Russian cyber activity: a thorny issue for NATO and the US

The July hacking of the US Democratic National Committee (DNC) and subsequent data leak, allegedly by Russian cyber attackers, is just one incident in a pattern of recent Russian cyber intrusions. The World Anti-Doping Agency (WADA) has also come under attack by the same organisation allegedly responsible for the DNC hack. These intrusions form a pattern of Russian cyber activity that is growing in sophistication. The fact that elements of organised crime have claimed responsibility for the DNC hack has frustrated US attempts to attribute responsibility and respond accordingly. Cyber attacks are difficult to attribute at the best of times because of the range of measures that perpetrators can take to cover their tracks, but having a third party take responsibility only increases the doubt surrounding the origin of an attack. Such operations are likely to contribute to tensions between NATO member-states and Russia, which will in turn place increased pressure on the US to maintain its support for its allies and to resist Russian attempts to weaken the resolve of its neighbours.

THE DNC HACK

The perpetrators of the DNC hack were identified by CrowdStrike, a private cyber security firm, as two organisations – Fancy Bear and Cozy Bear ­– with alleged links to the Russian intelligence community.

An attempt to cover-up the DNC attack was made by online persona “Guccifer 2.0”, whose name refers to a Romanian hacker arrested in 2014 for hacking the personal accounts of US government officials. Guccifer 2.0 made a statement on Twitter denying Russian government involvement in the attacks, and proceeded to begin leaking material taken from the DNC that showed evidence of tampering.

The US government has been loath to directly accuse the Russian government of being behind the July attack until the 8^th of October, when President Obama formally accused Russia of attempting to influence the election through the DNC hack. A joint statement from the Department of Homeland Security and the Director of National Intelligence, James Clapper, Jr., stated that only the Russian state had the capability to perform such attacks. However, the fact that it took two and a half months to attribute blame speaks to the difficulty inherent in investigating cyber attacks.

This reluctance to directly accuse alleged perpetrators is not particularly new – the White House has avoided directly blaming China for its intensive cyber espionage efforts against the US defence industry in the past. This reluctance stems from the ability of states to hide their responsibility by bouncing cyber attacks through servers around the world. However, the involvement of Russian organised crime elements can only serve to obfuscate responsibility further and therefore make the challenge of responding even more difficult.

CYBER OPERATIONS: A DANGEROUS FEATURE OF INTERNATIONAL POLICY

The recent Russian-linked cyber attacks are by no means the first. In December 2015, Estonia’s power grid was shut down by intruders linked to Russian intelligence. During the 2008 Russo-Georgian War, Georgian government websites were put out of commission by Russian hackers. Similar attacks against Ukrainian networks before the Russian annexation of Crimea in early 2014 blocked government communications.

The DNC attack comes at a precarious point in US-Russia relations, explaining Washington’s reluctance to directly attribute blame. A looming November election has brought to the fore an affinity between Republican candidate Donald Trump and Russian President Vladimir Putin, which has led some to suggest that Russia intends to influence the election to favour Trump. In the diplomatic domain, negotiations for a solution to the Syrian crisis have proven difficult (though not impossible).

Ongoing tensions between NATO and Russia have also increased markedly since Russia’s annexation of Crimea and the beginning of the conflict in Ukraine. NATO is concerned that Russia may attempt to replicate the Ukraine conflict in the Baltic states, and recently conducted the largest joint exercise in the region since the Cold War. Such military exercises have been viewed with suspicion in the Kremlin, which eyes the movement of NATO forces as threatening. Russia’s efforts to modernise its military, including its nuclear triad, are a symptom of Moscow’s concerns.

The recent cyber attacks, targeted largely at Western interests as well as NATO allies, place pressure on an already-fractious relationship between the US and Russia and add another layer of pressure on the US to assist its NATO allies in resisting Russian probing. It also has the potential to raise tensions in the European and Middle Eastern theatres.

ORGANISED CRIME AND CYBER WARFARE: A GANGSTER’S PARADISE

Cyber operations have come to fill an important role in both espionage and military planning – they are a source of enormous amounts of information, and can be used to assist military action such as by disrupting communications or obfuscating the source of an attack. The rate of state-sponsored attacks is likely to increase as cyber capabilities mature and will further complicate efforts to attribute responsibility and therefore decide how to respond. Without the ability to confidently determine whether a particular state is responsible, diplomatic responses are limited.

Russia’s increasing willingness to use cyber operations to attack Western interests causes much anxiety for NATO. The attacks described above, if indeed sponsored by Moscow, indicate that Russia considers cyber weapons as tools for achieving a vast array of foreign policy objectives outside of their traditional espionage and military functions, such as influencing foreign elections or undermining the credibility of democratic structures.

What makes the situation even more dangerous is the fact that the cyber domain crosses military, political, economic and social boundaries. The DNC hack and subsequent data leak appears to be an attempt to influence the US presidential election. Meanwhile, the release of confidential medical information from WADA also seems targeted toward Western athletes – a possible retaliation for the agency’s blockage of Russian participation in the recent Olympic Games. The attacks on Ukrainian networks in 2014 assisted with the annexation of Crimea. All of these profiles carry different levels of escalation risk and present unique challenges for parties attempting to respond.

Since the potential gains of a cyber operation far outweigh the costs – particularly when responsibility and repercussions are avoided – these types of attacks are likely to continue and will maintain tensions between the US and Russia. Moscow may be emboldened by the inability of the US to confidently and directly respond – especially if they are levelled at NATO allies and not the US itself. Such attacks may become a method for testing the resolve of the US and its commitments to its European allies.

Challenging these US alliances also has potential flow-on effects for the Asia-Pacific, where US alliance structures are currently being challenged by China’s territorial claims and military activity.

There is no doubt that Russia is not alone in conducting offensive cyber operations to achieve foreign policy goals – the US has recently confirmed what the world already knew, that it houses one of the most capable offensive cyber arsenals on the planet. The information leak by Edward Snowden in 2013 also revealed the extent of the US’ collection capability, which was deployed not only against adversaries but also against allies such as German Chancellor Angela Merkel. Cyber operations are becoming an increasingly prominent foreign policy tool for states that can develop these capabilities, including the US and its allies.

NATO’s increasing concerns about Russia’s territorial aspirations in Eastern Europe and its willingness to challenge the US-led order in Europe as a whole will likely be exacerbated by Moscow’s cyber actions. While the issue has now come to a head in the form of a formal accusation, the blurring of military and non-military targets, as well as the muddying effect of state proxies and organised crime, can only add to the complexity of the strategic landscape between the US, Russia and NATO. Cyber has become a powerful tool not just for gaining and exploiting sensitive information, but for maintaining pressure on an adversary without easy attribution.