“Listen, does it even matter who hacked this data?’’ Putin said during an interview with Bloomberg earlier this week. “The important thing is the content that was given to the public.’’
“There’s no need to distract the public’s attention from the essence of the problem by raising some minor issues connected with the search for who did it,” Putin added of the cyberattack.
The DNC resulted in the release of thousands of the Democratic Party’s private emails by radical transparency group WikiLeaks and the resignation of Rep. Debbie Wasserman-Schultz (D-Fla.) as the party’s chair.
“But I want to tell you again,” Putin added. “I don’t know anything about it, and on a state level Russia has never done this.”
“Listen, does it even matter who hacked this data?’’
While the Obama administration has never publicly blamed Russia for the DNC attack, there is a general consensus within the American intelligence community that there is a “high confidence” Russia was behind behind the attack.
Putin’s attempt to simultaneously deflect blame for the hack and tamp down speculation about its origin comes as the attack’s primary target, 2016 Democratic presidential nominee Hillary Clinton, advocated going on the offensive against cyberattacks while directly blaming Russia for the DNC hack.
“As president, I will make it clear that the United States will treat cyberattacks just like any other attack. We will be ready with serious political, economic, and military responses,” Clinton said during a speech on Wednesday at the American Legion National Conference in Cincinnati. “I want us to lead the world in setting the rules in cyberspace. If America doesn’t, others will.”
“We need to respond to evolving threats from states like Russia, China, Iran, and North Korea. We need a military that is ready and agile so it can meet the full range of threats and operate on short notice across every domain—not just land, sea, air and space but also cyberspace. You’ve seen reports. Russia’s hacked into a lot of things, China has hacked into a lot of things. Russia even hacked into the Democratic National Committee, maybe even some state election systems. So we have got to step up our game. Make sure we are well defended and able to take the fight to those who go after us.”
As Clinton noted, the DNC hack isn’t the only recent instance in which American officials have pegged Russia as the source of a cyberattack against the U.S. political system. Government officials also point to hackers based in Russia as the source of voter database breaches in Illinois and Arizona, which exposed the personal information of hundreds of thousands of registered voters.
The question of how to best respond to cyberattacks on important institutions and critical infrastructure is a thorny one. While one option is to respond with conventional military force, most of the conversation has centered around the concept of “hacking back,” which is responding to a cyberattack with a retaliatory attempt to breach the systems of the suspected perpetrator.
There has been considerable speculation that U.S. intelligence agencies have targeted Russian intelligence agencies in response to cyberattacks.
“In terms of the foreign intelligence mission, one of the things we have to do is try to understand who did a breach, who is responsible for a breach,” Robert Joyce, who runs the NSA’s Tailored Access Operations, told ABC News in an interview. “So we will use the NSA’s authorities to pursue foreign intelligence to try to get back into that collection, to understand who did it and get the attribution. That’s hard work, but that’s one of the responsibilities we have.”
Since looking into the activities of nation state actors falls well within the National Security Agency’s jurisdiction, this type of surveillance, which may involve the penetration of security systems of foreign governments, doesn’t require a concrete policy change.
“To definitively attribute the breach at the DNC to a Russian actor is next to impossible.”
The issue is that, in order to conclusively identify the source of a cyberattack—especially those suspected of originating from a highly advanced persistent threat like trained intelligence officials adept at hiding their tracks—hacking back is often a prerequisite.
“To definitively attribute the breach at the DNC to a Russian actor is next to impossible,” Leo Taddeo, a former special agent in charge of the FBI’s New York cybercrime division and current chief security officer of cybersecurity firm Cryptzone, explained to the Daily Dot. “Unless we have a window into their side, we’ll probably never definitively attribute this to Russia.”
Even so, waging a cyberwar against geopolitical rivals, which goes over and above what’s necessary as part of a digital forensic investigation into domestic breaches, is something that both the U.S. and Russia have been caught doing in the past, even if the entire concept of hacking back has a tendency to raise the hackles of many internet freedom activists.
Cyberwar remains a controversial concept, and there remains ample ambiguity surrounding not only rules of conduct but the very definition. That said, there are multiple instances that experts point to as examples of what cyberwar might look like.
In 2007, for instance, a massive Russian botnet crippled the online presence of Estonian institutions, from banks to media outlets to the Estonian government’s own computer systems. That attack came amid massive demonstrations Latvia over the country’s long and torturous relationship with the Soviet Union.
Three years later, security researchers identified a widely circulated computer virus dubbed Stuxnet, which was determined to be the work of American and Israeli intelligence services and created with the goal of causing physical damage to an Iranian nuclear production facility.
At the moment, there is no precedent for a cyberattack from one nation to another escalating into an armed military conflict. However, as digital weapons become more common, it may only be a matter of time.