dicembre 1, 2016

Decoding US-Russia Cyberelations

Decoding US-Russia Cyberelations

On October 15th, NBC reported that the CIA received an order directly from US president Barack Obama to prepare an unprecedented cyberattack to be used against Russia as a response for the “continuous interferences” by Russian hackers trying to rig the 2016 presidential elections. The sources cited are “current and former officials with direct knowledge of the situation”. This is directly linked to vice-president Joe Biden’s suggestion that the Obama administration is ready to “send a message” to Putin, that is to say a retaliation against Russia in cyberspace.


The interferences by Russian hackers are only the last of several accusations made by the US towards the Kremlin. First, it follows the official accusation that, in July 2016, Russia allegedly hacked the Democratic National Committee’s computer network and stole more than 19,000 e-mails of Democratic party members. In this case the finger was not pointed at nationalist hackers, that could be exploited as proxy attackers, but at “senior-most officials” indicating a deliberate attack from the Russian government.


According to several security firms, there are two separate groups behind these attacks. The first one has been dubbed Fancy Bear (among other monikers) operating — allegedly — under the Glavnoe Razvedyvatel’noe Upravlenie, orGRU, the main Russian foreign intelligence agency; the second one, Cozy Bear, operates within the FSB, today’s SVR (formerly known as KGB). Both of them apparently infiltrated DNC’s computers. Second, few weeks before the election date, John Podesta, chairman of Hillary Clinton’s campaign, claimed that “Wikileaks is a propaganda arm of the Russian government” as the website published e-mails extracted from his own personal account that contained extracts from speeches that the presidential candidate was paid for and gave at Wall Street. Basically, Wikileaks has been accused of being under control of the Russian government, evidence found in the fact that only Hillary Clinton was targeted and not Donald Trump.


It is worth noticing that the accusations have to be paired with the request by John Kerry, US secretary of state, to investigate Russia for war crimes in Syria, the fact that Russia moved nuclear-capable missiles into Kaliningrad, according to Estonian sources, and the fact that Russia suspended an agreement on the disposal of weapons-grade plutonium. It goes without saying that the geopolitical situation was, and still is, very tense between the two superpowers.


This brings us to Mr. Biden’s claim that the Russian government was trying to interfere with the election process. The first question that should arise is straightforward: why was Russia messing with the election to — allegedly — favour Trump? This question has, I think, several answers. The first one could be that having Hillary Clinton as president would have exacerbated the already weak ties that Russia has with the United States. Choosing Trump as president could, in turn, destabilise the ties that America has all over the World with its close, and not-as-close partners, weakening its position at international level. This would, possibly,make Russia gain a major global influence compared to a situation in which Clinton was president, a person considered to be very interested in keeping a strong American position internationally and very knowledgeable about global affairs.


The second answer concerns the possible ties that Donald Trump has in Russia. Officially, Trump and Putin praised each other a very limited number of times. Putin endorsed Trump as the “leader of the presidential race” praising the fact that Trump wants to build a renewed and working relationship with Russia. “Who doesn’t want that?” commented the Russian president. In exchange, Trump described Putin as “a strong leader”, that “Russia could be a great asset” to the US. Furthermore, Mr. Trump — after he went bankrupt several times and US banks stop giving him money — asked for and received funding from Russian investors. Furthermore, two of the Republican candidate’s foreign policy advisors, Carter Page and Lt. Gen. Michael Flynn, have business with Gazprom, the oil giant, and Russia Today, Moscow’s propaganda channel, respectively.


Trump also bragged about having met all Russian oligarchs, and rich Russians are the main clientele of Trump’s assets. The ties are not limited to this list, but they seem sufficient to depict an existing relationship between the two actors, the degree of which still remains unspecified. For this reason, that is not sufficient to justify a possible endorsement by exposing the competing candidate’s secret and disrupting confidence among the voters. The best answer could be found in the fact that Hillary Clinton would have increased the power politics game eroding the power in foreign policy that Russia was able to gain in the past eight years.


The second question is: how could have Russian hackers been able to influence the presidential race? At first glance, one could think about rigging the results by directly hacking the online voting, but that is a very unlikely scenario, for different reasons: a) the electronic voting system is highly decentralised on US territory, without a central hub of data collection (that’s to say, there is no single infrastructure to be hacked); b) as old as they are, electronic voting machines are not connected to the internet, and many of them provide a paper receipt-based backup system. Nevertheless, they are still hackable but potential hackers would have to have physical access for an extended period of time in order to have the possibility of tampering them.


Therefore, when the media warned about “Russian hacking the elections” it did not mean that they could have possibly make one candidate or another win. Indeed, the main goal of those Russian hackers was to create a scandal by, on the one hand, exposing Hillary Clinton’s best kept secrets, and on the other hand, strengthening the link between the democratic candidate and “the establishment”.


Indeed, due exceptions considered, for example the power outage in Ukraine of December 2015, Russian operations in cyberspace have always been more prone to exploit psychological and influencing factors. For this reason, in this occasion it would have been unlikely to see a highly destructive cyberattack coming from Russia, or an extensive disruptive cyber operation.


The reason is pretty straightforward, that is to say that Russia, despite possessing the capability of conducting disruptive cyberattacks, was not interested in them because using cyber operations as psychological means of warfare suited them the best. The Kremlin dismissed the possibility of being behind these operations through the words of Vladimir Putin, that has recently accused Western countries of inciting a widespread anti- Russia hysteria. The Russian president stated that he doesn’t “know anything about it” and that “Russia has never done anything like that at state level”. In response to Putin’s defense, the former deputy director of the CIA, Michael Morell argued that Putin was using the leak of emails in order to benefit Donald Trump, and that he was “100% confident” that Putin was behind the whole operation, approving and directing it, not nationalist hackers or any other private actor.


The first surprising element comes into play exactly here. It is not unusual for a CIA or military spokesperson to comment on cyberattacks saying things the likes of “our analysts saw that the attack originated from state X”. What was unusual is that the vice-president of the United States was completely sure about attributing the cyberattacks to the Russians to even declare that the US would retaliate, given the fact that “we have the capacity to do it. It will be at the time of our choosing, and under the circumstances that have the greatest impact”.

This also summarises how to use a “cyber weapon” properly: given the temporary nature of cyber weapons, their best use is through the exploitation of the surprise element (completely unaffected by the declaration), during the best circumstances in order to produce the maximum effect.


The other two surprising elements are to be found here: the first one is the complete and utter certainty of the attribution; the second one is the declaration of the possibility of retaliating with a cyber weapon. By declaring certain attribution, they were publicly stating that the US has some way to be absolutely sure about the origin of a cyberattack, showing a relevant upper hand in the cyber arena. Such a management of the communication after a cyberattack is crucial because it determines how the agency’s activities are perceived both the political leadership and the general public, and a sure attribution boosts government’s case and credibility.


Furthermore, it is always interesting to see how offenders, even alleged ones, react to unexpected publicity. However, communication has its own limits. Limits that are more binding when the attribution, like in this case, is believed to be 100% sure. The question is: how could the US pinpoint so surely the origin of the intrusions? This is intelligence material and in this case we do not know anything about that. There is, however, a precedent. During the events of the Sony Hack that took place at the end of 2014, the attacks were attributed with 100% confidence to North Korea. The reason behind this certainty was that the NSA was already inside North Korean systems and was able to verify the suspect. Is this case the same?


Yes, absolutely and NBC recent sources confirmed it. But it could also be an asymmetry issue. Retaliation from North Korea wasn’t threatening. The information about the NSA infiltrating North Korean systems went public and, furthermore, the US imposed economic sanctions. Retaliation from Russia, is much more threatening. It is a military superpower and the geopolitical situation is tense. Communicating attribution, then, becomes a tool for deterrence. Basically it is a display of technological and/or intelligence superiority, and makes the offender become a possible target by saying, “we know it’s you, we know where to direct a possible retaliation”. This is linked to the declaration of having an unprecedented cyber attack in the making and the willingness to use it against Russia. It is important to remind that Russia, in the situations described above, did not use disruptive cyber attacks, it did not impair or damage systems, it siphoned information and then leaked it.


No one, as far as I know, considered the fact that these attacks could be a tit-for-tat retaliation for the leaking of the so-called Panama Papers, that happened a few months before the Russian legislative elections this year. In those documents was stated that “Putin’s associates used a variety of offshore structures to move vast sums of money around the world” and the Kremlin could have seen this as an attempt to destabilise the Russian election process by creating scandal and shaming the candidates.


What was interesting to see was whether and how the US would have actually responded to Russian intrusions. The stakes were high and, at the time, I had considered two scenarios, the first one ended with a proportionate response the likes of economic sanctions, aimed at weakening the already fragile Russian economy. The second one involved a cyber retaliation from the US (maybe combined with economic sanctions, such in the case of North Korea) that could end this conflict or that could spur a Russian reaction leading to an escalating process.


That would have opened up a new chapter in the history of cyber conflicts, but at the same time it would have shown poor strategic capability from the US side. The best option for the US would have been to retaliate, of course — in order to show strength and not give in to Russia but with a proportionate response2 not an escalatory move. A military retaliation would have been impossible nonetheless, but keeping the response on par or even subpar to the alleged attack would have avoided a) a possible escalation, and b) feeding a Russian narrative where the US are fostering an anti-Russian hysteria, from which Putin derives his domestic strength, and also gains international legitimacy from those countries which oppose western dominance on global affairs.


Indeed, reality proved me right. The proportional response or, better, a proportional response arrived. According to NBC News, that claimed to have obtained access to top-secret documents, US military infiltrated Russian electric grid, telecommunications networks and the Kremlin’s command systems in order to be ready to be a target of a cyber operation. This follows the statements by former NSA chief Michael Hayden, who declared: “a foreign intelligence service getting the internal emails of a major political party in a major foreign adversary? Game on. That’s what we do.” hinting at the fact that, just like the case of North Korea, US military has already penetrated different governments’ systems. The NBC News article could be seen as a sort of indirect retaliation, and falls under the aforementioned “communication as deterrence” methodology.



Through a major news company, the US government told the Russian one that they are already inside their networks. Straightforwardly, it must be added to the statement of willingness in carrying out a major cyber operation, therefore it must be seen as a declaration of the fact that the US is willing to perform such an attack against Russia and that they can easily deploy it. The question here should be whether the fact is true or not, but in reality it is irrelevant because it functions as a deterrent nonetheless, and, furthermore, since the US has already done it with North Korea, it could be expected that it is indeed true.


The US is obviously adopting a strong deterrence posture that could remind us of a past when cyber weapons did not exist but nuclear weapons were ready to be used. Are we seeing the beginning of a “Cyber Cold War”? Well, first of all what would be a “hot war” in this case? If we were to consider it a conflict where two countries exchange their best cyber arsenals against one another, then yes. As for now, we’ve only seen espionage operations, and they were the norm during the Cold War. We could consider it “cold”, in the sense that they do not cause reasonable harm to individuals, as opposed to “hot” meaning a war fought with kinetic weapons. Personally, I would be very cautious in using unnecessary parallelisms.


Of course, some similarities could be found but we are living in different times and government in this case are exploiting different methods to engage one against the other. What remains to be seen is the posture that the current president Donald Trump is going to adopt as far as cyber operations are concerned. With Hillary Clinton as president one could have expected a continuation of sorts of Obama’s posture, namely an increase in the use of cyber operation and very government-centred. I personally believe that with president Trump we will still see an increase of cyber operation nonetheless, but with a different “flavour”, more military-centred.


What can be said, is that the US government is expected to heavily increase the defence budget, including also boosting defensive capabilities but also, following the words of Mr Trump, increasing the budget for conducting offensive cyber operations. The problem will arise in case the US presence in cyberspace will seem to wane, that could stimulate other countries, like China and Russia to accelerate in their national processes of acquiring and deploying new cyber weapons.



I would like to thank Jamie Collier, Florian Egloff, James Shires and Max Smeets and for the food for thought thrown in here.

HIV: Challenges and Opportunities in finding its Panacea
Globalizing the agenda of #Blacklivesmatter
Share this:

About Alessandro Fasani

Alessandro Fasani

Alessandro Fasani is a PhD candidate at the Graduate School of Social and Political Sciences of the University of Milan. Currently, he is a visiting student at the Cyber Studies Programme of the Department of Politics and International Relations at the University of Oxford. His research interests concern mainly cyberspace and related sub-fields, such as cyber conflicts, cyber security and critical infrastructure protection. Prior to the enrolment in the PhD programme he was Project Assistant in the framework of the LNCV Science and Technology for Non Proliferation Programme at the Landau Network - Centro Volta (Como). He authored and co-authored several papers on the subject, among others: “Cyber Security and Resilience of Industrial Control Systems And Critical Infrastructures” and “From Fortress to Resilience” in Cyber Security, Deterrence and IT Protection for Critical Infrastructures:(Springer, 2013); “Analisi della Necessità di una Migliore Cyber Security per le Infrastrutture Critiche” (Analysis for the necessity of a better cyber security for critical infrastructures) pp. 147-174, in Intelligence e Interesse Nazionale: (Aracne, 2015).

  • Email