According to a report from The New York Times, the Biden administration is planning cyberattacks against Russia in the coming weeks. The cyber offensive could come with new sanctions and would mark a serious escalation towards Moscow from the new administration.
Anonymous US officials told the Times that the first “major move” is expected to happen over the next three weeks. It will consist of a “series of clandestine actions across Russian networks that are intended to be evident to President Vladimir V. Putin and his intelligence services and military but not to the wider world.”
The officials said the cyberattack will come along with new economic sanctions on Russia. Last week, the Biden administration slapped sanctions on Russian officials over the jailing and alleged poisoning of opposition figure Alexei Navalny.
The planned cyberattack is being framed as retaliation for the hack of the software firm SolarWinds that affected several US government agencies. The SolarWinds hack was discovered late last year. It was immediately blamed on Russia by members of Congress and Western media outlets despite a lack of evidence that showed Moscow was responsible.
The US formally attributed blame to Russia for the SolarWinds hack in January. The FBI, NSA, the Cybersecurity and Infrastructure Security Agency, and the Office of the DNI released a statement that said the hack was “likely Russian in origin.” Missing from the statement was any evidence for the accusation.
The reality is, attributing cyberactivity is difficult as hackers have methods to conceal their identity. One reason US officials and media outlets say it could have been Russia is the sophistication of the hack. But testimony from SolarWinds’ former CEO and a cybersecurity expert made it clear that anybody could have accessed SolarWinds’ servers due to a major security lapse.
After the hack was first discovered, Vinoth Kumar, a cybersecurity expert who advised SolarWinds, said the password for the firm’s update server was “solarwinds123.” Kumar said he warned SolarWinds that anyone could access the server because of this password. “This could have been done by any attacker, easily,” he told Reuters last December.
Kumar’s claim about the password turned out to be true. It was confirmed during congressional hearings in February that not only was “solarwinds123” the password it was also leaked and available to the public on the internet for years. Former SolarWinds CEO Kevin Thompson blamed an intern for posting the password on GitHub, a platform programmers use to share software information.
“They violated our password policies and they posted that password on an internal, on their own private Github account,” Thompson said during a joint hearing by the House Oversight and Homeland Security committees.
Sudhakar Ramakrishna, the current SolarWinds CEO, said the password was publicly available as early as 2017. “I believe that was a password that an intern used on one of his Github servers back in 2017,” he said. SolarWinds did not correct the issue until November 2019. According to the timeline from SolarWinds, suspicious activity on their server began in September 2019.
Despite the fact that it is well established that anyone could have accessed SolarWinds’ servers and the best the US intelligence agencies could come up with is that Moscow is “likely responsible,” the US is poised to launch a cyberattack on Russia anyway.
The Times story that reported the Biden administration’s plans also mentions another recently discovered hack of Microsoft email servers that is being blamed on another US adversary, China. The hack apparently affected servers used by small businesses, local governments, and military contractors.
So far, it’s just Microsoft making the claim that China was responsible for this cyberattack, and the US has yet to attribute blame. But according to the Times, the Biden administration is already mulling options to go after China for the Microsoft intrusion.
According to the Times, in August 2018, President Trump signed a secret document giving US Cyber Command more authorities to go on the offensive in the cyber realm. These authorities are reportedly under review by the Biden administration, and any major cyberattacks must be brought to the White House and the National Security Council before being carried out.