Joe Biden is 'considering cyber attacks' on Russian infrastructure in retaliation for hack

Joe Biden is said to be considering cyber attacks on Russian infrastructure in retaliation for the hacks that breached 200 US federal agencies and firms.  

The president-elect’s team will consider several options over the country’s suspected role in the unprecedented hacking of US government agencies and companies, sources have told Reuters.  

The massive data breach enabled hackers believed to be from Russia’s SVR foreign intelligence service to explore the networks of government agencies, private companies and think-tanks for months. Moscow has denied involvement. 

Fired DHS Cybersecurity chief Chris Krebs on Sunday admitted his ‘failure’ to stop the hack, telling CNN: ‘It happened on my watch. We missed it. A bunch of other folks missed it. But there is work to do now going forward to make sure A: we get past this, that we get the Russians out of the networks, but, B: that it never happens again.’

He warned: ‘I’d be very careful with escalating this.’ 

Biden is reported to be looking at new financial sanctions and cyber attacks on Russian infrastructure, people familiar with the matter say.

‘They’ll be held accountable,’ Biden said in an interview broadcast on CBS on Thursday when asked about how he would deal with the Russian-led hack. He vowed to impose ‘financial repercussions’ on ‘individuals as well as entities.’ 

Sources say the response will need to be strong enough to impose a high economic, financial or technological cost on the perpetrators, but avoid an escalating conflict between two nuclear-armed Cold War adversaries.

The overarching goal of any action, which could also include stepped-up counter cyber espionage efforts, would be to create an effective deterrence and diminish the potency of future Russian cyber spying, the person added.

The unfolding crisis – and the lack of visibility over the extent of the infiltration into the computer networks of federal agencies including the Treasury, Energy and Commerce Departments – will push to the front of Biden’s agenda when he takes office on January 20.  

A company called SolarWinds was hacked, permitting an open door into public and private sector computer systems. SolarWinds is behind critical network monitoring software utilized both by the US government and many blue-chip American firms. 

‘Symbolic won’t do it’ for any U.S. response, said James Andrew Lewis, a cyber security expert at the Center for Strategic and International Studies, a Washington think tank. ‘You want the Russians to know we’re pushing back’ 

President Donald Trump only acknowledged the hacking on Saturday almost a week after it surfaced, downplaying its importance and questioning whether the Russians were to blame. 

Trump’s silence did not go unnoticed with Democrats in Congress blasting Trump for failing to address the issue and demanding a harsh response on the perpetrators.  

‘Our nation is under assault. This cyberattack could be the largest in our history. We don’t yet know the extent of the damage, but we know that we weren’t prepared & have our work cut out for us,’ Rep Jason Crow (D – Colorado) tweeted on Friday.  

‘We can’t wait for leadership, we need it now. @realdonaldtrump, where are you?’

Crow also likened the attack to Pearl Harbor in a follow-up tweet: ‘The situation is developing, but the more I learn this could be our modern day, cyber equivalent of Pearl Harbor.’    

Mitt Romney demanded Sunday that the U.S. response to the Russia cyber attack be ‘of like magnitude or greater’. Democratic Senator Mark Warner, ranking member of the Intelligence Committee, called the Kremlin’s takeaway from the cyber attack a ‘big haul.’

The discussions among Biden’s advisers are theoretical at this point and will need to be refined once they are in office and have full view of U.S. capabilities.

Biden’s team will also need a better grasp of US intelligence about the cyber breach before making any decisions, one of the people familiar with his deliberations said. 

The president elect’s access to presidential intelligence briefings was delayed until about three weeks ago as Trump disputed the November 3 election results.

With Trump taking no action, Biden’s team are concerned that in the coming weeks the president-elect may be left with only one tool: bluster, according to one of the people familiar with his options.

 Biden issued a statement Thursday about the attack where he vowed to make cybersecurity ‘imperative’ when he takes office and said he would not ‘stand idly by’.

‘I want to be clear: My administration will make cybersecurity a top priority at every level of government – and we will make dealing with this breach a top priority from the moment we take office,’ Biden said in a statement. 

‘We will elevate cybersecurity as an imperative across the government, further strengthen partnerships with the private sector, and expand our investment in the infrastructure and people we need to defend against malicious cyberattacks.’   

A spokeswoman for Biden’s transition team did not respond to a request for comment.  

One potential target for U.S. Treasury financial sanctions would be the SVR, said Edward Fishman, an Atlantic Council fellow who worked on Russia sanctions at the State Department during the Obama administration.

Media reports have suggested the SVR-linked hacking group known as ‘Cozy Bear’ or APT29 was responsible for the attacks. The United States, Britain and Canada in July accused here ‘Cozy Bear’ of trying to steal COVID-19 vaccine and treatment research from drug companies and academic institutions.

‘I would think, at the bare minimum, imposing sanctions against the SVR would be something that the U.S. government should consider,’ Fishman said, noting that the move would be largely symbolic and not have a major economic impact. 

The U.S. Treasury has already imposed financial sanctions on other Russian security services, the FSB and the GRU.

Financial sanctions against Russian state companies and the business empires of Russian oligarchs linked to Russian President Vladimir Putin may be more effective, as they would deny access to dollar transactions, both Fishman and Lewis said.

Those targets could include aluminum giant Rusal, which saw U.S. sanctions lifted in 2018 after blacklisted Russian billionaire Oleg Deripaska reduced his stake to a minority in a deal with the Treasury.

Lewis said a stronger option could be to cut Russia off from the SWIFT international bank transfer and financial messaging system, a crippling move that would prevent Russian companies from processing payments to and from foreign customers.

Such a move was contemplated in 2014 when Russia annexed Ukraine’s Crimean peninsula, but it would hurt the Russian energy sector, complicating gas sales to Europe and hit European companies with Russian operations.

Neither the Treasury nor State Department responded to questions about possible actions in response to the hacking.

The Pentagon’s U.S. Cyber Command likely has options for counter actions that could cripple Russian technology infrastructure, such as disrupting phone networks or denial of internet actions, Lewis said, adding that this too could hurt European allies.

‘They’ll need to think through the diplomacy of that,’ Lewis said.

The hackers likely left behind some malicious code that would let them access U.S. systems for retaliation against any U.S. cyber attack and it will take months to find and eliminate those ‘Easter eggs,’ he added.  

Microsoft researchers said Saturday they discovered a second cyber attack on the U.S. government.

They said an unidentified hacking team installed a backdoor in the same SolarWinds network software that facilitated a massive cyber espionage campaign, as the number of victims in the attack rose to 200.

The second backdoor, dubbed SUPERNOVA by security experts, appears distinct from the SUNBURST attack that has been attributed to Russia, raising the possibility that multiple adversaries were attempting parallel attacks, perhaps unbeknownst to each other.  

The sprawling attack compromised multiple government agencies, as well as a growing list of companies and local governments across the country. 

The two US agencies responsible for maintaining America’s nuclear weapons stockpile have already said they were compromised in the attack. 

The attack also breached the Pentagon, FBI, Treasury and State Departments. 

Other victims to fall foul of the attack include the Pima County, Arizona government and cable television company Cox Communications Inc, according to Reuters. 

Microsoft said Friday it had already identified at least 40 government agencies and companies targeted by the hackers.  

A heat map of infections released by the tech giant, which has helped respond to the breach, shows that those infiltrated by the hackers are spread out across the US with agencies, companies and think tanks in New York, Washington DC and Texas among the hardest hit.   

Microsoft has not revealed the names of those infiltrated by the hackers but said nearly half were tech companies.  

The UK, Israel, Canada and the United Arab Emirates were also caught in the cross hairs. 

The breach was executed back in March and went undetected for nearly nine months fueling concerns over the full extent of intelligence and top-secret information that may have fallen into the wrong hands.     

‘The most serious attention should be paid to information security’: Putin in sly dig at Russia’s cyber attack on America as he welcomes new spooks during 100th anniversary of country’s intelligence agency 

Vladimir Putin has given his personal backing to the Russian intelligence agency accused of launching a massive cyberattack against the US government.  

The Kremlin leader appeared at the headquarters of the SVR, Russian Foreign Intelligence Service, to mark its 100th anniversary on Sunday.

While not referring to hacking, Putin lauded the work of intelligence agents in protecting Russia on an annual holiday for the country’s intelligence officers.

A hatless Putin – himself a former KGB agent – stood in the freezing cold outside the SVR HQ to say: ‘I wish success to everyone who defends Russia, our people from external and internal threats, defends sovereignty and national interests.

‘And for whom the safety and well-being of the Motherland was, is and will be the main business of their entire life.’

He stressed: ‘The most serious attention should be paid to information security.’

Putin praised young new staffers – believed to include many with skills in hacking – recruited to Russia’s foreign intelligence service.

‘I want to congratulate those who have recently chosen this fate for themselves, sometimes associated with considerable risk,’ he said.

Agents must ‘respond flexibly to the high dynamics of changes in the international situation and actively participate in identifying and neutralizing potential threats to Russia,’ he said.

In a temperature of around minus 1C (30F), Putin hailed the role of the former KGB during the Soviet era, when it was widely seen as responsible for multiple repressions, and the current role of his security organs in fighting terrorism.

‘Our common task is to confront any attempts to revise history, including silencing or distorting the role of our special services in the defeat of Nazism and, more generally, in ensuring the national security and national interests of our country,’ he said.

Putin spoke in support of the SVR as the vast agency is accused of being behind a vast data breach hacking the networks of government agencies, private companies and think-tanks for months.

The scale of the operation hitting 40 separate targets has shocked seasoned cyber experts with little doubt this was a huge state-level operation to penetrate sensitive US facilities. 

Putin’s spokesman denied Kremlin involvement in the attack, and the Russian embassy said in a statement that the country ‘does not conduct offensive operations in the cyber domain’. 

Earlier the Russian state media gleefully seized on President Donald Trump’s remarks playing down the role of Russia in the hacking.

The US president hit out at Secretary of State Mike Pompeo for blaming Russia for the huge cyber attack on the US in a tweet on Saturday. 

Tagging Pompeo, Trump asserted that China was behind the unprecedented hack on US government agencies and private sector firms, after the secretary of state said on Friday that the Kremlin was to blame.

Russian state news agency TASS headlined a story in the wake of Trump’s comments: ‘White House cancels release of statement alleging Russia involvement in cyber attacks.’

Another state agency Sputnik also cited US sources as saying the US government ‘backs away’ from ‘blaming Russia’.

Sputnik also reported that Trump had ‘berated media outlets for excluding China’s potential involvement in the attack, which, he believes, might be the case’.

They also seized on the president’s claim that ‘the true scale of recent cyberattacks on US government agencies was greatly exaggerated’.

This followed Pompeo alleging ‘it’s the case that now we can say pretty clearly that it was the Russians that engaged in this activity’.

He also emphasized it was a direct and serious attack on the US government by Moscow.

He called it ‘a significant effort to use a piece of third-party software to essentially embed code inside of US government systems’.