By Aaron F. Brantly
Last month, on the eve of the Democratic National Convention in Philadelphia, emails taken from the Democratic National Committee during a June cyber attack were leaked online. While investigations are ongoing, initial reports suggest that the hackers who attacked the DNC were of Russian origin and that they released this information in a bid to influence the U.S. presidential election. We reached out to Aaron Brantly, author of The Decision to Attack: Military and Intelligence Cyber Decision-Making, for his take on this unprecedented cyber attack and to explain why it is so significant.
The recent hacking of the Democratic National Committee is illustrative of political acts achieved through cyberspace. It highlights our political system’s vulnerabilities to outside influences and clearly demonstrates the potential benefits to foreign powers—notably, the dramatic and sudden changes in human infrastructure of a major political party on the eve of its national convention, its biggest event in the four-year cycle of our presidential elections.
The extensive penetrations of the DNC constituted two separate advanced persistent threats (APTs). Skeptical observers might question how the security firms involved can be so confident in their pronouncement of Russian involvement, and they might also question whether that pronouncement was a deliberate feint by the DNC to shift the conversation away from its e-mails. APTs are long-term penetrations with significant data exhausts. Those involving the DNC leveraged techniques and procedures common to two well-known cyber actors, both from Russia.
In an era of increasing information transparency, cybersecurity firms can rapidly identify repeat offenders, and in this case the culprits are likely the FSB and the GRU, respectively the KGB’s successor and the Russian military intelligence service. In much the same way that I analyze the motivation of actors in The Decision to Attack: Military and Intelligence Cyber Decision-Making, cybersecurity firms weigh all the evidence around a particular hacking incident to narrow the potential pool of actors until they can compare behaviors within a given operation. These APTs, while novel to the DNC, were not entirely new forms of attack and bore all the hallmarks of previous attacks attributed to the FSB and the GRU.
The forensic analyses conducted by the firms also indicate the likely manipulation of e-mail contents as highlighted by cyber teams at CrowdStrike. Irrespective of one’s political persuasion, the involvement of a foreign state in the United States’ domestic electoral processes establishes a dangerous and disturbing precedent. It breaks many traditional concepts of intelligence restraint during the cold war, when Russia and the United States often acted through proxies rather than engaging in direct manipulation of each other’s governmental and political institutions.
Sadly, while this precedent is novel in the American experience, it is not new for many states within Russia’s sphere of influence. In 2014, Ukraine accused Russia of launching a cyber attack against that country’s voting infrastructure. Voting software was destroyed, and the hard drives that contained backups were also damaged according to reports in the Wall Street Journal and elsewhere. Voting in a democracy—the right to choose one’s elected officials—is a cherished process in the United States and in many other countries around the world. The undermining of this process stands as an affront that should open the eyes of those democracies.
In my book, I write that:
Our lives, our hopes, and our existence in modern society are directly tied to the cyber world. We depend on magnetic strips on credit cards to feed and clothe us. We tote mobile lifelines, send e-mails, receive phone calls, and conduct commerce on electronic devices. Our bank accounts are numbers stored in computer databases, and the value of our life savings can be wiped away with a stroke of a keyboard. But beyond these modern inventions we are dependent on the electromagnetic spectrum to manage our power grids and the ordering systems that ensure our gas stations have fuel and our grocery stores have food. We don’t have to plug ourselves into the matrix; we already live in it.
Our organizational, political, medical, governmental, and social lives are increasingly intertwined with databases and data sets that we generate both knowingly and unknowingly. Anything and everything we do on digital devices is susceptible to theft and release. The e-mails we send to our families, the texts we send to our friends, the moments when we rightly or wrongly express our frustrations with the world or others. The core moments of our lives, both professional and personal, that we wish to keep hidden are increasingly exposed. As made alarmingly clear by the Sony hack a couple years ago or the leaking of the DNC’s e-mails, our words written in private, in the supposed confidences and confines of our offices or homes, are only temporarily confidential.
Per my own analysis and the analyses of numerous other scholars over the last several years, Russia’s cyber capabilities have grown increasingly robust both at the state level and through proxy actors such as transnational criminal organizations and citizen hackers. Moreover, Andrei Soldatov and Irina Borogan, two Russian investigative journalists, also noted the extensive reach of the Russian State into its domestic Internet infrastructure. In my book I assigned Russia a power score that fell somewhere between all major western powers as of 2011. It was predicated on a significant deficit of engineers and infrastructure that would improve Russia’s aggregate power. It is important to note, however, that while Russia is significantly vulnerable itself to cyber attacks—as indicated by reports of APTs within its own government—it has extremely robust offensive cyber capabilities, as has been demonstrated repeatedly over the last ten years and something I cover extensively in Decision to Attack.
While much attention in recent years rightly has been given to purported Chinese intrusions into corporate and governmental infrastructure, less has been paid to Russia’s offensive cyber capabilities against states within its claimed “sphere of influence.” Our inattention to the plight of other countries has helped make the DNC attack possible. Because we ignored the intrusions into and manipulations of other states, one of our primary political parties did not adequately assess the risks from state and nonstate actors. We as a nation must not attend to the vulnerabilities of our intellectual property infrastructures at the expense of the ideas and organizations that underpin our society as a civil democracy. I do not privilege one form of attack over another, as all can and do have serious implications; however, we must recognize the risks we implicitly accept as we connect, store, and leverage digital data more ubiquitously.
The attack on the DNC was inherently political, with ramifications that extend well beyond the seemingly scandalous contents of the thousands of e-mails released. The attack in many ways extends beyond the cold war spy games of years gone by. It offers a new glimpse of unrestrained espionage and covert actions. If you take pleasure in the DNC’s current pain, I would caution you that there are two types of organizations, those that know they have been hacked and will be hacked again and those that don’t know they’ve been hacked and will be hacked again. The same applies to individuals. The cost of stealing data in bulk quantities is falling rapidly, and there is no such thing as obscurity. We as individuals and as a nation are susceptible to violations of our persons, our institutions, and our sovereignty in ways never before imagined.*
Aaron Franklin Brantly is assistant professor of international relations and cyber in the Department of Social Sciences at the U.S. Military Academy, cyber policy fellow at the Army Cyber Institute, and cyber fellow at the Combating Terrorism Center.
*The views expressed are those of the author and do not reflect the official policy or position of West Point, the Department of the Army, the Department of Defense, or the U.S. Government.