Security experts from both parties want to see strong action if the U.S. concludes Russia is meddling in the election.
By: Eric Geller and Cory Bennett
As Hillary Clinton supporters fret about a WikiLeaks “October surprise,” dozens of defense and security experts from both parties are urging the Obama administration to take tough action if it concludes that Russia orchestrated a series of cyberattacks on the Democratic Party.
But based on past U.S. handling of foreign-sponsored cyberassaults, it could take months or even years to mount such a response — action that could encompass anything from public shaming or economic sanctions to indictments or retaliatory hacking. Even the most optimistic timeline, according to interviews with former security and law enforcement officials, could delay a forceful U.S. reprisal until just weeks before the very presidential election that the hackers may be trying to influence.
“I’m sure they’re cognizant of [the] timeline,” said Nathaniel Gleicher, who served as director for cybersecurity policy at the White House National Security Council until last October, and is now head of cybersecurity strategy at Illumio. “That doesn’t mean that they’re going to take action sooner or later.”
The administration insists it has improved its ability to respond quickly to cyberattacks, and officials increasingly say they support publicly calling out foreign nations that hack the United States. One administration official noted that it took just five weeks for President Barack Obama to impose economic sanctions against North Korea in response to the destructive late-2014 hacking of Sony Pictures.
Yet current and former officials acknowledge that constructing a public response isn’t an instant task. Merely preparing a declassified explanation of who perpetrated an attack or readying economic sanctions takes weeks. Bringing criminal charges — as the Justice Department has done with state-backed hacking suspects in Iran and China — can require years.
And the U.S. has never leveled any official public reprisal for hacking by Russia, despite years of evidence that hackers linked to Vladimir Putin’s regime have carried out intrusions of the White House, State Department and Pentagon.
Obama himself preached caution at a news conference this week. Imposing penalties, he said, “requires us to really be able to pin down and know what we’re talking about.”
The prospect of a lengthy wait is unnerving for Clinton supporters, who see potential repeats of last month’s mass release of Democratic National Committee emails as one of a handful of unpredictable curveballs that could still toss the White House to Donald Trump. Democrats have charged that the website WikiLeaks dumped the emails as part of a Russian effort to aid Trump, who has praised Putin and expressed doubts about U.S. commitments to allies in Eastern Europe.
Russia has denied having anything to do with the DNC hacks or a separate breach aimed at donors to the Democratic Congressional Campaign Committee. But if the U.S. concludes that Putin’s regime is to blame, a growing chorus of security hawks says the White House must make it clear that such meddling in the U.S. political system cannot stand.
“If in fact you could definitively or strongly develop a case for attribution against Russia, that in fact the Russians should be confronted with it and we should confront them publicly with it,” former Obama administration National Security Adviser Tom Donilon said Thursday during a POLITICO Playbook breakfast.
“I don’t think countries are paying a price for this kind of activities,” Stephen Hadley, who held the same post under George W. Bush, said at the same event.
Calls for action have also come from several congressional Democrats and Republicans who serve on defense, law enforcement or intelligence committees, as well as a bipartisan group of 31 security and counterterrorism experts who urged Obama to “take prompt actions” that would “deter foreign actors from pursuing such tactics in the future.”
“This is not a partisan issue,” wrote the experts from the Aspen Institute Homeland Security Group, who included Bush Homeland Security Secretary Michael Chertoff and former CIA directors Michael Hayden and William Webster. They added: “Our president should be chosen by American citizens, not by foreign adversaries or interests.”
But Clinton supporters worry that Russian-backed hackers may indeed have free rein to try to influence the November election, depending on what information they’ve stolen and when they plan to release it. (The Aspen group also warned that the hackers may “salt the files they release with plausible forgeries” to worsen the fallout.)
WikiLeaks founder Julian Assange, whose site released the DNC emails July 22, has refused to confirm or deny their origins but has told CNN that he might release “a lot more material,” noting that “they are having so much political impact in the United States.”
Democrats like veteran political strategist Craig Varoga can easily see the worst-case scenario. “In all likelihood, Russia and Assange are already planning an October surprise to influence our election and otherwise destabilize the Western alliance,” he said in an interview.
“We may be headed into uncharted waters, and this has the potential to spiral out of control,” said longtime Democratic operative Jim Manley, a former spokesman for Senate Minority Leader Harry Reid.
No Democrats interviewed would speculate about what material could come out in future leaks, although known cyberattacks have already successfully infiltrated the DNC, DCCC and a data analytics program used by Clinton’s campaign. Trump also publicly urged Russia to obtain the 33,000 emails deleted from Clinton’s old personal server, although he later claimed he was being “sarcastic.”
WikiLeaks’ release of the first cache of nearly 20,000 DNC emails was well-timed to cause turmoil on the eve of the Democrats’ July convention, forcing the resignation of Chairwoman Debbie Wasserman Schultz and stoking accusations that party insiders had conspired to undermine Bernie Sanders’ upstart presidential campaign. The fallout continued this week, when interim DNC chair Donna Brazile ousted three top officials, including CEO Amy Dacey, communications director Luis Miranda and chief financial officer Brad Marshall.
Private-sector cybersecurity experts have said the DNC emails appear to have been pilfered by hackers linked to Russian intelligence agencies, and intelligence officials have privately reached similar conclusions. Cyber experts have identified ties between Russia and an alleged hacker nicknamed “Guccifer 2.0,” who has taken credit for the intrusions and claims to have stolen documents from the computer that Clinton used as secretary of state.
“The prospect of something hanging out there is obviously unnerving, to say the least,” a former DNC official told POLITICO.
Lawmakers urging a public White House response include the top Democrats on both Intelligence panels, Rep. Adam Schiff and Sen. Dianne Feinstein of California, as well as Senate Judiciary Chairman Chuck Grassley (R-Iowa), top Judiciary Democrat Sen. Patrick Leahy of Vermont and Sen. Tom Cotton (R-Ark.). They’ve said that at the very least, the administration should publicize the results of its probe into the hacks.
Some Democrats have said Putin could have ample reason to want to see Trump in the White House, noting that the New York real estate magnate has praised him as a “strong leader” and has expressed doubts about whether the U.S. would defend NATO nations that come under Russian attack. Trump campaign manager Paul Manafort also has ties to Putin’s allies, having served as a longtime adviser to Moscow-backed former Ukrainian President Viktor Yanukovych.
An official U.S. government rebuke of Russian hackers for targeting the DNC would call even more attention to those ties. But it could also backfire, allowing the Trump campaign to accuse Obama of intervening to salvage Clinton’s presidential hopes.
“Is the Democratic administration going to take a particular action … or is this something that can be dealt with, and maybe is better dealt with, after November?” asked Ed McAndrew, a former cybercrime prosecutor with the U.S. attorney’s office in Delaware.
Still, the White House would have some political cover given the cries from both Democrats and Republicans for action.
Many cyber policy experts have pressed for indictments of the DNC hackers, an approach the administration has employed only twice before for government-backed cyberattacks. In 2014, it charged five members of the Chinese military with hacking U.S. companies. And earlier this year, the DOJ brought indictments against seven Iranian-backed hackers accused of infiltrating a range of financial companies and a dam in upstate New York.
Both cases stretched out for years.
“In the cyber arena, when you’re talking about a federal indictment, you’re talking about months or years, not days or weeks,” said one former National Security Council official, who also handled cyber matters at the DOJ.
In addition to the highly technical process of tracing each intrusion to a specific computer, prosecutors then try to prove that a particular person executed the attack at that computer, or show that the “digital fingerprints” are unique to that individual, said Peter Toren, a cybercrime attorney and former DOJ cyber prosecutor.
Presenting this evidence in court could also expose valuable secret surveillance footholds in Russian intelligence agencies.
Raj De, a former National Security Agency general counsel, said spy agencies are typically “very reticent to burn sources and methods for any activity.” Revealing such tactics could even open up the NSA to lawsuits over its surveillance operations.
Together, these factors mean that getting such an indictment before November “would be an impossibility,” according to one former DOJ National Security Division prosecutor.
Sanctions could serve as a more expedient option. That was the case the November 2014 hack of Sony Pictures, which led the White House to hit Pyongyang with economic penalties in early January 2015. Since then, Obama has issued an executive order empowering the Treasury Department to go after foreign individuals or organizations engaged in “malicious cyber-enabled activities” that target government and private sector computer networks.
“It’s easier to level sanctions than to prosecute someone without jeopardizing intelligence sources and methods,” said Michael Vatis, a cybercrime attorney with Steptoe & Johnson and former national security-focused DOJ official, via email.
Still, it may be hard to match the quick turnaround on the Sony incident, several current and former officials warned.
Preparing sanctions is “not a quick process,” said Gleicher, the NSC’s former director for cyber policy. And with the DNC hack, he added, “there’s just more factors to analyze and consider,” given America’s delicate relationship with Russia and the sophistication of the attacks on the Democrats.
Treasury declined to say whether officials were discussing DNC hack-related sanctions.
Despite the public silence, it’s possible that the U.S. may already be hitting back with some kind of secret cyber campaign. Hadley advocated that approach during Thursday’s POLITICO event, saying the U.S. should send the message to foreign hackers that “if you intrude in our systems, we are going to take away your capacity to do it in the future.”
“Quietly, out of the public mind, tit for tat,” Hadley said. “You do that enough, and people start doing the cost-benefit analysis.”
But current and former officials say the White House is gradually favoring a public outing of foreign hackers.
“Post-Sony, I think people are … increasingly appreciating the value of [public] attribution,” said De, the former NSA general counsel, who now leads the cybersecurity and data privacy practice at law firm Mayer Brown.
A senior Justice Department official told POLITICO that recent realignments within the DOJ and FBI were helping the administration accelerate breach investigations. Previously, the official said, the DOJ National Security Division wasn’t necessarily talking to FBI digital investigators. In the past few years, the teams have become more integrated.
“We weren’t set up like his before,” the official said. “Hopefully, [the new alignment] will inform conversations about how to handle Russia.”
But one congressional Republican source warned, “The genie is out of the bottle — you can’t put it back in.”
“Even some kind of response to Russia is not going to change the fact there’s information out there,” the person said. “There will be information put out, I would expect every month.”