Russia’s Reply to Massive US Cyber Hack – Deny and Deflect

Russian President Vladimir Putin congratulated Joe Biden on winning the U.S. presidential election on Tuesday, December 15, a day after members of the U.S. Electoral College certified Biden’s winning majority. "… Russian-American cooperation based on the principles of equality and mutual respect would meet the interests of people in both countries as well as the entire international community," the Kremlin’s readout said. But Putin’s note to Biden came amid fresh and alarming reports of a massive U.S. government data breach attributed to Russian cyber espionage. Russia denied involvement.  “Once again, I can reject these accusations and once again I want to remind you that it was President (Vladimir) Putin who proposed that the American side agree and conclude agreements (with Russia) on cyber security,” Kremlin spokesman Dmitry Peskov said on Monday.  That claim is misleading. To be sure, Putin did propose a bilateral cyber security treaty in September. But that doesn’t erase the latest evidence of Russian cyberattacks and similar deflections, which have a long history. On October 19, the U.S. Justice Department indicted six Russian military intelligence (GRU) officers for “Worldwide Deployment of Destructive Malware and Other Disruptive Actions in Cyberspace.” A Justice Department press release quoted Assistant U.S. Attorney General for National Security John C. Demers as saying: “No country has weaponized its cyber capabilities as maliciously or irresponsibly as Russia, wantonly causing unprecedented damage to pursue small tactical advantages and to satisfy fits of spite.”  The indictment detailed personal and professional information about the Russian intelligence officers, along with evidence of their activities in Ukraine, China, U.S. and elsewhere. Two years earlier, in October 2018, the Pentagon launched its first cybersecurity operation targeting Russian operatives "warning them that the military is tracking their activities in an attempt to deter them from disrupting the fast-approaching midterm elections."  In January 2017, the U.S. CentraI Intelligence Agency (CIA), Federal Bureau of Investigation (FBI) and National Security Agency (NSA) stated “with high confidence” that the Russian government was behind hacking and leaking Democratic National Committee emails during the 2016 U.S. presidential campaign, and that Putin ordered the operation.  That wasn’t the first intrusion. In 2014, the Dutch General Intelligence and Security Service’s cyber units hacked into the Russian government’s cyber intelligence systems and maintained a presence inside them for more than a year. The Dutch reportedly recorded members of a Russian hacker unit known as Cozy Bear and helped the U.S. State Department to oust the Russian hackers from U.S. computers. Prior to the Dutch operation, other nations and international organizations had discovered and reported Russian government cyberattacks on their systems. In 2016, NBC News compiled a 10-year timeline documenting major hacking operations by Russian state actors targeting over a dozen nations.  As Polygraph.info has reported, Moscow has denied allegations and evidence that hackers working for the Russian state targeted governments, as well as influential international institutions and organizations. Targets of the Russian hacking operations have included Olympic committees, the World Anti-Doping Agency, the United Nations Agency for Prohibition of Chemical Weapons and the joint international team investigating the 2014 downing of Malaysian passenger jet MH17 over Ukraine, which killed all 298 people on board. According to the Japanese cyber security firm Trend Micro, in 2014- 2015 alone, GRU hackers conducted the following operations: Compromised Polish government websites; Attacked a U.S. nuclear fuel dealer, setting up fake Outlook Access login pages for its employees; Launched fake login page attacks against U.S. and EU military and defense institutions; Attacked the corporate accounts of 55 employees of a U.S. newspaper; Launched a massive Gmail phishing attack against three popular YouTube bloggers after they interviewed then-U.S. president Barack Obama; Started using malicious iOS applications for espionage; Launched an attack against NATO members; Attacked the French television channel, TV5Monde, taking its global channels off the air; Launched a domestic spying campaign targeting Russian dissidents, including the spouses of senior U.S. officials. Set up a fake server mimicking the SFTP (Secure File Transfer Protocol) server of the Safety Board [NOTE: Which safety board?] and created a fake Outlook Web Access server to target the MH17 investigation; Launched a spear phishing email attack against multiple foreign ministries worldwide using an Adobe Flash exploit code. On Saturday, December 13, the Reuters news agency broke the news that Russia had gained access to U.S. government internal communications after breaching and hiding malicious code in software updates from SolarWings IT firm, a data manipulation known as a supply-chain attack. SolarWings serves the U.S. and U.K. governments and thousands of private companies worldwide. Microsoft detailed the mechanism of the hack, which the company said was conducted by “state actors.” It said the hackers used “administrative permissions acquired through an on-premises compromise” to impersonate user accounts, “including highly privileged accounts.” The Washington Post reported on December 13 that the hackers belong to the Russian intelligence team known as APT29 or Cozy Bear, previously implicated in high-profile breaches worldwide.  The damage from a “months-long, highly sophisticated digital spying operation remains uncertain” but is “presumed extensive,” the Post reported on December 14. Along with the U.S. Treasury and Commerce departments, the data breach involved the Department of Homeland Security, the State Department, and the National Institutes of Health, among others. The New York Times reported that other agencies using SolarWinds software include the Justice Department, the Centers for Disease Control and Prevention, parts of the Department of Defense and “a number of utility companies.” The Times reported that “State Department officials refused to acknowledge that Russia had been responsible. In an interview with Breitbart Radio News, Secretary of State Mike Pompeo deflected the question with generalities, saying that there had ‘been a consistent effort of the Russians to try and get into American servers, not only those of government agencies, but of businesses. We see this even more strongly from the Chinese Communist Party, from the North Koreans, as well’.”