Hacking ‘Likely’ Came From Russia, U.S. Says in Belated Official Statement on Major Intrusion

American intelligence agencies formally named Russia as the “likely” source of the broad hacking of the United States government and private companies, and declared that the operation was “ongoing” nearly a month after it was discovered.

The statement jointly issued Tuesday by four government agencies was a clear rebuke of President Trump’s efforts, in posts on Twitter, to suggest that China was behind the hacking. But inside the intelligence agencies, there are few doubts that Russia is responsible. There has been no information gathered pointing to China, according to people briefed on the material.

The statement also underscored the degree to which American intelligence agencies are still playing catch-up, after being alerted in mid-December by private security firms to the broadest and deepest penetration of American computer networks in modern times. The intelligence agencies have concluded with a high degree of confidence that Russia was responsible for the hacking, according to people briefed on the analysis.

The statement is as definitive a blaming of Russia as the United States has made, and echoed the early statements in 2016 about the Kremlin’s interference in the election. It took months in that case to link the attacks back to orders given by President Vladimir V. Putin.

Mr. Putin and his lead intelligence agency, the S.V.R., were not mentioned in the statement issued Tuesday. But the broad conclusion that Russia was the likely source of the penetration of American systems had already been announced by Secretary of State Mike Pompeo and the attorney general at the time, William P. Barr.

Tuesday’s statement was carefully worded, in a nod to Mr. Trump’s personal skepticism of Russian culpability.

But however carefully worded, the formal conclusion sets the stage for retaliation, most likely by President-elect Joseph R. Biden Jr. after he takes office. Mr. Biden, unlike Mr. Trump, has declared that whoever was behind the operation would pay a steep price.

The statement said that a still unidentified cyberactor, most “likely Russian in origin, is responsible for most or all of the recently discovered, ongoing cybercompromises of both government and nongovernmental networks.”

It added: “At this time, we believe this was, and continues to be, an intelligence gathering effort. We are taking all necessary steps to understand the full scope of this campaign and respond accordingly.”

The characterization of the intrusion as an “intelligence gathering effort” is significant because it shows there is no indication yet that the Russians had planted malware in American systems that is intended to cause disruptions to power grids or alter data in government or private databases.

But in interviews over the past two weeks, both government and private officials have said they are still discovering the scope of the intrusions, and it may take months to figure out whether Russia or others may make more malicious use of “back doors” they placed in the systems.

The statement by the office of the director of national intelligence, the National Security Agency, the F.B.I. and the Department of Homeland Security appeared very similar in wording to one the White House was preparing to release nearly two weeks ago. But it was pulled back after Mr. Trump erupted at his intelligence briefers and said they had no evidence to link the action to Russia.

The various agencies have already created ad hoc working groups to deal with the hacking, but a formal creation of a new task force is a reflection that getting a handle on the full scope of the huge Russian hacking will take time and is beyond the abilities of any single government agency.

While computers at many agencies were infected with the back door giving access, the Russian intelligence agencies were judicious in which of those doors they opened and what information they stole, complicating the investigation of what material was taken.

Setting up the task force will help the Department of Homeland Security, the F.B.I. and the National Security Agency better and more quickly share information, according to government officials.

In addition to trying to get a deeper understanding on what the Russian spies took, the task force will also examine what is needed to fix existing computer networks and ensure no other vulnerabilities remain in government networks created by the Russian hackers.

Members of the task force will also begin the process of trying to put new procedures in place to try to prevent similar future vulnerabilities from being exploited by adversarial powers.

Source: Read Full Article