Share this
A Post-Hack Crisis, Escalation of Rhetoric and Where to Place Blame
by Reflare Research Team on May 8, 2021 7:03:00 PM
Widespread accusations towards the Russian government services and the apparent lack of a “smoking gun” after the 2016 US election raises the question of whether the United States brought on a second post-hack crisis of their own creation.
First Published 12th January 2017 | Latest Refresh 8th May 2021
The accused - Mother Russia.
4 min read | Reflare Research Team
Confusion as a Weapon
The New Year holidays and early congressional hearings of 2017 brought a steep escalation of the cyber conflict between the US and Russia, with the then outgoing Obama administration openly accusing Russia of interfering with the US election and imposing sanctions. The reporting on this issue was somewhat confusing as the average consumer of news at the time was unable to credibly evaluate the evidence presented. To confuse matters further, many special interest actors were deliberately or accidentally spreading inaccurate summaries.
Using this topic as an example, we will use this research report do our best to summarize the dynamics and developments that lead to an increase in associated risks that can enduce a post-hack crisis.
Hacking to Influence an Election Vs. Hacking an Election Itself
As we covered way back in our final research briefing of 2016, "hacking an election" can mean two very different things. The first interpretation is that an actor used cyber-attacks and information leaks to influence public opinion. The second interpretation is that an actor directly hacked the voting machines or tallying systems to falsify the election results.
While suspicions about the second kind of attack abounded at the end of 2016 and several recounts were held, no credible evidence at this point suggests that the election results themselves were altered using a cyber-attack. Accordingly, the focus has shifted to whether Russia was involved in altering public opinion through targeted leaks.
Reports on Hacking
On December 29th 2016, the CIA and FBI jointly released a report outlining the findings supposedly liking Russia to the attacks against the DNC and other US targets. While the report has been described as "proof" by some media sources, it contains very little actual information and appears to be hastily written. It includes:
- Several diagrams displaying common C&C patterns supposedly used by Russian attackers
- A list of aliases supposedly used by Russian attackers
- A fingerprint for the *PAS TOOL WEB KIT, an open source attack toolkit which is freely available and very commonly used
- General information on common hacking attacks and advice for companies to train their staff and develop a security policy
What was not included are times, dates, Ips or any other details on actual attacks.
*The PAS TOOL WEB KIT is so commonly used around the world that a reader cannot follow the attribution of it to Russian government services. Quite to the contrary; the claim that a state actor is using a publicly available toolkit instead of a more advanced custom-made one is surprising.
From an IT security perspective, the joint report itself contains no information that would indicate Russia was behind the attacks. While the private sector security companies tasked with investigating the breaches have published more detailed reports on when and how each attack took place, we still have not seen any information linking them to any state actor. The CIA and FBI joint report seems to mostly serve the defensive purpose we have pointed out repeatedly in the past; the anonymous nature of cyber-attacks allows the victim to decide on a convenient party to blame for damage mitigation.
A further report was released on 7th of January 2017 by the ODNI. It goes into greater detail to outline coordinated social media campaigns, orders publicly or allegedly given by Putin and re-states claims that confidential information exists that proves Russian involvement in hacking attacks.
As expected, however, no such information is published in the report itself. It is important to note that even publishing this kind of report in an unclassified format is highly unusual for the US intelligence services. The common mode of operation by most media outlets has been to accept intelligence service conclusions as-is.
Do official reports that lack the evidence needed to support their claims of a breach only make matters worse?
It is likely that much more information on the attacks exists in a classified format within the US government. However, it is unclear whether a higher level of transparency and reporting will be applied to intelligence findings related to cyber security in the future.
This briefing in no way proposes to claim that Russia was not involved in the election-impacting attacks. However, likewise, no proof that Russia was involved is publicly available either. Please note that our assessment merely covers the dynamics of cyber-attacks and not whether or not Russia was involved in more traditional propaganda.
Subsequently, our assessments from prior research reports on events such as this remain unchanged:
We believe it to be highly unlikely that the state actor behind events like the 2016 US election attacks will ever be identified with a level of proof that would hold off in a court of law or international opinion. We predict that attacks following the same pattern of 1) gathering damaging information about an adversary, and 2) then leaking it will grow in numbers as time goes on. The plausible deniability built into these assertions makes them more attractive than outright attacks against the infrastructure of threat actors.
As you have seen in this research brief, there is much to think through when it comes to how you should act once you believe a breach has occurred. However, this is a reactive skill that most learn in the moment, which is way too late. You can learn how to get ahead of such breaches and mitigate the risks of these and many other types of attacks by checking out our research briefs on other related topics.
Share this
- December 2024 (1)
- November 2024 (1)
- October 2024 (1)
- September 2024 (1)
- August 2024 (1)
- July 2024 (1)
- June 2024 (1)
- April 2024 (2)
- February 2024 (1)
- January 2024 (1)
- December 2023 (1)
- November 2023 (1)
- October 2023 (1)
- September 2023 (1)
- August 2023 (1)
- July 2023 (1)
- June 2023 (2)
- May 2023 (2)
- April 2023 (3)
- March 2023 (4)
- February 2023 (3)
- January 2023 (5)
- December 2022 (1)
- November 2022 (2)
- October 2022 (1)
- September 2022 (11)
- August 2022 (5)
- July 2022 (1)
- May 2022 (3)
- April 2022 (1)
- February 2022 (4)
- January 2022 (3)
- December 2021 (2)
- November 2021 (3)
- October 2021 (2)
- September 2021 (1)
- August 2021 (1)
- June 2021 (1)
- May 2021 (14)
- February 2021 (1)
- October 2020 (1)
- September 2020 (1)
- July 2020 (1)
- June 2020 (1)
- May 2020 (1)
- April 2020 (2)
- March 2020 (1)
- February 2020 (1)
- January 2020 (3)
- December 2019 (1)
- November 2019 (2)
- October 2019 (3)
- September 2019 (5)
- August 2019 (2)
- July 2019 (3)
- June 2019 (3)
- May 2019 (2)
- April 2019 (3)
- March 2019 (2)
- February 2019 (3)
- January 2019 (1)
- December 2018 (3)
- November 2018 (5)
- October 2018 (4)
- September 2018 (3)
- August 2018 (3)
- July 2018 (4)
- June 2018 (4)
- May 2018 (2)
- April 2018 (4)
- March 2018 (5)
- February 2018 (3)
- January 2018 (3)
- December 2017 (2)
- November 2017 (4)
- October 2017 (3)
- September 2017 (5)
- August 2017 (3)
- July 2017 (3)
- June 2017 (4)
- May 2017 (4)
- April 2017 (2)
- March 2017 (4)
- February 2017 (2)
- January 2017 (1)
- December 2016 (1)
- November 2016 (4)
- October 2016 (2)
- September 2016 (4)
- August 2016 (5)
- July 2016 (3)
- June 2016 (5)
- May 2016 (3)
- April 2016 (4)
- March 2016 (5)
- February 2016 (4)