Russia is particularly aggressive when trying to hide its cybercrimes, meaning the U.S. may never know if the country is behind the leak of 20,000 emails from the Democratic National Committee, experts say.
Russia is the only country to face accusations of using a “false flag,” or a contrived persona, to mask responsibility for malicious cyberactivity.
Related Story: http://www.washingtonexaminer.com/article/2597874
That applies especially to the “Cyber Caliphate,” a group that proclaims affiliation with the Islamic State but that experts have linked to the Russian government. Cybersecurity firm FireEye, along with the State Department and French intelligence services, linked the group to APT 28, an advanced persistent threat group associated with Russia, over the course of attacks that took place last summer.
That group is also known as the “Sofacy Group” or “Fancy Bear,” one of the same groups discovered in June to have breached the DNC’s network. “We believe we could link Cyber Caliphate, despite their claims, directly to the same operator,” said John Hultquist, the head of cyber espionage analysis at iSIGHT, a division of FireEye.
“We believe the persona was created to draw in ISIS sympathizers. It purported to be pro-[Islamic State], putting out militant, fundamentalist propaganda. It was one of the more sophisticated schemes we’ve seen in this space,” Hultquist added.
Whether Guccifer 2.0, an Internet persona claiming responsibility for the leak of the DNC documents, is another attempt at obfuscation developed by the Kremlin remains to be seen. Through web chats, emails and other forms of online communication, Guccifer 2.0 has claimed to be a Romanian national acting of its own accord, though conflicting evidence has cast doubt on the claim. Forensic evidence has suggested the individual is acting out of Russia, though it has been doing a shoddy job of routing its virtual traffic through a French address.
Experts say the best way to reach a conclusion is for intelligence agencies, like the National Security Agency, to make a pronouncement. “Forensics are easily spoofed to portray a picture of events divorced from reality, and an attack from one source can certainly be made to look like an attack from someplace else,” said Steve Grobman, the chief technology officer at Intel Security. “This ability to spoof technical realities is the reason we believe the only way to do good attribution is to combine technical forensics with information available from other sources, such as law enforcement or government intelligence services.”
However, the Obama administration has been particularly averse to attributing responsibility for attacks to other nation-state actors. Congressional Democrats have been generally acquiescent, though that is becoming a source of consternation as they seek to tie Russia to the latest hack, and by extension, to Republican presidential candidate Donald Trump.
Sen. Dianne Feinstein and Rep. Adam Schiff, California Democrats who lead their parties on the intelligence committees in their respective chambers, called Wednesday for a definitive pronouncement to be made on the issue, saying in a letter to President Obama that the breach represented a “state-sponsored attempt to manipulate our presidential election” that corresponded with a “demand [for] a response by the United States.”
Related Story: http://www.washingtonexaminer.com/article/2597707
The letter comes after Schiff on Monday issued a separate statement suggesting Trump had in some manner encouraged Russia to engage in the attack, though Schiff could not say whether he had reason to believe that was the case.
Rep. Mike Pompeo, a Kansas Republican who also sits on the House Intelligence Committee, suggested Democrats should pipe down unless the administration is prepared to reveal new information to the public. “Mr. Schiff should not have made such a statement absent some evidence,” Pompeo said.
“Ultimately, responsibility for preventing attacks falls to the executive branch. It’s up to them to determine whether attribution is appropriate or not,” he added.
