A group backed by the Russian government has attempted to hack the U.S. Senate and Republican think tanks, according to Microsoft, representing a possible opportunity for the United States to respond in cyberspace under new rules of engagement.
In a statement released late Monday night, Microsoft said that the Russia-backed group that operates under the name Strontium, as well as Fancy Bear or APT28, attempted a phishing operation on the U.S. Senate, the International Republican Institute and the Hudson Institute. The group set up at least six fake websites that mimicked the appearance of the organizations’ real pages, according to the company, apparently in the hopes users would submit their passwords.
In this case, a judge ruled that the fake websites should be disrupted and control of the six internet domains be transferred into the hands of Microsoft Digital Crimes Unit. Experts and lawmakers, however, have urged the administration to take a tougher response to Moscow’s activity following President Trump’s change last week to a law previously restricting America in cyberspace.
“We need to start pushing back on the Russians, and we need to do it consistently,” Jim Lewis, a senior vice president at the Center for Strategic and International Studies, told Fifth Domain in an interview, criticizing both the Obama and Trump administrations.
Lewis suggested a “menu of options” for a response, including targeted financial sanctions on oligarchs, investigating Russian doping scandals, revealing corruption practices, and even blocking access to all Russian domain websites for one day.
“People are going to say ‘Gosh, that’s not American to do that,’” Lewis said. "My answer is, ‘It used to be American that we could stand up for ourselves.’”
“You don’t deter cyber; you deter Russia,” said Frank Cilluffo, director of the Center for Cyber and Homeland Security at George Washington University. Offensive cyber operations are a deterrent that can help defend U.S. networks, Cilluffo said in an interview with Fifth Domain. If it is clear who is responsible for the attempted hacks, “I think those should be potential options” for response, Cilluffo said.
Microsoft’s announcement comes right after U.S. cyber operations appear to have been given greater authority to conduct offensive operations. Last week, a White House official told Fifth Domain that President Trump signed an order that changed how America operates in cyberspace.
Sen. Mike Rounds, R-S.D., told reporters that under the previous rules of engagement in cyberspace, U.S. agencies needed to achieve consensus, which constrained offensive operations. But under the revised presidential order that Trump signed last week, Rounds said he hoped to see an increase in offensive cyber operations.
There was no evidence the attempted hacks announced by Microsoft were successful, and experts said the Russia-backed activity was not surprising. Fancy Bear was also behind the attack on Hillary Clinton’s campaign, according to U.S. intelligence officials.
“The principal focus of APT28 has always been quiet intelligence collection for the decision advantage of its sponsors: the Russian military and policymakers,” said John Hultquist, director of intelligence analysis at FireEye, a threat research firm.
“Though APT28 has leveraged data gathered from intrusions to carry out active measures, such as targeted leaks through false personas, incidents of this nature do not necessarily signify such an operation."
In at least three Senate hearings Aug. 21, lawmakers on Capitol Hill discussed sanctions on Russia. Both Republican and Democratic senators used the phrase “America is under cyberattack.”
Sen. Richard Blumenthal, D-Conn., had clear suggestions about what America should do in response to Russian hacking.
“Sanctions from hell. Deterrence from hell,” Blumenthal said. “Until the government of the United States strikes back, tech companies will be at the mercy of the Russians and others like the Iranians and Chinese.”
There was a common frustration that the Senate has not done more to protect America from cyberattacks during the hearings.
“For too long the Senate has done nothing despite good intentions from so many people. Nothing has happened. People have been afraid of pissing off different interests. People have been afraid of getting attacked on the internet,” said Sen. Amy Klobuchar, D-Minn.
Trump administration officials who testified promised to respond to Russian cyberattacks.
“There will of course be consequences and painful ones if they engage in additional unacceptable conduct,” Christopher Ford, an assistant secretary at the State Department, told lawmakers.
“We also think it is important not to be too specific about that. This is not a game of forecasting.”
Justin Lynch is the Associate Editor at Fifth Domain. He has written for the New Yorker, the Associated Press, Foreign Policy, the Atlantic, and others. Follow him on Twitter @just1nlynch.