www.politico.com
Open in
urlscan Pro
2606:4700:4400::6812:25ea
Public Scan
URL:
https://www.politico.com/news/2022/03/12/cyber-russia-hacking-security-00016598
Submission: On April 19 via manual from US — Scanned from DE
Submission: On April 19 via manual from US — Scanned from DE
Form analysis
2 forms found in the DOMGET q
<form class="slide-search__form" action="q" method="get">
<input class="slide-search__input" type="search" name="q" id="searchTerm" aria-label="Search for any story" placeholder="Enter search term...">
<button class="slide-search__run" type="submit" aria-label="Start search"><b class="bt-icon bt-icon--search"></b><span class="icon-text">Search</span></button>
<button class="slide-search__close" id="search-close" type="button"><b class="bt-icon bt-icon--close" aria-label="Close Search"></b></button>
</form>
<form class="form-section">
<input type="hidden" name="subscribeId" value="0000014f-1646-d88f-a1cf-5f46ba910000">
<input type="hidden" name="processorId" value="0000017f-ff7a-d5ef-ab7f-ff7fedfd0000">
<input type="hidden" name="validateEmail" value="true">
<input type="hidden" name="enhancedSignUp" value="true">
<input type="hidden" name="bot-field" value="" class="dn">
<input type="hidden" name="subscriptionModule" value="newsletter_wideThree_standard_Playbook - POLITICO" class="dn">
<input type="hidden" name="captchaUserToken" value="" autocomplete="off">
<input type="hidden" name="captchaPublicKey" value="6LfS6L8UAAAAAAHCPhd7CF66ZbK8AyFfk3MslbKV" autocomplete="off">
<div class="sign-up-21--msg sign-up-21--msg-spinner">
<div class="msg-content">
<p>Loading</p>
<svg class="sign-up-21--msg-icon-lg sign-up-21--spinner-icon-lg" xmlns="http://www.w3.org/2000/svg" width="48" height="48" viewBox="0 0 24 24" fill="none" stroke="#4D8AD2" stroke-width="1" stroke-linecap="round" stroke-linejoin="round">
<line x1="12" y1="2" x2="12" y2="6"></line>
<line x1="12" y1="18" x2="12" y2="22"></line>
<line x1="4.93" y1="4.93" x2="7.76" y2="7.76"></line>
<line x1="16.24" y1="16.24" x2="19.07" y2="19.07"></line>
<line x1="2" y1="12" x2="6" y2="12"></line>
<line x1="18" y1="12" x2="22" y2="12"></line>
<line x1="4.93" y1="19.07" x2="7.76" y2="16.24"></line>
<line x1="16.24" y1="7.76" x2="19.07" y2="4.93"></line>
</svg>
</div>
</div>
<div class="sign-up-21--msg sign-up-21--msg-completed" aria-live="assertive" tabindex="-1">
<div class="msg-content">
<p>You will now start receiving email updates</p>
<svg class="sign-up-21--msg-icon-lg" width="48" height="48" viewBox="0 0 48 48" fill="none" xmlns="http://www.w3.org/2000/svg">
<path
d="M44 22.1597V23.9997C43.9975 28.3126 42.601 32.5091 40.0187 35.9634C37.4363 39.4177 33.8066 41.9447 29.6707 43.1675C25.5349 44.3904 21.1145 44.2435 17.0689 42.7489C13.0234 41.2543 9.56931 38.4919 7.22192 34.8739C4.87453 31.2558 3.75958 26.9759 4.04335 22.6724C4.32712 18.3689 5.99441 14.2724 8.79656 10.9939C11.5987 7.71537 15.3856 5.43049 19.5924 4.48002C23.7992 3.52955 28.2005 3.9644 32.14 5.71973"
stroke="#4D8AD2" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"></path>
<path d="M44 8L24 28.02L18 22.02" stroke="#4D8AD2" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"></path>
</svg>
</div>
</div>
<div class="sign-up-21--msg sign-up-21--msg-already-subscribed" aria-live="assertive" tabindex="-1">
<div class="msg-content">
<p style="color:#9E352C">You are already subscribed</p>
<svg class="sign-up-21--msg-icon-lg" xmlns="http://www.w3.org/2000/svg" width="48" height="48" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1" stroke-linecap="round" stroke-linejoin="round">
<path d="M14 9V5a3 3 0 0 0-3-3l-4 9v11h11.28a2 2 0 0 0 2-1.7l1.38-9a2 2 0 0 0-2-2.3zM7 22H4a2 2 0 0 1-2-2v-7a2 2 0 0 1 2-2h3"></path>
</svg>
<a href="/newsletters" style="color:#007BC7;text-decoration:none;margin-top:10px;" target="_top" class="js-tealium-tracking" data-tracking="mpos=center&mid=sign_up_21&lindex=3&lcol=0"></a>
</div>
</div>
<div class="sign-up-21--msg sign-up-21--msg-error">
<div class="sign-up-21--msg-close">
<svg width="20" height="20" viewBox="0 0 20 20" fill="none" xmlns="http://www.w3.org/2000/svg">
<g id="Icon - 20x20 - close">
<path id="close" fill-rule="evenodd" clip-rule="evenodd"
d="M17.513 16.6291L10.8839 9.99995L17.513 3.37082L16.6291 2.48694L10 9.11606L3.37088 2.48694L2.487 3.37082L9.11613 9.99995L2.487 16.6291L3.37088 17.513L10 10.8838L16.6291 17.513L17.513 16.6291Z" fill="#000"></path>
</g>
</svg>
</div>
<div class="msg-content">
<p style="color:#9E352C">Something went wrong</p>
</div>
</div>
<fieldset class="form-container active">
<div class="form-row row-email">
<div class="form-row-container">
<label class="data-form-label" for="email" aria-hidden="true">Email</label>
<span class="sign-up-21--error-msg"><span class="sign-up-21--exclamation">!</span>Please make sure that the email address you typed in is valid</span>
<div class="form-row-container--input">
<input type="email" name="subscribeEmail" aria-label="Email" placeholder="Your Email" required="">
</div>
</div>
</div>
<div class="form-row row-secondary-questions active">
<div class="sign-up-21--secondary-questions-container">
<div class="form-row-container">
<label class="data-form-label" aria-hidden="true">Industry</label>
<div class="form-row-container--select">
<select class="data-form-select" name="job_industry" required="" aria-label="Industry">
<option value="default" selected="" disabled="">Select Industry</option>
<option value="agriculture">Agriculture</option> , <option value="congress">Congress</option> , <option value="consulting">Consulting</option> , <option value="defense">Defense</option> , <option value="education">Education</option> ,
<option value="energy_&_environment">Energy & Environment</option> , <option value="finance">Finance</option> , <option value="food_and_beverage">Food and Beverage</option> , <option value="foreign_government">Foreign Government
</option> , <option value="foundations/non-profit">Foundations/Non-Profit</option> , <option value="government_(non-congress)">Government (Non-Congress)</option> , <option value="healthcare">Healthcare</option> , <option value="labor">
Labor</option> , <option value="law/lobbying">Law/Lobbying</option> , <option value="media">Media</option> , <option value="personal_and_household_goods">Personal and Household Goods</option> , <option value="pharmaceutical">
Pharmaceutical</option> , <option value="political">Political</option> , <option value="public_relations">Public Relations</option> , <option value="real_estate">Real Estate</option> , <option value="retail">Retail</option> , <option
value="sole_proprietor">Sole Proprietor</option> , <option value="technology">Technology</option> , <option value="think_tank">Think Tank</option> , <option value="trade">Trade</option> , <option value="transportation">Transportation
</option> , <option value="travel_&_leisure">Travel & Leisure</option>
</select>
</div>
</div>
<div class="form-row-container">
<label class="data-form-label" aria-hidden="true">Employer</label>
<div class="form-row-container--input">
<input type="text" name="job_employer" required="" aria-label="Employer" placeholder="Employer">
</div>
</div>
</div>
<span class="sign-up-21--notice">
<span style="color:red">*</span> All fields must be completed to subscribe. </span>
</div>
<div class="row-bottom">
<p class="form-policy"> By signing up you agree to allow POLITICO to collect your user information and use it to better recommend content to you, send you email newsletters or updates from POLITICO, and share insights based on aggregated user
information. You further agree to our <a href="https://www.politico.com/privacy" target="_blank">privacy policy</a> and <a href="https://www.politico.com/terms-of-service" target="_blank">terms of service</a>. You can unsubscribe at any time
and can <a href="https://www.politico.com/feedback" target="_blank">contact us here</a>. This site is protected by reCAPTCHA and the Google <a href="https://policies.google.com/privacy" target="_blank">Privacy Policy</a> and
<a href="https://policies.google.com/terms" target="_blank">Terms of Service</a> apply. </p>
<button type="submit" disabled="" class="submit-button"> Sign Up </button>
</div>
</fieldset>
</form>
Text Content
POLITICO POLITICO LOGO * Congress Minutes * Pro * E&E News * Search Search SECTIONS * Congress * White House * Magazine * The Agenda * Video * Podcasts * Congress Minutes ELECTIONS * News * All Election Results SERIES * The Fifty * The First 100 Days * Recovery Lab * The Vaccine Race * Women Rule THE EXCHANGE * Women Rule NEWSLETTERS * Playbook * Playbook PM * POLITICO Nightly * West Wing Playbook * The Recast * Huddle * All Newsletters POLITICO LIVE * Live Home * Upcoming Events * Previous Events * About POLITICO Live COLUMNS & CARTOONS * Rich Lowry * Jack Shafer * Matt Wuerker * Cartoon Carousel POLICY * Agriculture * Cannabis * Cybersecurity * Defense * Education * eHealth * Employment & Immigration * Energy & Environment * Finance & Tax * Health Care * Space * Sustainability * Technology * Trade * Transportation EDITIONS * California * Canada * Europe * Florida * New Jersey * New York * Pro FOLLOW US * Twitter * Instagram * Facebook * My Account * Log In Log Out Cybersecurity ‘NOT THE TIME TO GO POKING AROUND’: HOW FORMER U.S. HACKERS VIEW DEALING WITH RUSSIA People with experience in U.S. hacking operations say they expect both Washington and Moscow to show caution in how they wield their digital weapons. U.S. Cyber Command, launched in 2010 as part of the Defense Department, hacks networks for offensive operations related to battle. | Patrick Semansky, File/AP Photo By Kim Zetter 03/12/2022 07:00 AM EST Updated: 03/12/2022 12:24 PM EST * * * * Link Copied * * * * The CIA and NSA have spent years burrowing into Russia’s critical computer networks to collect intelligence — and acquire access that President Joe Biden could seize on to order destructive cyberattacks on Vladimir Putin’s regime. But for now, the United States’ most likely approach is to tread slowly and carefully toward any cyber conflict with Russia, three experts with experience in U.S. hacking operations told POLITICO — while hoping the Russians do the same. Fears of cyber warfare between the two former Cold War rivals have become a recurring concern amid Russia’s invasion of Ukraine, prompting Biden to warn that he would “respond the same way” to any hostile hacking from Moscow against the United States. But people with experience in U.S. cyber strategy say neither side is likely to leap to destructive attacks as a first move — and any hard punch would be preceded by warnings and signals. “There’s gradations before you get to disrupting critical infrastructure,” said Michael Daniel, who was the National Security Council’s cybersecurity coordinator during the Obama administration. Michael Daniel, former White House cybersecurity coordinator and special assistant to former President Barack Obama, testifies during a hearing before the Senate Intelligence Committee on June 20, 2018 in Washington, D.C. | Alex Wong/Getty Images The U.S. also would most likely avoid going after civilian targets such as Russian citizens’ electricity, even in response to Russian cyberattacks on the United States or NATO. Instead, any U.S. action would be gradual, proportional and aimed at warning Russia to stop, said Robert M. Lee, who worked in cyber warfare operations with the National Security Agency until 2015. “Are they going to take down the power grid [in Moscow]? No,” said Lee, who is now CEO of the cybersecurity firm Dragos. He added: “You’re [just] trying to shape behavior and signal, ‘Hey we see you, and we’re willing to escalate this. Please don’t punch back or we’ll go to the next phase.” At the moment, U.S. government hackers are probably avoiding taking any actions that Putin’s government could interpret as an escalation that would trigger a reprisal, Lee and two other former hackers said in interviews. Espionage will continue as usual, but burrowing deeper into critical infrastructure or going after new systems not already compromised would be discouraged. For the same reason, they said, the U.S. would probably not assist Ukraine’s defense by launching offensive cyberattacks against Russia’s military or government to avoid being pulled into the conflict. In interviews with POLITICO, Lee, two other former U.S. government hackers involved in cyber operations against foreign networks, and a former intelligence official who was involved in discussions about such operations, described the complications of wielding Washington’s formidable hacking arsenal. These include tools that intelligence agencies have implanted in foreign networks for espionage purposes, but which also could be repurposed to cripple a power plant serving a military installation, halt gas in a pipeline or cause a communication blackout for Russian command centers. For decades, Russia was not a top hacking priority for the U.S., taking a backseat to countries such as Iran and China, three of the experts said. But that changed after Putin’s own hackers tried to interfere in the 2016 election, and the U.S. is deeply embedded in Russian infrastructure today. The former government hackers and intelligence official, along with one former national security official, also discussed with POLITICO the extensive effort required to get into other countries’ core systems — and the challenges of maintaining that secret access for years. And they described the difficulties a standoff with Putin brings, including the calculus of deciding when to launch destructive cyberattacks against an adversary that can respond in kind. RUSSIAN RANSOMWARE GANG THREATENS COUNTRIES THAT PUNISH MOSCOW FOR UKRAINE INVASION By Eric Geller The U.S. has plenty of offensive hacking capability to “do the things that we would need to do, to have the effects that we want to have,” said the former U.S. intelligence official. But he expressed less certainty about how deeply Russia is embedded in American infrastructure, which could limit what the U.S. is willing to do. “Can they turn around and do it back to us? Can someone make some reasonable assertion that they can’t?” said the former official, who asked to remain anonymous because he is not authorized to speak on such matters. “If people can’t say that, then it gets very hard to summon, I think, the political will to execute [an] attack.” It’s a conversation that senior U.S. leaders typically don’t like to conduct in public — details about America’s cyber capabilities and calculations about using them have long been closely held secrets. The U.S. can only hope that Putin’s regime is exercising similar restraint, as both sides face the unpredictable dangers of a cyber conflict that could do lasting harm to both sides, Daniel said. “For as much damage as the [Western] sanctions are doing or might do to [Russia’s] economy, they are reversible,” he said. “The West can choose to turn them off. [But] you can’t un-destruct something.” One huge caveat: If Putin gets to the point where he feels Russia has nothing left to lose, then he is more likely to order destructive attacks against the United States. “But I don’t think we’re all the way there yet,” Daniel said. GOING ON THE OFFENSIVE Two intelligence agencies and one military division are the main arms of the U.S. government responsible for compromising foreign networks. The National Security Agency and Central Intelligence Agency both have sophisticated hacking divisions with individual teams focused on specific countries or regions to collect intelligence. U.S. Cyber Command, launched in 2010 as part of the Defense Department, hacks networks for offensive operations related to battle, not intelligence collection. It also recently disrupted ransomware groups targeting the U.S. MOST READ 1. LONELY ANATOLY: THE RUSSIAN AMBASSADOR IS WASHINGTON’S LEAST POPULAR MAN 2. MCCONNELL-TIED SUPER PAC MAKES EARLY $141M PLAY FOR THE SENATE 3. THE ONE WAY HISTORY SHOWS TRUMP’S PERSONALITY CULT WILL END 4. COVID VACCINE CONCERNS ARE STARTING TO SPILL OVER INTO ROUTINE IMMUNIZATIONS 5. FIGHTING TRUMP, DEMS LAUNCH PLAN TO ELECT THOUSANDS OF LOCAL ELECTION SUPERVISORS The three entities operate under different legal authorities, generally limiting what each can do. But there’s some overlap: In past years, if an NSA or CIA team needed to destroy or disrupt a system, it could get authorization from the White House, or a Cyber Command warrior could be tasked to work with them. But in 2018, the leeway for the CIA to conduct such attacks expanded when then-President Donald Trump signed a secret finding that eliminated the need for the spy agency to get White House approval. Instead, the CIA could now give the go-ahead for cyberattacks against Russia, China, Iran and North Korea. This also potentially expanded the types of operations the CIA could conduct on its own authority, opening the door to attacks on banks and other financial institutions that previously had been off-limits for U.S. hackers, along with hack-and-leak operations similar to what Russia did with the Democratic National Committee in 2016. The focus on Russia as a top priority for U.S. cyber intelligence efforts is a relatively recent phenomenon. After the terrorist attacks on Sept. 11, 2001, intelligence agencies diverted resources and personnel to focus on counterterrorism — and later on Iran and China, three of the experts told POLITICO. That remained the case for nearly 15 years. “I wouldn’t say Russia was a backwater, but it certainly wasn’t heavily prioritized,” said the former intelligence official who asked to remain anonymous. Another of the sources that spoke to POLITICO, a former NSA intelligence analyst, confirmed that the NSA’s Russia teams — which included hackers, analysts who help determine targets and assess intelligence, and mission leaders — lost a lot of their resources and people after 2001. But the remaining people became more focused and disciplined as a result, the analyst said, and were no less effective. Unlike other teams, the ones focused on Russia had their own experts with special language and technical skills to help them understand the networks they targeted. Lavrov: Russia does not plan to attack other countries Share Video Player is loading. Play Video Play Mute Current Time 0:00 / Duration 0:52 Loaded: 18.84% 0:00 Stream Type LIVE Seek to live, currently behind liveLIVE Remaining Time -0:52 1x Playback Rate Chapters * Chapters Descriptions * descriptions off, selected Captions * captions settings, opens captions settings dialog * captions off, selected Audio Track * en (Main), selected Fullscreen This is a modal window. Beginning of dialog window. Escape will cancel and close the window. TextColorWhiteBlackRedGreenBlueYellowMagentaCyanTransparencyOpaqueSemi-TransparentBackgroundColorBlackWhiteRedGreenBlueYellowMagentaCyanTransparencyOpaqueSemi-TransparentTransparentWindowColorBlackWhiteRedGreenBlueYellowMagentaCyanTransparencyTransparentSemi-TransparentOpaque Font Size50%75%100%125%150%175%200%300%400%Text Edge StyleNoneRaisedDepressedUniformDropshadowFont FamilyProportional Sans-SerifMonospace Sans-SerifProportional SerifMonospace SerifCasualScriptSmall Caps Reset restore all settings to the default valuesDone Close Modal Dialog End of dialog window. Close Modal Dialog This is a modal window. This modal can be closed by pressing the Escape key or activating the close button. Close Modal Dialog This is a modal window. This modal can be closed by pressing the Escape key or activating the close button. This is a modal window. RestartShare Play Mute Current Time 0:00 / Duration 0:00 Loaded: 0% Stream Type LIVE Seek to live, currently playing liveLIVE Remaining Time -0:00 1x Playback Rate Picture-in-PictureFullscreen “The analysts who worked on the Russian targets spoke Russian,” he said. “There were very few people in other groups who knew the national anthem of their target country, but all of the Russian team did.” Russian targets were harder to compromise and maintain than systems in many other countries, however. “Iran’s probably, from a technical perspective, [one of] the most compromised countries on earth,” said the former intelligence official. “There is nary a network inside that country that doesn’t have an implant from the U.S. or some other country’s intelligence service sitting in it.” Russia is more challenging, both because of the size of the country and the number of networks worth targeting, and because of Russia’s own hacking and counterintelligence skills. Despite this, Lee said that “there’s not a world that exists where we are not deeply embedded in much of the Russian key infrastructure. I don’t mean like power grid infrastructure. I just mean infrastructure, whether it be intelligence infrastructure or other. That should be pretty obvious with the extraordinary [information] we’ve been declassifying recently.” The hardest part often isn’t gaining access to a system but maintaining it clandestinely, for months or years. “It is the thing that separates the most sophisticated cyber operators on the planet from the lesser ones,” the former intelligence official said. A software patch or upgrade to a new operating system can close a door to intruders. So NSA and CIA hackers will seek deeper access, such as planting spy tools at the core of a system where software upgrades won’t affect them. Even so, hardware containing spy implants can suddenly get taken offline, leaving the hackers to wonder if someone had discovered their backdoor. The Russian cybersecurity firm Kaspersky Lab has publicly exposed numerous espionage tools planted around the world by the U.S. and its allies over the years, including a six-year-long operation that had placed implants on routers in multiple countries to spy on ISIS and al-Qaeda terrorists. And sometimes rival spy agencies steal an agency’s hacking tools, as reportedly occurred when a group known as the Shadow Brokers, believed to be a nation-state spy group from Russia, leaked pilfered NSA malware. “There’s the layperson’s assumption that you just switch out the thing that has been compromised with the new thing that hasn’t been compromised,” said the former intelligence official. “But the process of switching out tooling, in and of itself, can dramatically increase your chance of being [caught].” The NSA also has to watch out for other hackers — nation-state and skilled cyber criminals — who might be inside systems the agency wants to breach. Those hackers can potentially spy on the agency’s activity inside an infected machine or grab their tools to study and reuse them. ESPIONAGE VS. CYBERATTACK Governments may not like it when foreign spies breach their networks to steal data, but it’s an acceptable and expected practice, even when it involves breaching critical infrastructure such as energy companies and electric grids for intelligence gathering. These targets can yield valuable information about how power is generated and distributed throughout the country, and how vulnerable parts of a grid might be to physical or digital harm. Both the U.S. and Russia and other countries compromise these networks. “We might like to scream and rant and rave about it” when Russia hacks into those targets for spying purposes, “but they’re perfectly valid targets,” said the former intelligence official. Gaining access to a power plant doesn’t mean a foreign government is about to take it down, Lee said. “It’s quite literally their job to just develop access and maintain that for when people request it,” he said. But governments also contemplate more disruptive attacks on the electricity supply. This possibility gained new attention in 2019, when The New York Times reported that U.S. Cyber Command had planted “potentially crippling” malware in Russia’s grid systems on the chance that the U.S. might want to disrupt the grid in the future. PUTIN’S THREAT OF ‘CONSEQUENCES’ HEIGHTENS WORRIES ABOUT AMERICANS’ ELECTRICITY By Maggie Miller But Lee said the actions described in the article aren’t typically how the U.S. would carry out such an operation. “You don’t place your offensive capabilities [in a network] before you leverage them,” he said, because you risk having them discovered. Attackers will, however, leave implants for intelligence purposes that could later be leveraged to disrupt a system or plant destructive code. Ideally, Cyber Command’s offensive hackers wouldn’t wage destructive attacks against a target using the same implants and compromised systems that the NSA and CIA employ for intelligence collection, so as not to burn their spying capabilities, Daniel said. But Lee said that during his time at the NSA, Cyber Command often piggybacked on the access that espionage teams had worked hard to obtain. “We would have loved for Cyber Command to have their own capabilities and access, but that was not the reality of the situation.” Effective cyberattacks aren’t spontaneous, opportunistic events. It can take months or years to get access to some systems, and then may require extensive reconnaissance and research — or even physical access — to design and pull off an attack. “Flipping a relay is one thing. Understanding what happens when you flip the relay is something else,” said Jake Williams, a former NSA hacker who was with the agency until 2013. In the best-known destructive cyber operation, the covert Stuxnet attack that the U.S. and Israel launched between 2007 and 2010 to disrupt the Iranian nuclear program, the CIA and Mossad used a mole working for Dutch intelligence to carry spyware into the high-security facility and place it on computers that weren’t connected to the internet. After that spyware gathered intelligence about centrifuges used for enriching uranium gas, the mole planted destructive code onto the same systems. Researchers in Israel and the U.S. even built centrifuge test labs to study the potential effects various digital attacks might have on the devices. The operation successfully degraded between 1,000 and 2,000 centrifuges and caused temporary delays in Iran’s enrichment activities, though Iran recovered quickly from the setback. Similarly, when Russian hackers took down parts of Ukraine’s electric grid for a few hours in 2015, they entered power plant networks by sending malware-laden emails to employees, then spent six months conducting reconnaissance, studying the various models of control systems at distribution plants and designing malware specific to each system. For the U.S. to prepare to launch military cyberattacks against a foreign target in times of conflict, a Cyber Command team would make a list of systems they might need to access, then survey NSA and CIA hacking teams to see who already has access to them and whether additional networks need to be compromised. But compromising new networks during the existing U.S.-Russian tension before conflict between the two countries has started is highly risky, and Lee said U.S. hackers would be exercising extra restraint right now. Russia could misinterpret new espionage intrusions as advance work for an attack, regardless of what the U.S. intends. Lee said many people may assume that for a crisis like the Russian invasion, U.S. cyber warriors would be getting more aggressive inside Russian networks. But he said that “my experience with U.S. intelligence is it’s quite the opposite. … Now is not the time to go poking around. Unless you have a damn good need to be there, don’t go doing something that could be perceived as escalatory.” RUSSIAN HACKING THREAT HOVERS OVER U.S. GAS PIPELINES By Catherine Morehouse Lee pointed to incidents his company uncovered in October when a Russian-based hacking group it calls Xenotime was found probing the networks of key electric and liquid natural gas sites in the United States. The hackers did nothing more than routine exploration for vulnerabilities — the kind of activity that the U.S. also does — but because of growing tensions with Russia and Xenotime’s involvement in a previous disruptive attack, the information traveled up the ranks to senior officials in government. The episode occurred just months after Biden had warned Putin against offensive cyberattacks on U.S. critical infrastructure. “It turned into extraordinary concern, because it’s perceived as sort of signaling,” Lee said. “[The Russians were] showing they may have the intent to come after electric and natural gas sites.” HOW THE U.S. WOULD RESPOND TO AN ATTACK No matter how dire the military invasion in Ukraine turns, the U.S. would not conduct disruptive or destructive cyberattacks against Russia, Lee believes. In the same way the U.S. has carefully avoided direct involvement in Ukraine’s defense, aside from supplying intelligence and equipment, it also would not want to enter into direct conflict with Russia in cyber space. This could change, however, if Russia attacks the U.S. or its NATO allies. But Russia is probably making the same kinds of calculations about launching attacks against the U.S., said Daniel, the former NSC cyber coordinator. For example, to retaliate for the financial crisis that Western sanctions have introduced in Russia, Putin’s forces could launch sophisticated and potentially chaotic attacks against the integrity of U.S. or European financial data, but these kinds of attacks require extensive advance planning and it’s not clear Russia has done the work. Daniel said Russia is also not likely to launch a destructive attack at the outset. Instead Russia might launch barrages of malicious online traffic to take down U.S. banking websites, as Iran has done in the past in retaliation for sanctions. Russia could also hijack banking traffic, redirecting it to Russian networks, or unleash cyber criminal gangs to conduct ransomware attacks on the financial sector. Whatever Russia does, Daniel says the U.S. would want to be measured in any response it takes. Options could include leaking information about secret financial dealings of Putin and his cronies to further turn the Russian public against Putin, though the U.S. would have to be prepared for Russia to do the same. “The U.S. would be looking for actions that would impose some pain but wouldn’t lead to physical destruction or loss of life or necessarily be permanent, so that if Russia backs off, the U.S. can as well,” Daniel said. And Daniel said any response from the United States would likely be targeted narrowly at the military or government — contrary to a recent NBC News report, strongly disputed by the White House, that said U.S. cyber warriors had proposed to Biden options such as shutting off the power in Russia. “We would not want to take steps that would drive the Russian populace back towards a pro-Putin viewpoint,” Daniel said. Kim Zetter is the author of COUNTDOWN TO ZERO DAY: Stuxnet and the Launch of the World’s First Digital Weapon. CORRECTION: A previous version of this story incorrectly described the extent of the hacking group Xenotime’s access to U.S. energy networks. The hackers were probing the networks for ways to get inside. * Filed under: * Cyber Security, * NSA, * Russia, * National Security, * Hacking, * Cyber Attacks, * Ukraine, * Russia’s War on Ukraine POLITICO * * * * Link Copied * * * * Digital Future Daily How the next wave of technology is upending the global economy and its power structures Loading You will now start receiving email updates You are already subscribed Something went wrong Email !Please make sure that the email address you typed in is valid Industry Select Industry Agriculture , Congress , Consulting , Defense , Education , Energy & Environment , Finance , Food and Beverage , Foreign Government , Foundations/Non-Profit , Government (Non-Congress) , Healthcare , Labor , Law/Lobbying , Media , Personal and Household Goods , Pharmaceutical , Political , Public Relations , Real Estate , Retail , Sole Proprietor , Technology , Think Tank , Trade , Transportation , Travel & Leisure Employer * All fields must be completed to subscribe. By signing up you agree to allow POLITICO to collect your user information and use it to better recommend content to you, send you email newsletters or updates from POLITICO, and share insights based on aggregated user information. You further agree to our privacy policy and terms of service. You can unsubscribe at any time and can contact us here. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. Sign Up SPONSORED CONTENT * Zahnärzte staunen: So wird Zahnersatz kostenlos Pro Verbraucher * Deutscher Doktor: Dieser einfache Tipp entleert Ihren Darm jeden Morgen (fast sofort) Nutravya * Kein Scherz - So zahlen Firmen fast nichts für Ihren Kaffeevollautomaten Kaffeevollautomaten für Firmen * 1 seltsame Methode bekämpft Nagelpilze- Es ist genial! Pilze Research * Das realistischste PC-Spiel des Jahres 2022 Raid: Shadow Legends * Überraschende Wahrheit über 3 Stoffwechsel-Typen Deutsches Gesundheits Journal * [Fotos] Versuchen Sie, durch diese Tätowierungen zu kommen, ohne zu lachen Novelodge * Warum wir Ihnen diese berühmten Klettererdbeeren zum kostenlosen Preis anbieten erdbeerenklettern.de * Immer sofort ausverkauft: Verona Pooths Testsieger Pflege bricht alle Rekorde Stars & Stories * [Bild] Sie war eine legendäre Schauspielerin - heute arbeitet sie von 9 bis 5 Crowdyfan By * About Us * Advertising * Breaking News Alerts * Careers * Credit Card Payments * Digital Edition * FAQ * Feedback * Headlines * Photos * POWERJobs * Press * Print Subscriptions * Request A Correction * Write For Us * RSS * Site Map * Terms of Service * Privacy Policy * Do not sell my info * Notice to California Residents © 2022 POLITICO LLC WE CARE ABOUT YOUR PRIVACY We and our partners store and/or access information on a device, such as unique IDs in cookies to process personal data. You may accept or manage your choices by clicking below, including your right to object where legitimate interest is used, or at any time in the privacy policy page. These choices will be signaled to our partners and will not affect browsing data. WE AND OUR PARTNERS PROCESS DATA TO PROVIDE: Store and/or access information on a device. Select personalised ads. Select basic ads. Measure ad performance. Apply market research to generate audience insights. Develop and improve products. Create a personalised ads profile. List of Partners (vendors) I Accept Show Purposes ABOUT YOUR PRIVACY * YOUR PRIVACY * STRICTLY NECESSARY COOKIES * PERFORMANCE COOKIES * FUNCTIONAL COOKIES * TARGETING COOKIES * SOCIAL MEDIA COOKIES * GOOGLE YOUR PRIVACY We process your data to deliver content or advertisements and measure the delivery of such content or advertisements to extract insights about our website. We share this information with our partners on the basis of consent and legitimate interest. You may exercise your right to consent or object to a legitimate interest, based on a specific purpose below or at a partner level in the link under each purpose. These choices will be signaled to our vendors participating in the Transparency and Consent Framework. More information List of IAB Vendors STRICTLY NECESSARY COOKIES Always Active These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information. Cookies Details PERFORMANCE COOKIES Performance Cookies These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance. Cookies Details FUNCTIONAL COOKIES Functional Cookies These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly. Cookies Details TARGETING COOKIES Targeting Cookies These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising. Cookies Details SOCIAL MEDIA COOKIES Social Media Cookies These cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools. Cookies Details GOOGLE Google Allowing third-party ad tracking and third-party ad serving through Google and other vendors to occur. Please see more information on Google Ads here. * STORE AND/OR ACCESS INFORMATION ON A DEVICE Switch Label Cookies, device identifiers, or other information can be stored or accessed on your device for the purposes presented to you. * SELECT PERSONALISED ADS Switch Label Personalised ads can be shown to you based on a profile about you. Object to Legitimate Interests Remove Objection * SELECT BASIC ADS Switch Label Ads can be shown to you based on the content you’re viewing, the app you’re using, your approximate location, or your device type. Object to Legitimate Interests Remove Objection * MEASURE AD PERFORMANCE Switch Label The performance and effectiveness of ads that you see or interact with can be measured. Object to Legitimate Interests Remove Objection * APPLY MARKET RESEARCH TO GENERATE AUDIENCE INSIGHTS Switch Label Market research can be used to learn more about the audiences who visit sites/apps and view ads. Object to Legitimate Interests Remove Objection * DEVELOP AND IMPROVE PRODUCTS Switch Label Your data can be used to improve existing systems and software, and to develop new products Object to Legitimate Interests Remove Objection * CREATE A PERSONALISED ADS PROFILE Switch Label A profile can be built about you and your interests to show you personalised ads that are relevant to you. Object to Legitimate Interests Remove Objection List of IAB Vendors | View Full Legal Text Opens in a new Tab Cookies Details Back Button BACK Filter Button Consent Leg.Interest checkbox label label checkbox label label checkbox label label * View Third Party Cookies * Name cookie name Clear checkbox label label Apply Cancel Confirm My Choices Allow All