Earlier this month, the Obama Administration promised that Russia would face the consequences for interfering with the US election. Yesterday, a new set of sanctions were announced against the country, which includes the expulsion of 35 Russian diplomats.
The actions coincide with the release of a declassified joint report from the FBI and Department of Homeland Security that reveals the technical details of Russia’s hacking campaigns. The 13-page document states that two different Russian civilian and military intelligence Services (RIS) “participated in the intrusion into a US political party" - a clear reference to the Democratic National Committee hacks.
The first group, known as Advanced Persistent Threat (APT) 29, aka Cozy Bear, compromised the Party’s systems in summer 2015. The second group, APT28, aka Fancy Bear, broke into the DNC's network during spring 2016.
The report links APT29 to a spearphishing campaign that saw emails containing malicious links sent to over 1000 recipients, including multiple government officials, in mid-2015. At least one of the targets activated links that delivered malware to the DNC’s systems, giving APT29 access to sensitive information.
APT28 used the same targeted spearphishing technique in Summer 2016 to once again infiltrate the DNC and other organizations. In this case, the emails tricked recipients into changing their passwords through fake webmail domains. The government agencies believe the data stolen in this instance was leaked to the press and publicly disclosed, thereby influencing November’s election.
The report refers to the Russian operations using the codename “Grizzly Steppe.” It includes a diagram (below) that gives a visual representation of how the attacks took place.
Some security experts have criticized the report for being overly basic and arriving too late.
Obama has previously talked about responding to Russia’s cybercrimes “at a time and place of our choosing.”
“I have issued an executive order that provides additional authority for responding to certain cyber activity that seeks to interfere with or undermine our election processes and institutions, or those of our allies or partners,” said the President.
Using this new authority, I have sanctioned nine entities and individuals: the GRU and the FSB, two Russian intelligence services; four individual officers of the GRU; and three companies that provided material support to the GRU’s cyber operations.
In addition, the secretary of the treasury is designating two Russian individuals for using cyber-enabled means to cause misappropriation of funds and personal identifying information.
Additionally, Russia will no longer have access to compounds in Maryland and New York that have been used for intelligence purposes. More actions against the country are likely to be taken, though not all of them will be publicized.
A spokesperson for Russian President Vladimir Putin said Russia regretted the new sanctions and would consider retaliatory measures. The Russian embassy in the UK sent out a tweet calling Obama’s administration a lame duck.
President Obama expels 35 🇷🇺 diplomats in Cold War deja vu. As everybody, incl 🇺🇸 people, will be glad to see the last of this hapless Adm. pic.twitter.com/mleqA16H8D— Russian Embassy, UK (@RussianEmbassy) December 29, 2016
In response to the sanctions, Russia has ordered the closure of the Anglo-American School of Moscow, which was attended by the children of Western embassy personal from the US, the UK, and Canada. It has also ordered the closure of a US embassy vacation house, located just outside of Moscow.
It will be interesting to see how incoming president Donald Trump deals with the situation. When asked yesterday about the Russian hacking situation, he blamed computers for making people's lives much more complex. When pushed to comment on the new sanctions, the President-Elect said: “I think we ought to get on with our lives.”