White House issues executive order imposing sanctions on Russian government officials
The action by the Obama administration follows accusations that Russian government officials were directly involved in the hacking of US political party emails
The Obama administration has issued an executive order (PDF) that freezes the property and interests of a number of Russian nationals and imposes sanctions on two intelligence services.
“All Americans should be alarmed by Russia’s actions,” President Obama said in a statement released by the White House.
A joint report from Homeland Security and the FBI was also issued (PDF), stating that two different groups were responsible for separate “intrusions” into US political party systems. The first occurred in the summer of 2015, while the second took place in the spring of 2016.
From the report:
In summer 2015, an APT29 spearphishing campaign directed emails containing a malicious link to over 1,000 recipients, including multiple U.S. Government victims. APT29 used legitimate domains, to include domains associated with U.S. organizations and educational institutions, to host malware and send spearphishing emails. In the course of that campaign, APT29 successfully compromised a U.S. political party. At least one targeted individual activated links to malware hosted on operational infrastructure of opened attachments containing malware. APT29 delivered malware to the political party’s systems, established persistence, escalated privileges, enumerated active directory accounts, and exfiltrated email from several accounts through encrypted connections back through operational infrastructure.
In spring 2016, APT28 compromised the same political party, again via targeted spearphishing. This time, the spearphishing email tricked recipients into changing their passwords through a fake webmail domain hosted on APT28 operational infrastructure. Using the harvested credentials, APT28 was able to gain access and steal content, likely leading to the exfiltration of information from multiple senior party members. The U.S. Government assesses that information was leaked to the press and publicly disclosed.
The report then goes on to recommend cybersecurity back practices including backups, risk analysis, staff training and so on.
The president’s executive order states that “any person determined by the Secretary of the Treasury, in consultation with the Attorney General and the Secretary of State, to be responsible for or complicit in, or to have engaged in, directly or indirectly, cyber-enabled activities” will face property sanctions.
The four intelligence officers named are Igor Valentinovich Korobov, the First Deputy Chief of GRU (Main Intelligence Agency), along with three deputies: Sergey Aleksandrovich Gizunov, Igor Olegovich Kostyukov, and Vladimir Stepanovich Alekseyev. Two individuals, Evgeniy Mikhaylovich Bogachev and Aleksey Alekseyevich Belan were also added to the SDN List (Specially Designated Nationals and Blocked Persons) having been accused of spam and phishing email schemes. Three companies were also named in the order.
The State Department is shutting down two Russian compounds. The administration said the facilities, located in Maryland and New York, were being used for “intelligence-related purposes.” In total, 35 Russian intelligence operatives were designated persona non grata.
“Today, I have ordered a number of actions in response to the Russian government’s aggressive harassment of U.S. officials and cyber operations aimed at the U.S. election. These actions follow repeated private and public warnings that we have issued to the Russian government, and are a necessary and appropriate response to efforts to harm U.S. interests in violation of established international norms of behavior,” the president said in a statement.
“In October, my Administration publicized our assessment that Russia took actions intended to interfere with the U.S. election process. These data theft and disclosure activities could only have been directed by the highest levels of the Russian government. Moreover, our diplomats have experienced an unacceptable level of harassment in Moscow by Russian security services and police over the last year. Such activities have consequences. Today, I have ordered a number of actions in response.”
Russian reaction was to troll the president, which reminded many Twitter users of the president-elect:
Republican Senators John McCain and Lindsey Graham, however, issued a joint statement in support of the president’s executive order.
“The retaliatory measures announced by the Obama administration today are long overdue. But ultimately, they are a small price for Russia to pay for its brazen attack on American democracy. We intend to lead the effort it the new Congress to impose stronger sanctions on Russia.”
Meanwhile, the president-elect would prefer to, say we shall, look forward not back:
“It’s time for our country to move on to bigger and better things,” Trump said in a statement late Thursday afternoon. “Nevertheless, in the interest of our country and its great people, I will meet with leaders of the intelligence community next week in order to be updated on the facts of this situation.”
Press reaction, including that of The New York Times, positioned the move as strictly political, without much commentary concerning DDoS attacks against news sites, or the continued harassment of American journalists who cover politics or the media.
The NYT report by David E. Sanger concentrates on whether or how Donald Trump could react, giving the impression that the issue of government hacking is merely another political football to be thrown about.
“Mr. Trump will now have to decide whether to lift the sanctions on the Russian intelligence agencies when he takes office next month, with Republicans in Congress among those calling for a public investigation into Russia’s actions. Should Mr. Trump do so, it would require him to effectively reject the findings of his intelligence agencies,” Sanger writes for the Times.
Such news media coverage will make it easy for the incoming administration to dismiss Obama’s moves as mere politics by the losing party, rather than an actual security issue.
A second NYT story, this one from Andrew E. Kramer, is better in that it recounts what it says has been Russia’s efforts to recruit hackers. But as it was published just now, one has to wonder exactly how long the NYT has been sitting on this, and why? Was this published now to coincide with the sanctions, or was the story only now released, forced by the White House’s actions today?
“University students subject to mandatory conscription in the nation’s armed forces, but who wanted to avoid brutal stints as enlistees, could opt instead to join a science squadron. A government questionnaire asks draftees about their knowledge of programming languages,” Kramer writes.