www.politico.com Open in urlscan Pro
2606:4700:4400::6812:25ea Public Scan

Back to summary

URL:
https://www.politico.com/news/2022/03/12/cyber-russia-hacking-security-00016598
Submission: On April 19 via manual (April 19th 2022, 2:52:24 am UTC) from US — Scanned from DE

Form analysis
2 forms found in the DOM

GET q

<form class="slide-search__form" action="q" method="get">
  <input class="slide-search__input" type="search" name="q" id="searchTerm" aria-label="Search for any story" placeholder="Enter search term...">
  <button class="slide-search__run" type="submit" aria-label="Start search"><b class="bt-icon bt-icon--search"></b><span class="icon-text">Search</span></button>
  <button class="slide-search__close" id="search-close" type="button"><b class="bt-icon bt-icon--close" aria-label="Close Search"></b></button>
</form>

<form class="form-section">
  <input type="hidden" name="subscribeId" value="0000014f-1646-d88f-a1cf-5f46ba910000">
  <input type="hidden" name="processorId" value="0000017f-ff7a-d5ef-ab7f-ff7fedfd0000">
  <input type="hidden" name="validateEmail" value="true">
  <input type="hidden" name="enhancedSignUp" value="true">
  <input type="hidden" name="bot-field" value="" class="dn">
  <input type="hidden" name="subscriptionModule" value="newsletter_wideThree_standard_Playbook - POLITICO" class="dn">
  <input type="hidden" name="captchaUserToken" value="" autocomplete="off">
  <input type="hidden" name="captchaPublicKey" value="6LfS6L8UAAAAAAHCPhd7CF66ZbK8AyFfk3MslbKV" autocomplete="off">
  <div class="sign-up-21--msg sign-up-21--msg-spinner">
    <div class="msg-content">
      <p>Loading</p>
      <svg class="sign-up-21--msg-icon-lg sign-up-21--spinner-icon-lg" xmlns="http://www.w3.org/2000/svg" width="48" height="48" viewBox="0 0 24 24" fill="none" stroke="#4D8AD2" stroke-width="1" stroke-linecap="round" stroke-linejoin="round">
        <line x1="12" y1="2" x2="12" y2="6"></line>
        <line x1="12" y1="18" x2="12" y2="22"></line>
        <line x1="4.93" y1="4.93" x2="7.76" y2="7.76"></line>
        <line x1="16.24" y1="16.24" x2="19.07" y2="19.07"></line>
        <line x1="2" y1="12" x2="6" y2="12"></line>
        <line x1="18" y1="12" x2="22" y2="12"></line>
        <line x1="4.93" y1="19.07" x2="7.76" y2="16.24"></line>
        <line x1="16.24" y1="7.76" x2="19.07" y2="4.93"></line>
      </svg>
    </div>
  </div>
  <div class="sign-up-21--msg sign-up-21--msg-completed" aria-live="assertive" tabindex="-1">
    <div class="msg-content">
      <p>You will now start receiving email updates</p>
      <svg class="sign-up-21--msg-icon-lg" width="48" height="48" viewBox="0 0 48 48" fill="none" xmlns="http://www.w3.org/2000/svg">
        <path
          d="M44 22.1597V23.9997C43.9975 28.3126 42.601 32.5091 40.0187 35.9634C37.4363 39.4177 33.8066 41.9447 29.6707 43.1675C25.5349 44.3904 21.1145 44.2435 17.0689 42.7489C13.0234 41.2543 9.56931 38.4919 7.22192 34.8739C4.87453 31.2558 3.75958 26.9759 4.04335 22.6724C4.32712 18.3689 5.99441 14.2724 8.79656 10.9939C11.5987 7.71537 15.3856 5.43049 19.5924 4.48002C23.7992 3.52955 28.2005 3.9644 32.14 5.71973"
          stroke="#4D8AD2" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"></path>
        <path d="M44 8L24 28.02L18 22.02" stroke="#4D8AD2" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"></path>
      </svg>
    </div>
  </div>
  <div class="sign-up-21--msg sign-up-21--msg-already-subscribed" aria-live="assertive" tabindex="-1">
    <div class="msg-content">
      <p style="color:#9E352C">You are already subscribed</p>
      <svg class="sign-up-21--msg-icon-lg" xmlns="http://www.w3.org/2000/svg" width="48" height="48" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1" stroke-linecap="round" stroke-linejoin="round">
        <path d="M14 9V5a3 3 0 0 0-3-3l-4 9v11h11.28a2 2 0 0 0 2-1.7l1.38-9a2 2 0 0 0-2-2.3zM7 22H4a2 2 0 0 1-2-2v-7a2 2 0 0 1 2-2h3"></path>
      </svg>
      <a href="/newsletters" style="color:#007BC7;text-decoration:none;margin-top:10px;" target="_top" class="js-tealium-tracking" data-tracking="mpos=center&amp;mid=sign_up_21&amp;lindex=3&amp;lcol=0"></a>
    </div>
  </div>
  <div class="sign-up-21--msg sign-up-21--msg-error">
    <div class="sign-up-21--msg-close">
      <svg width="20" height="20" viewBox="0 0 20 20" fill="none" xmlns="http://www.w3.org/2000/svg">
        <g id="Icon - 20x20 - close">
          <path id="close" fill-rule="evenodd" clip-rule="evenodd"
            d="M17.513 16.6291L10.8839 9.99995L17.513 3.37082L16.6291 2.48694L10 9.11606L3.37088 2.48694L2.487 3.37082L9.11613 9.99995L2.487 16.6291L3.37088 17.513L10 10.8838L16.6291 17.513L17.513 16.6291Z" fill="#000"></path>
        </g>
      </svg>
    </div>
    <div class="msg-content">
      <p style="color:#9E352C">Something went wrong</p>
    </div>
  </div>
  <fieldset class="form-container active">
    <div class="form-row row-email">
      <div class="form-row-container">
        <label class="data-form-label" for="email" aria-hidden="true">Email</label>
        <span class="sign-up-21--error-msg"><span class="sign-up-21--exclamation">!</span>Please make sure that the email address you typed in is valid</span>
        <div class="form-row-container--input">
          <input type="email" name="subscribeEmail" aria-label="Email" placeholder="Your Email" required="">
        </div>
      </div>
    </div>
    <div class="form-row row-secondary-questions active">
      <div class="sign-up-21--secondary-questions-container">
        <div class="form-row-container">
          <label class="data-form-label" aria-hidden="true">Industry</label>
          <div class="form-row-container--select">
            <select class="data-form-select" name="job_industry" required="" aria-label="Industry">
              <option value="default" selected="" disabled="">Select Industry</option>
              <option value="agriculture">Agriculture</option> , <option value="congress">Congress</option> , <option value="consulting">Consulting</option> , <option value="defense">Defense</option> , <option value="education">Education</option> ,
              <option value="energy_&amp;_environment">Energy &amp; Environment</option> , <option value="finance">Finance</option> , <option value="food_and_beverage">Food and Beverage</option> , <option value="foreign_government">Foreign Government
              </option> , <option value="foundations/non-profit">Foundations/Non-Profit</option> , <option value="government_(non-congress)">Government (Non-Congress)</option> , <option value="healthcare">Healthcare</option> , <option value="labor">
                Labor</option> , <option value="law/lobbying">Law/Lobbying</option> , <option value="media">Media</option> , <option value="personal_and_household_goods">Personal and Household Goods</option> , <option value="pharmaceutical">
                Pharmaceutical</option> , <option value="political">Political</option> , <option value="public_relations">Public Relations</option> , <option value="real_estate">Real Estate</option> , <option value="retail">Retail</option> , <option
                value="sole_proprietor">Sole Proprietor</option> , <option value="technology">Technology</option> , <option value="think_tank">Think Tank</option> , <option value="trade">Trade</option> , <option value="transportation">Transportation
              </option> , <option value="travel_&amp;_leisure">Travel &amp; Leisure</option>
            </select>
          </div>
        </div>
        <div class="form-row-container">
          <label class="data-form-label" aria-hidden="true">Employer</label>
          <div class="form-row-container--input">
            <input type="text" name="job_employer" required="" aria-label="Employer" placeholder="Employer">
          </div>
        </div>
      </div>
      <span class="sign-up-21--notice">
        <span style="color:red">*</span> All fields must be completed to subscribe. </span>
    </div>
    <div class="row-bottom">
      <p class="form-policy"> By signing up you agree to allow POLITICO to collect your user information and use it to better recommend content to you, send you email newsletters or updates from POLITICO, and share insights based on aggregated user
        information. You further agree to our <a href="https://www.politico.com/privacy" target="_blank">privacy policy</a> and <a href="https://www.politico.com/terms-of-service" target="_blank">terms of service</a>. You can unsubscribe at any time
        and can <a href="https://www.politico.com/feedback" target="_blank">contact us here</a>. This site is protected by reCAPTCHA and the Google <a href="https://policies.google.com/privacy" target="_blank">Privacy Policy</a> and
        <a href="https://policies.google.com/terms" target="_blank">Terms of Service</a> apply. </p>
      <button type="submit" disabled="" class="submit-button"> Sign Up </button>
    </div>
  </fieldset>
</form>

Text Content

POLITICO POLITICO LOGO

* Congress Minutes
* Pro
* E&E News
* Search
Search

SECTIONS

* Congress
* White House
* Magazine
* The Agenda
* Video
* Podcasts
* Congress Minutes

ELECTIONS

* News
* All Election Results

SERIES

* The Fifty
* The First 100 Days
* Recovery Lab
* The Vaccine Race
* Women Rule

THE EXCHANGE

* Women Rule

NEWSLETTERS

* Playbook
* Playbook PM
* POLITICO Nightly
* West Wing Playbook
* The Recast
* Huddle
* All Newsletters

POLITICO LIVE

* Live Home
* Upcoming Events
* Previous Events
* About POLITICO Live

COLUMNS & CARTOONS

* Rich Lowry
* Jack Shafer
* Matt Wuerker
* Cartoon Carousel

POLICY

* Agriculture
* Cannabis
* Cybersecurity
* Defense
* Education
* eHealth
* Employment & Immigration
* Energy & Environment
* Finance & Tax
* Health Care
* Space
* Sustainability
* Technology
* Trade
* Transportation

EDITIONS

* California
* Canada
* Europe
* Florida
* New Jersey
* New York
* Pro

* Twitter
* Instagram
* Facebook

* My Account
* Log In Log Out

Cybersecurity

‘NOT THE TIME TO GO POKING AROUND’: HOW FORMER U.S. HACKERS VIEW DEALING WITH
RUSSIA

People with experience in U.S. hacking operations say they expect both
Washington and Moscow to show caution in how they wield their digital weapons.

U.S. Cyber Command, launched in 2010 as part of the Defense Department, hacks
networks for offensive operations related to battle. | Patrick Semansky, File/AP
Photo

By Kim Zetter

03/12/2022 07:00 AM EST

Updated: 03/12/2022 12:24 PM EST

*
*

* * Link Copied
* *
*
*

The CIA and NSA have spent years burrowing into Russia’s critical computer
networks to collect intelligence — and acquire access that President Joe Biden
could seize on to order destructive cyberattacks on Vladimir Putin’s regime.

But for now, the United States’ most likely approach is to tread slowly and
carefully toward any cyber conflict with Russia, three experts with experience
in U.S. hacking operations told POLITICO — while hoping the Russians do the
same.

Fears of cyber warfare between the two former Cold War rivals have become a
recurring concern amid Russia’s invasion of Ukraine, prompting Biden to warn
that he would “respond the same way” to any hostile hacking from Moscow against
the United States. But people with experience in U.S. cyber strategy say neither
side is likely to leap to destructive attacks as a first move — and any hard
punch would be preceded by warnings and signals.

“There’s gradations before you get to disrupting critical infrastructure,” said
Michael Daniel, who was the National Security Council’s cybersecurity
coordinator during the Obama administration.

Michael Daniel, former White House cybersecurity coordinator and special
assistant to former President Barack Obama, testifies during a hearing before
the Senate Intelligence Committee on June 20, 2018 in Washington, D.C. | Alex
Wong/Getty Images

The U.S. also would most likely avoid going after civilian targets such as
Russian citizens’ electricity, even in response to Russian cyberattacks on the
United States or NATO. Instead, any U.S. action would be gradual, proportional
and aimed at warning Russia to stop, said Robert M. Lee, who worked in cyber
warfare operations with the National Security Agency until 2015.

“Are they going to take down the power grid [in Moscow]? No,” said Lee, who is
now CEO of the cybersecurity firm Dragos. He added: “You’re [just] trying to
shape behavior and signal, ‘Hey we see you, and we’re willing to escalate this.
Please don’t punch back or we’ll go to the next phase.”

At the moment, U.S. government hackers are probably avoiding taking any actions
that Putin’s government could interpret as an escalation that would trigger a
reprisal, Lee and two other former hackers said in interviews. Espionage will
continue as usual, but burrowing deeper into critical infrastructure or going
after new systems not already compromised would be discouraged.

For the same reason, they said, the U.S. would probably not assist Ukraine’s
defense by launching offensive cyberattacks against Russia’s military or
government to avoid being pulled into the conflict.

In interviews with POLITICO, Lee, two other former U.S. government hackers
involved in cyber operations against foreign networks, and a former intelligence
official who was involved in discussions about such operations, described the
complications of wielding Washington’s formidable hacking arsenal. These include
tools that intelligence agencies have implanted in foreign networks for
espionage purposes, but which also could be repurposed to cripple a power plant
serving a military installation, halt gas in a pipeline or cause a communication
blackout for Russian command centers.

For decades, Russia was not a top hacking priority for the U.S., taking a
backseat to countries such as Iran and China, three of the experts said. But
that changed after Putin’s own hackers tried to interfere in the 2016 election,
and the U.S. is deeply embedded in Russian infrastructure today.

The former government hackers and intelligence official, along with one former
national security official, also discussed with POLITICO the extensive effort
required to get into other countries’ core systems — and the challenges of
maintaining that secret access for years. And they described the difficulties a
standoff with Putin brings, including the calculus of deciding when to launch
destructive cyberattacks against an adversary that can respond in kind.

RUSSIAN RANSOMWARE GANG THREATENS COUNTRIES THAT PUNISH MOSCOW FOR UKRAINE
INVASION

By Eric Geller

The U.S. has plenty of offensive hacking capability to “do the things that we
would need to do, to have the effects that we want to have,” said the former
U.S. intelligence official. But he expressed less certainty about how deeply
Russia is embedded in American infrastructure, which could limit what the U.S.
is willing to do.

“Can they turn around and do it back to us? Can someone make some reasonable
assertion that they can’t?” said the former official, who asked to remain
anonymous because he is not authorized to speak on such matters. “If people
can’t say that, then it gets very hard to summon, I think, the political will to
execute [an] attack.”

It’s a conversation that senior U.S. leaders typically don’t like to conduct in
public — details about America’s cyber capabilities and calculations about using
them have long been closely held secrets.

The U.S. can only hope that Putin’s regime is exercising similar restraint, as
both sides face the unpredictable dangers of a cyber conflict that could do
lasting harm to both sides, Daniel said.

“For as much damage as the [Western] sanctions are doing or might do to
[Russia’s] economy, they are reversible,” he said. “The West can choose to turn
them off. [But] you can’t un-destruct something.”

One huge caveat: If Putin gets to the point where he feels Russia has nothing
left to lose, then he is more likely to order destructive attacks against the
United States. “But I don’t think we’re all the way there yet,” Daniel said.

GOING ON THE OFFENSIVE

Two intelligence agencies and one military division are the main arms of the
U.S. government responsible for compromising foreign networks.

The National Security Agency and Central Intelligence Agency both have
sophisticated hacking divisions with individual teams focused on specific
countries or regions to collect intelligence. U.S. Cyber Command, launched in
2010 as part of the Defense Department, hacks networks for offensive operations
related to battle, not intelligence collection. It also recently disrupted
ransomware groups targeting the U.S.

MOST READ

1. LONELY ANATOLY: THE RUSSIAN AMBASSADOR IS WASHINGTON’S LEAST POPULAR MAN

2. MCCONNELL-TIED SUPER PAC MAKES EARLY $141M PLAY FOR THE SENATE

3. THE ONE WAY HISTORY SHOWS TRUMP’S PERSONALITY CULT WILL END

4. COVID VACCINE CONCERNS ARE STARTING TO SPILL OVER INTO ROUTINE IMMUNIZATIONS

5. FIGHTING TRUMP, DEMS LAUNCH PLAN TO ELECT THOUSANDS OF LOCAL ELECTION
SUPERVISORS

The three entities operate under different legal authorities, generally limiting
what each can do. But there’s some overlap: In past years, if an NSA or CIA team
needed to destroy or disrupt a system, it could get authorization from the White
House, or a Cyber Command warrior could be tasked to work with them.

But in 2018, the leeway for the CIA to conduct such attacks expanded when
then-President Donald Trump signed a secret finding that eliminated the need for
the spy agency to get White House approval. Instead, the CIA could now give the
go-ahead for cyberattacks against Russia, China, Iran and North Korea. This also
potentially expanded the types of operations the CIA could conduct on its own
authority, opening the door to attacks on banks and other financial institutions
that previously had been off-limits for U.S. hackers, along with hack-and-leak
operations similar to what Russia did with the Democratic National Committee in
2016.

The focus on Russia as a top priority for U.S. cyber intelligence efforts is a
relatively recent phenomenon.

After the terrorist attacks on Sept. 11, 2001, intelligence agencies diverted
resources and personnel to focus on counterterrorism — and later on Iran and
China, three of the experts told POLITICO. That remained the case for nearly 15
years. “I wouldn’t say Russia was a backwater, but it certainly wasn’t heavily
prioritized,” said the former intelligence official who asked to remain
anonymous.

Another of the sources that spoke to POLITICO, a former NSA intelligence
analyst, confirmed that the NSA’s Russia teams — which included hackers,
analysts who help determine targets and assess intelligence, and mission leaders
— lost a lot of their resources and people after 2001.

But the remaining people became more focused and disciplined as a result, the
analyst said, and were no less effective. Unlike other teams, the ones focused
on Russia had their own experts with special language and technical skills to
help them understand the networks they targeted.

Lavrov: Russia does not plan to attack other countries

Share
Video Player is loading.

Play Video
Play
Mute

Current Time 0:00
/
Duration 0:52
Loaded: 18.84%

0:00
Stream Type LIVE
Seek to live, currently behind liveLIVE
Remaining Time -0:52
1x
Playback Rate

Chapters
* Chapters

Descriptions
* descriptions off, selected

Captions
* captions settings, opens captions settings dialog
* captions off, selected

Audio Track
* en (Main), selected

Fullscreen

This is a modal window.

Beginning of dialog window. Escape will cancel and close the window.

TextColorWhiteBlackRedGreenBlueYellowMagentaCyanTransparencyOpaqueSemi-TransparentBackgroundColorBlackWhiteRedGreenBlueYellowMagentaCyanTransparencyOpaqueSemi-TransparentTransparentWindowColorBlackWhiteRedGreenBlueYellowMagentaCyanTransparencyTransparentSemi-TransparentOpaque
Font Size50%75%100%125%150%175%200%300%400%Text Edge
StyleNoneRaisedDepressedUniformDropshadowFont FamilyProportional
Sans-SerifMonospace Sans-SerifProportional SerifMonospace SerifCasualScriptSmall
Caps
Reset restore all settings to the default valuesDone
Close Modal Dialog

End of dialog window.

Close Modal Dialog

This is a modal window. This modal can be closed by pressing the Escape key or
activating the close button.

Close Modal Dialog

This is a modal window. This modal can be closed by pressing the Escape key or
activating the close button.

This is a modal window.

RestartShare
Play
Mute

Current Time 0:00
/
Duration 0:00
Loaded: 0%

Stream Type LIVE
Seek to live, currently playing liveLIVE
Remaining Time -0:00
1x
Playback Rate

Picture-in-PictureFullscreen

“The analysts who worked on the Russian targets spoke Russian,” he said. “There
were very few people in other groups who knew the national anthem of their
target country, but all of the Russian team did.”

Russian targets were harder to compromise and maintain than systems in many
other countries, however.

“Iran’s probably, from a technical perspective, [one of] the most compromised
countries on earth,” said the former intelligence official. “There is nary a
network inside that country that doesn’t have an implant from the U.S. or some
other country’s intelligence service sitting in it.”

Russia is more challenging, both because of the size of the country and the
number of networks worth targeting, and because of Russia’s own hacking and
counterintelligence skills. Despite this, Lee said that “there’s not a world
that exists where we are not deeply embedded in much of the Russian key
infrastructure. I don’t mean like power grid infrastructure. I just mean
infrastructure, whether it be intelligence infrastructure or other. That should
be pretty obvious with the extraordinary [information] we’ve been declassifying
recently.”

The hardest part often isn’t gaining access to a system but maintaining it
clandestinely, for months or years.

“It is the thing that separates the most sophisticated cyber operators on the
planet from the lesser ones,” the former intelligence official said.

A software patch or upgrade to a new operating system can close a door to
intruders. So NSA and CIA hackers will seek deeper access, such as planting spy
tools at the core of a system where software upgrades won’t affect them.

Even so, hardware containing spy implants can suddenly get taken offline,
leaving the hackers to wonder if someone had discovered their backdoor. The
Russian cybersecurity firm Kaspersky Lab has publicly exposed numerous espionage
tools planted around the world by the U.S. and its allies over the years,
including a six-year-long operation that had placed implants on routers in
multiple countries to spy on ISIS and al-Qaeda terrorists. And sometimes rival
spy agencies steal an agency’s hacking tools, as reportedly occurred when a
group known as the Shadow Brokers, believed to be a nation-state spy group from
Russia, leaked pilfered NSA malware.

“There’s the layperson’s assumption that you just switch out the thing that has
been compromised with the new thing that hasn’t been compromised,” said the
former intelligence official. “But the process of switching out tooling, in and
of itself, can dramatically increase your chance of being [caught].”

The NSA also has to watch out for other hackers — nation-state and skilled cyber
criminals — who might be inside systems the agency wants to breach. Those
hackers can potentially spy on the agency’s activity inside an infected machine
or grab their tools to study and reuse them.

ESPIONAGE VS. CYBERATTACK

Governments may not like it when foreign spies breach their networks to steal
data, but it’s an acceptable and expected practice, even when it involves
breaching critical infrastructure such as energy companies and electric grids
for intelligence gathering. These targets can yield valuable information about
how power is generated and distributed throughout the country, and how
vulnerable parts of a grid might be to physical or digital harm. Both the U.S.
and Russia and other countries compromise these networks.

“We might like to scream and rant and rave about it” when Russia hacks into
those targets for spying purposes, “but they’re perfectly valid targets,” said
the former intelligence official.

Gaining access to a power plant doesn’t mean a foreign government is about to
take it down, Lee said. “It’s quite literally their job to just develop access
and maintain that for when people request it,” he said.

But governments also contemplate more disruptive attacks on the electricity
supply. This possibility gained new attention in 2019, when The New York Times
reported that U.S. Cyber Command had planted “potentially crippling” malware in
Russia’s grid systems on the chance that the U.S. might want to disrupt the grid
in the future.

PUTIN’S THREAT OF ‘CONSEQUENCES’ HEIGHTENS WORRIES ABOUT AMERICANS’ ELECTRICITY

By Maggie Miller

But Lee said the actions described in the article aren’t typically how the U.S.
would carry out such an operation.

“You don’t place your offensive capabilities [in a network] before you leverage
them,” he said, because you risk having them discovered. Attackers will,
however, leave implants for intelligence purposes that could later be leveraged
to disrupt a system or plant destructive code.

Ideally, Cyber Command’s offensive hackers wouldn’t wage destructive attacks
against a target using the same implants and compromised systems that the NSA
and CIA employ for intelligence collection, so as not to burn their spying
capabilities, Daniel said. But Lee said that during his time at the NSA, Cyber
Command often piggybacked on the access that espionage teams had worked hard to
obtain. “We would have loved for Cyber Command to have their own capabilities
and access, but that was not the reality of the situation.”

Effective cyberattacks aren’t spontaneous, opportunistic events. It can take
months or years to get access to some systems, and then may require extensive
reconnaissance and research — or even physical access — to design and pull off
an attack.

“Flipping a relay is one thing. Understanding what happens when you flip the
relay is something else,” said Jake Williams, a former NSA hacker who was with
the agency until 2013.

In the best-known destructive cyber operation, the covert Stuxnet attack that
the U.S. and Israel launched between 2007 and 2010 to disrupt the Iranian
nuclear program, the CIA and Mossad used a mole working for Dutch intelligence
to carry spyware into the high-security facility and place it on computers that
weren’t connected to the internet. After that spyware gathered intelligence
about centrifuges used for enriching uranium gas, the mole planted destructive
code onto the same systems. Researchers in Israel and the U.S. even built
centrifuge test labs to study the potential effects various digital attacks
might have on the devices. The operation successfully degraded between 1,000 and
2,000 centrifuges and caused temporary delays in Iran’s enrichment activities,
though Iran recovered quickly from the setback.

Similarly, when Russian hackers took down parts of Ukraine’s electric grid for a
few hours in 2015, they entered power plant networks by sending malware-laden
emails to employees, then spent six months conducting reconnaissance, studying
the various models of control systems at distribution plants and designing
malware specific to each system.

For the U.S. to prepare to launch military cyberattacks against a foreign target
in times of conflict, a Cyber Command team would make a list of systems they
might need to access, then survey NSA and CIA hacking teams to see who already
has access to them and whether additional networks need to be compromised.

But compromising new networks during the existing U.S.-Russian tension before
conflict between the two countries has started is highly risky, and Lee said
U.S. hackers would be exercising extra restraint right now. Russia could
misinterpret new espionage intrusions as advance work for an attack, regardless
of what the U.S. intends.

Lee said many people may assume that for a crisis like the Russian invasion,
U.S. cyber warriors would be getting more aggressive inside Russian networks.
But he said that “my experience with U.S. intelligence is it’s quite the
opposite. … Now is not the time to go poking around. Unless you have a damn good
need to be there, don’t go doing something that could be perceived as
escalatory.”

RUSSIAN HACKING THREAT HOVERS OVER U.S. GAS PIPELINES

By Catherine Morehouse

Lee pointed to incidents his company uncovered in October when a Russian-based
hacking group it calls Xenotime was found probing the networks of key electric
and liquid natural gas sites in the United States. The hackers did nothing more
than routine exploration for vulnerabilities — the kind of activity that the
U.S. also does — but because of growing tensions with Russia and Xenotime’s
involvement in a previous disruptive attack, the information traveled up the
ranks to senior officials in government. The episode occurred just months after
Biden had warned Putin against offensive cyberattacks on U.S. critical
infrastructure.

“It turned into extraordinary concern, because it’s perceived as sort of
signaling,” Lee said. “[The Russians were] showing they may have the intent to
come after electric and natural gas sites.”

HOW THE U.S. WOULD RESPOND TO AN ATTACK

No matter how dire the military invasion in Ukraine turns, the U.S. would not
conduct disruptive or destructive cyberattacks against Russia, Lee believes. In
the same way the U.S. has carefully avoided direct involvement in Ukraine’s
defense, aside from supplying intelligence and equipment, it also would not want
to enter into direct conflict with Russia in cyber space. This could change,
however, if Russia attacks the U.S. or its NATO allies.

But Russia is probably making the same kinds of calculations about launching
attacks against the U.S., said Daniel, the former NSC cyber coordinator. For
example, to retaliate for the financial crisis that Western sanctions have
introduced in Russia, Putin’s forces could launch sophisticated and potentially
chaotic attacks against the integrity of U.S. or European financial data, but
these kinds of attacks require extensive advance planning and it’s not clear
Russia has done the work.

Daniel said Russia is also not likely to launch a destructive attack at the
outset. Instead Russia might launch barrages of malicious online traffic to take
down U.S. banking websites, as Iran has done in the past in retaliation for
sanctions. Russia could also hijack banking traffic, redirecting it to Russian
networks, or unleash cyber criminal gangs to conduct ransomware attacks on the
financial sector.

Whatever Russia does, Daniel says the U.S. would want to be measured in any
response it takes. Options could include leaking information about secret
financial dealings of Putin and his cronies to further turn the Russian public
against Putin, though the U.S. would have to be prepared for Russia to do the
same.

“The U.S. would be looking for actions that would impose some pain but wouldn’t
lead to physical destruction or loss of life or necessarily be permanent, so
that if Russia backs off, the U.S. can as well,” Daniel said.

And Daniel said any response from the United States would likely be targeted
narrowly at the military or government — contrary to a recent NBC News report,
strongly disputed by the White House, that said U.S. cyber warriors had proposed
to Biden options such as shutting off the power in Russia.

“We would not want to take steps that would drive the Russian populace back
towards a pro-Putin viewpoint,” Daniel said.

Kim Zetter is the author of COUNTDOWN TO ZERO DAY: Stuxnet and the Launch of the
World’s First Digital Weapon.

CORRECTION: A previous version of this story incorrectly described the extent of
the hacking group Xenotime’s access to U.S. energy networks. The hackers were
probing the networks for ways to get inside.

* Filed under:
* Cyber Security,
* NSA,
* Russia,
* National Security,
* Hacking,
* Cyber Attacks,
* Ukraine,
* Russia’s War on Ukraine

POLITICO
*
*

* * Link Copied
* *
*
*

Digital Future Daily

How the next wave of technology is upending the global economy and its power
structures

You will now start receiving email updates

You are already subscribed

Something went wrong

Email !Please make sure that the email address you typed in is valid

Industry
Select Industry Agriculture , Congress , Consulting , Defense , Education ,
Energy & Environment , Finance , Food and Beverage , Foreign Government ,
Foundations/Non-Profit , Government (Non-Congress) , Healthcare , Labor ,
Law/Lobbying , Media , Personal and Household Goods , Pharmaceutical , Political
, Public Relations , Real Estate , Retail , Sole Proprietor , Technology , Think
Tank , Trade , Transportation , Travel & Leisure
Employer

* All fields must be completed to subscribe.

By signing up you agree to allow POLITICO to collect your user information and
use it to better recommend content to you, send you email newsletters or updates
from POLITICO, and share insights based on aggregated user information. You
further agree to our privacy policy and terms of service. You can unsubscribe at
any time and can contact us here. This site is protected by reCAPTCHA and the
Google Privacy Policy and Terms of Service apply.

SPONSORED CONTENT
*
Zahnärzte staunen: So wird Zahnersatz kostenlos Pro Verbraucher
*
Deutscher Doktor: Dieser einfache Tipp entleert Ihren Darm jeden Morgen (fast
sofort) Nutravya
*
Kein Scherz - So zahlen Firmen fast nichts für Ihren Kaffeevollautomaten
Kaffeevollautomaten für Firmen
*
1 seltsame Methode bekämpft Nagelpilze- Es ist genial! Pilze Research
*
Das realistischste PC-Spiel des Jahres 2022 Raid: Shadow Legends

*
Überraschende Wahrheit über 3 Stoffwechsel-Typen Deutsches Gesundheits
Journal
*
[Fotos] Versuchen Sie, durch diese Tätowierungen zu kommen, ohne zu lachen
Novelodge
*
Warum wir Ihnen diese berühmten Klettererdbeeren zum kostenlosen Preis
anbieten erdbeerenklettern.de
*
Immer sofort ausverkauft: Verona Pooths Testsieger Pflege bricht alle Rekorde
Stars & Stories
*
[Bild] Sie war eine legendäre Schauspielerin - heute arbeitet sie von 9 bis
5 Crowdyfan

* About Us
* Advertising
* Breaking News Alerts
* Careers
* Credit Card Payments
* Digital Edition
* FAQ
* Feedback
* Headlines
* Photos
* POWERJobs
* Press
* Print Subscriptions
* Request A Correction
* Write For Us
* RSS
* Site Map

* Terms of Service
* Privacy Policy
* Do not sell my info
* Notice to California Residents

WE CARE ABOUT YOUR PRIVACY

We and our partners store and/or access information on a device, such as unique
IDs in cookies to process personal data. You may accept or manage your choices
by clicking below, including your right to object where legitimate interest is
used, or at any time in the privacy policy page. These choices will be signaled
to our partners and will not affect browsing data.

WE AND OUR PARTNERS PROCESS DATA TO PROVIDE:

Store and/or access information on a device. Select personalised ads. Select
basic ads. Measure ad performance. Apply market research to generate audience
insights. Develop and improve products. Create a personalised ads profile. List
of Partners (vendors)

I Accept
Show Purposes

ABOUT YOUR PRIVACY

* YOUR PRIVACY

* STRICTLY NECESSARY COOKIES

* PERFORMANCE COOKIES

* FUNCTIONAL COOKIES

* TARGETING COOKIES

* SOCIAL MEDIA COOKIES

* GOOGLE

YOUR PRIVACY

We process your data to deliver content or advertisements and measure the
delivery of such content or advertisements to extract insights about our
website. We share this information with our partners on the basis of consent and
legitimate interest. You may exercise your right to consent or object to a
legitimate interest, based on a specific purpose below or at a partner level in
the link under each purpose. These choices will be signaled to our vendors
participating in the Transparency and Consent Framework.
More information

List of IAB Vendors‎

STRICTLY NECESSARY COOKIES

Always Active

These cookies are necessary for the website to function and cannot be switched
off in our systems. They are usually only set in response to actions made by you
which amount to a request for services, such as setting your privacy
preferences, logging in or filling in forms. You can set your browser to block
or alert you about these cookies, but some parts of the site will not then work.
These cookies do not store any personally identifiable information.

Cookies Details‎

PERFORMANCE COOKIES

Performance Cookies

These cookies allow us to count visits and traffic sources so we can measure and
improve the performance of our site. They help us to know which pages are the
most and least popular and see how visitors move around the site. All
information these cookies collect is aggregated and therefore anonymous. If you
do not allow these cookies we will not know when you have visited our site, and
will not be able to monitor its performance.

Cookies Details‎

FUNCTIONAL COOKIES

Functional Cookies

These cookies enable the website to provide enhanced functionality and
personalisation. They may be set by us or by third party providers whose
services we have added to our pages. If you do not allow these cookies then some
or all of these services may not function properly.

Cookies Details‎

TARGETING COOKIES

Targeting Cookies

These cookies may be set through our site by our advertising partners. They may
be used by those companies to build a profile of your interests and show you
relevant adverts on other sites. They do not store directly personal
information, but are based on uniquely identifying your browser and internet
device. If you do not allow these cookies, you will experience less targeted
advertising.

Cookies Details‎

SOCIAL MEDIA COOKIES

Social Media Cookies

These cookies are set by a range of social media services that we have added to
the site to enable you to share our content with your friends and networks. They
are capable of tracking your browser across other sites and building up a
profile of your interests. This may impact the content and messages you see on
other websites you visit. If you do not allow these cookies you may not be able
to use or see these sharing tools.

Cookies Details‎

GOOGLE

Google

Allowing third-party ad tracking and third-party ad serving through Google and
other vendors to occur. Please see more information on Google Ads here.

* STORE AND/OR ACCESS INFORMATION ON A DEVICE

Switch Label

Cookies, device identifiers, or other information can be stored or accessed
on your device for the purposes presented to you.

* SELECT PERSONALISED ADS

Switch Label

Personalised ads can be shown to you based on a profile about you.