This post was originally published here: post

 

Breach Response , Cybersecurity , Data Breach

Obama Expels 35 Russians for Trying to Sway U.S. Elections

Russian Election-Related Hacking Details Declassified Russian and U.S. Presidents Vladimir Putin and Barack Obama

The Obama administration has announced sanctions against Russia – including the expulsion of 35 intelligence operatives – as punishment for cyberattacks that interfered with the U.S. presidential election. Plus, the administration has declassified technical information on Russian intelligence services’ malicious cyber activities to help public and private-sector network defenders – in the U.S. and abroad – identify, detect and disrupt Russia’s global campaign of mischievous cyber actions.

See Also: Beyond the Checkbox: Reducing Liability Through Effective Risk Measurement

President Obama took the action on Dec. 27 after repeated private and public warnings to the Russian government, characterizing the sanctions as “a necessary and appropriate response to efforts to harm U.S. interests in violation of established international norms of behavior. All Americans should be alarmed by Russia’s actions.”

The president added that the theft of data and its disclosure – a reference to information that leaked about Democratic presidential candidate Hillary Clinton – “could only have been directed by the highest levels of the Russian government,” a reference to Russian President Vladimir Putin, who wasn’t mentioned by name (see Obama Suggests Putin Behind Hacks to Influence Vote).

The administration did not reveal any cyber response to the Russian hacks. “These actions are not the sum total of our response to Russia’s aggressive activities,” Obama said. “We will continue to take a variety of actions at a time and place of our choosing, some of which will not be publicized.”

Trump Could Reverse Sanctions

President-elect Donald Trump did not immediately react to the sanctions’ announcement, but if he wants, he could withdraw them, according to a top Obama administration official.

Earlier, Trump had said he didn’t believe the U.S. intelligence community’s analysis that the Russians were behind the cyberattacks (see CIA Says Kremlin Tried to Sway Vote Toward Trump). When Trump was asked about the impending sanctions the evening of Dec. 28, he said, according to CNN: “I think we ought to get on with our lives. I think that computers have complicated lives very greatly. The whole age of computer has made it where nobody knows exactly what is going on. We have speed, we have a lot of other things, but I’m not sure we have the kind, the security we need.”

Kremlin Press Secretary Dmitry Peskov immediately characterized the sanctions as “a manifestation of an unpredictable and even aggressive foreign policy,” according to RT.com, a Russian government-backed news service. “Considering the current transition period in Washington, we still expect that we’ll be able to get rid of such clumsy actions … of behaving like a bull in a china shop, and that we’ll be able to make mutual joint steps to enter on the path of normalization of our bilateral relations.”

Hacking Details Declassified

In addition to the sanctions against the Russians, the Department of Homeland Security and FBI plan released a joint analysis report that includes information on computers Russian intelligence services have co-opted without the knowledge of their owners. DHS labeled Russian malicious cyber activity as Grizzly Steppe.

The Russians used those computers, located around the world, to launch cyberattacks in ways that made it difficult to trace them back to Russia. In some cases, the White House says, the cybersecurity community was already aware of this infrastructure. In other cases, this information is newly declassified by the U.S. government.

The joint analysis report also includes newly declassified data that should help enable cybersecurity firms and other network defenders to identify certain malware that the Russian intelligence services use. The administration says it hopes network defenders will use this information to identify and block Russian malware, forcing the Russian intelligence services to re-engineer their malware.

How Russian-Tied Groups Hacked Democratic Party IT in 2015

Tactics and techniques used by APT29 and APT 28 to conduct cyber intrusions against target systems. Source: DHS

In the joint analysis report, the administration reveals how Russian intelligence services typically conduct their activities. The report says this information should help network defenders better identify new tactics or techniques that a malicious actor might deploy or detect and disrupt a continuing intrusion.

How Russian Hackers Conduct Phishing Campaigns

APT28’s use of spearphishing and stolen credentials. Source: DHS

In addition to the expulsion of the 35 Russian operatives, the White House imposed sanctions on Russia’s two major intelligence services – the military’s Glavnoye Razvedyvatelnoye Upravleniye, or GRU, and the civilian Federalnaya Sluzhba Bezopasnosti, or FSB. The administration also sanctioned four top officers of the military intelligence unit who are believed to have ordered attacks on the Democratic National Committee and other political groups.

Treasury Secretary Jack Lew identified two Russian individuals who he said used cyber-enabled means to cause misappropriation of funds and personally identifiable information. The State Department also shuttered two Russian compounds, in Maryland and New York, used by Russian agents for intelligence-related purposes.

Two Republican senators, Lindsey Graham of South Carolina and John McCain of Arizona, depicted the sanctions as too little, too late. In a joint statement, the senators said: “The retaliatory measures announced by the Obama administration today are long overdue. But ultimately, they are a small price for Russia to pay for its brazen attack on American democracy. We intend to lead the effort in the new Congress to impose stronger sanctions on Russia.”