After Fresh Cyberattacks, Experts Say Silicon Valley Showing Improved Response
As legislators prepare to grill Silicon Valley executives over Russian hacking ahead of midterm elections, some observers say the debate over expanded government oversight is far from over.
On Tuesday, Twitter CEO Jack Dorsey met with legislators in Washington ahead of Wednesday morning's hearing, where Dorsey and Facebook COO Sheryl Sandberg will answer questions about cybersecurity before the Senate Intelligence Committee.
Senator Mark Warner of Virginia, the committee's ranking Democrat, told The Washington Post that the hearing aims to "to sound the alarm that what happened in 2016, as we've seen, was not a one-off."
In recent weeks, Microsoft reported that it had disabled six Russian-launched websites masquerading as U.S. think tanks and Senate sites. Facebook and the security firm FireEye revealed influence campaigns, originating in Iran and Russia, that led the social network to remove 652 impostor accounts, some targeting Americans. The office of Republican Senator Pat Toomey of Pennsylvania said hackers tied to a "nation-state" had sent phishing emails to old campaign email accounts.
Newly reported attempts at infiltration and social media manipulation — which Moscow officially denies — point to Russia's continued interest in meddling in U.S. politics. While observers say there is no clear evidence of Kremlin efforts to disrupt midterms, it nonetheless appears hackers outside the American political system are probing for a way in.
"What's interesting about this is that the Russians have shown here that they are not at all partisan in this," said David Sanger of The New York Times, who first reported on Microsoft's account of the latest attacks, in which company officials seized website domains created by the Kremlin-linked hacker group known as Fancy Bear or APT28 — the same group that federal investigators and private cybersecurity firms blamed for the 2016 election hack.
The phony sites, designed to emulate the Hudson Institute and International Republican Institute, surreptitiously routed users to pages built by hackers to steal passwords and log-in credentials. The aim, Sanger said, is to disrupt institutions that challenge Moscow or Russian President Vladimir Putin.
"They are pursuing their own national interests, going after think tanks that have taken positions that the Russians find uncomfortable or threatening, whether it's the use of sanctions or promotion of democracy or pursuit of kleptocrats," Sanger told VOA.
The extent to which Microsoft coordinated with federal investigators to thwart the latest attack wasn't clear, he said.
"I'm not sure whether they gave the government an advance heads up, but the nature of cyber now is that you hear about these [attacks from the] companies before you hear about them from government," Sanger added.
In recent months, legislators on both sides of the aisle have expressed willingness to regulate how U.S. tech companies safeguard themselves against intrusions. But analyst Ben Nimmo of the Atlantic Council's Digital Forensic Research Lab says the Microsoft takedown bodes well for the tech sector's independent ability to prevent attacks.
"This is something we've seen over the last couple of months — tech companies have been much more forward-leaning in their attempts to prevent this kind of interference," Nimmo told VOA.
"We had Microsoft coming out up front and saying we've just stopped this attack, and they actually attributed it directly to Fancy Bear, which is very striking that they're actually confident in making that direct attribution. A couple of weeks ago, we had Facebook coming out and exposing a number of inauthentic accounts, which had some connections with the troll farm in St. Petersburg," he added, referring to the Internet Research Agency linked to the 2016 U.S. election hack. "About a month before that, we had Twitter coming out and releasing a list of handles that it had traced back to the troll farm."
A troll farm is a group of people who attempt to create disruption in an online community by posting comments online that are deliberately inflammatory or provocative.
US, European action
With all of the recent activity on the platform side, Nimmo said the question is "what are we going to see on the government level?"
More specifically, what can the West can do in order to pressure the Russian government — and does the West have the political will to do it? If nothing else, the latest attacks are likely to embolden U.S. and European lawmakers to pass additional sanctions.
"Although I think we need to fully understand the scope of this activity that Microsoft has reported, it clearly demonstrates that Russia is not in any way pulling back from the techniques that it used in 2016," said Alexander Vershbow, a distinguished fellow at the Atlantic Council's Scowcroft Center for Strategy and Security, and a former NATO deputy secretary general.
"If anything, it's broadening its target to include conservative think tanks and organizations like the Hudson Institute, and so I think you can say right now, at a minimum, it would give momentum to congressional efforts to tighten the sanctions even further," added Vershbow, who also has been a U.S. ambassador to Russia, South Korea and NATO. "It may also strengthen the hand of administration officials as they consult with Europe in trying to push the Europeans to tighten their sanctions as well."
Retired Marine General Jim Jones, former national security adviser during the Obama administration, said although sanctions can be effective in the short term, long-term national security depends on safeguarding the cyber infrastructure itself.
"In a not so distant future, the country that first succeeds in reaching complete cybersecurity will be able to cause even more serious disorders," Jones told VOA. "That's the essence of cyberwar in our century."
For individuals targeted by foreign hackers, such as the Hudson Institute's Russian kleptocracy expert Ben Judah, no amount of new sanctions or malware detection will be enough.
"Be careful of what you keep on your computer and on your phone," Judah told VOA. "Have sensitive information? Use pen and paper."
Following Wednesday morning's Senate hearing, Twitter CEO Dorsey will appear solo before the House Energy and Commerce Committee, where he'll be asked to address allegations of political censorship.
This story originated in VOA's Russian Service. Original reporting contributed by Natalia Antonova and Jela De Franceschi. Some information is from AP.