“The US is unmasking Russian hackers faster than ever”
MIT Technology Review, February 21, 2022
by Patrick Howell O’Neill
“The White House was quick to publicly blame Russia for a cyberattack against Ukraine, the latest sign that cyber attribution is a crucial tool in the American arsenal.”
Just 48 hours after banks and government websites crashed in Ukraine under the weight of a concerted cyberattack on February 15 and 16, the United States pointed the finger at Russian spies.
Anne Neuberger, the White House’s deputy national security advisor for cyber and emerging technology, said that the US has “technical information that links the Russian Main Intelligence Directorate (GRU)” with the DDoS attack that had overloaded and brought down the Ukrainian websites.
“GRU infrastructure was seen transmitting high volumes of communication to Ukraine-based IP addresses and domains,” she told journalists on February 18. It’s believed that the cyberattack was meant to sow panic in Ukraine as over 150,000 Russian troops massed at the border.
The speed at which both US and UK officials were able to apportion blame reflects an enormous change from recent history, and it shows how attribution has become a crucial tool of cyber conflict for the United States. In recent years, the US has used this as a geopolitical tool more often than any other country in the world, often working with allies in the United Kingdom—especially when the target is Russia, as was the case last week.
“I will note that the speed with which we made that attribution is very unusual,” Neuberger said. “We’ve done so because of a need to call out the behavior quickly as part of holding nations accountable when they conduct disruptive or destabilizing cyber activity.”
This new policy has its roots in what happened in the wake of the 2016 US election. Gavin Wilde, formerly a senior National Security Council official focused on Russia, helped author the landmark intelligence community assessment that detailed Moscow’s hacking and disinformation campaigns aimed at influencing the election. It took an enormous effort prompted by President Obama himself, backed up by Director of National Intelligence James Clapper, just to kick-start the process of getting all the relevant US intelligence agencies in the same room to share information across a wide range of classification levels.
But the attribution of Russia’s campaign wasn’t made public until 2017, months after the US election itself.
About the Author:
Patrick Howell O’Neill is the cybersecurity senior editor for MIT Technology Review. He covers national security, election security and integrity, geopolitics, and personal security: How is cyber changing the world? Before joining the publication, he worked at the Aspen Institute and CyberScoop covering cybersecurity from Silicon Valley and Washington DC.
- “UK assesses Russian involvement in cyber attacks on Ukraine: Technical information analysis shows the Russian Main Intelligence Directorate (GRU) was almost certainly involved in disruptive DDoS cyber attacks.” From:
Foreign, Commonwealth & Development Office and National Cyber Security Centre. Published: 18 February 2022.
- “2022 Ukraine cyberattacks” Wikipedia.