspace but protect our finances, protect our privacy, how do we balance issues of security?” This statement grows in pertinence and urgency as the technology utilized by global community advances with each passing day.