The FBI is investigating a previously unreported cyberattack on the Democratic Congressional Campaign Committee (DCCC); like the earlier Democratic National Committee (DNC) breach, Russia denied any involvement.
Russia previously called claims that it was behind the DNC hack and trying to influence the presidential election “absurd.” It has repeatedly “denounced the ‘poisonous anti-Russian’ rhetoric coming out of Washington.” Regarding the DCCC attack, a Kremlin spokesman told Reuters, “We don’t see the point any more in repeating yet again that this is silliness.”
Then, days after news about the DCCC hack broke, Russia claimed that someone hacked 20 of its government organizations. This weekend, the Russian Federal Security Service (FSB) released a statement claiming that it had discovered malware designed for cyberespionage on the computer networks of 20 Russian government organizations.
According to a Google-translation, the malware was found on Russian networks for “public authorities and management, scientific and military institutions, enterprises of the military-industrial complex and other objects of critical infrastructure.”
The cyberespionage malware had been tailored for specific victims and was delivered by convincing the targets to open malicious email attachments. Once the network was infected, attackers were able to intercept traffic, take screenshots, turn on web cameras and microphones as well as record keystrokes on PCs and mobile phones.
Although Russia’s FSB did claim the hack had been “planned and made professionally,” and resembled “much spoken about cyber-spying,” the agency stopped short of assigning blame to any particular country.
Nevertheless, ABC News jumped on the chance to report that the NSA was likely “hacking back.” While that’s not precisely what NSA Tailored Access operations chief Robert Joyce said, he did say that “the NSA has technical capabilities and legal authorities that allow the agency to ‘hack back’ suspected hacking groups, infiltrating their systems to gather intelligence about their operations in the wake of a cyberattack.”
Despite Russia’s denials, many cyber experts are convinced that the hacker Guccifer is actually two different Russian cyberespionage groups which were responsible for the DNC hack. The FBI was tasked with investigating the breach. A former NSA attorney suggested to ABC that perhaps the FBI gave the NSA the go head to find out for sure.
Rajesh De, former general counsel at the NSA, said that if the NSA is targeting the Russian groups, it could be doing it under its normal foreign intelligence authorities, as the Russian government is “clearly ... a valid intelligence target.” Or the NSA could be working under the FBI's investigative authority and hacking the suspects' systems as part of technical support for investigators, said De.
The Russian hack was nothing nearly so payback-dramatic as blacking out internet access to an entire nation, such as occurred in North Korea shortly after the U.S. officially blamed North Korea for the Sony hack. Yet an unnamed former senior U.S. official told ABC that “it was a ‘fair bet’ the NSA was using its hackers' technical prowess to infiltrate two Russian hacking teams.”
More often than not, the hacking finger of blame is pointed at China. Former Pentagon cyber analyst Kenneth Geers doesn’t doubt the Russians were behind the DNC hack, but told ABC that there is the remote possibility “that a very clever hacker or hacking team could be framing the Russians.”
By releasing a statement about 20 Russian government agencies being infected with spy-capability malware, it could be the Kremlin is trying to show that it too gets hacked before the DCCC hack also gets laid at its feet. When it comes to cyberespionage, everybody hacks everybody else and no one admits it.