Obama orders new sanctions program to deter foreign cyber attackers
Obama orders new sanctions program to deter foreign cyber attackers

Updated! President Obama today announced a wide ranging response to Russian interference with the 2016 U.S. presidential election that includes ejecting embassy personnel and naming Russian intelligence agencies as direct actors trying to influence the election.

American retaliation includes ejecting nearly three dozen Russian diplomats from the country, naming two specific Russian nationals as cybercriminals, along with sanctioning the Russian GRU and FSB intelligence agencies and several companies. This action is taking place after Obama approved an amendment to Executive Order 13964, originally issued in April 2015, granting the U.S. government enhanced authority to respond to cyberthreats. This includes the ability to freeze the assets of individuals or entities found to have used cyber capabilities to damage U.S. critical infrastructure.

"These actions follow repeated private and public warnings that we have issued to the Russian government, and are a necessary and appropriate response to efforts to harm U.S. interests in violation of established international norms of behavior," President Obama said in a statement.

The president also pledged that today's sanctions would be followed by additional maneuvers to help hold Russia accountable for its actions.

"These actions are not the sum total of our response to Russia's aggressive activities. We will continue to take a variety of actions at a time and place of our choosing, some of which will not be publicized," Obama said.

President- elect Donald Trump did not have an immediate response to the retaliatory measures.

Citing security concerns, the White House release did not offer any direct evidence, but that did not stop government officials from singling out specific actors and groups it believes played a role in attempting to influence the election and erode faith in U.S. democratic institutions. The New York Times reported that a more detailed report on the intelligence gathered will be released in three weeks.

The government accused the GRU and FSB intelligence agencies with directly attempting to influence the presidential election. It stated that the two groups were involved in “external collection using human intelligence officers and a variety of technical tools, and is designated for tampering, altering, or causing a misappropriation of information with the purpose or effect of interfering with the 2016 U.S. election processes.”

Several GRU officials were called out by name for sanctioning. These include Igor Valentinovich Korobov, the current chief of the GRU; Sergey Aleksandrovich Gizunov, deputy chief of the GRU; Igor Olegovich Kostyukov, a first deputy chief of the GRU; and Vladimir Stepanovich Alexseyev, also a first deputy chief of the GRU.

The White House also fingered two Russian citizens, Evgeniy Mikhailovich Bogachev and Aleksey Alekseyevich Belan, with using the internet to cause misappropriation of funds and digging up personally identifiable information (PII).

Bogachev allegedly used cyber-enabled means to steal $100 million from U.S. financial institutions, the government and Fortune 500 firms. Belan is accused of compromising the systems of three major U.S. e-commerce companies to help steal PII.

The exact details on how these attacks were accomplished was not released.

“Over the past two years, harassment of our diplomatic personnel in Russia by security personnel and police has increased significantly and gone far beyond international diplomatic norms of behavior,” the White House release said. "Other Western Embassies have reported similar concerns."

The Russian government was also notified that 35 embassy officials were being declared “persona non grata” and would be required to exit the United States within 72 hours. All are accused of acting in a manner inconsistent with their diplomatic status. In addition, the Department of State has told the Russian government that as of noon December 30 access to two Russian-government-owned compounds in Maryland and New York will be denied.

The Obama administration also announced the Department of Homeland Security and the Federal Bureau of Investigation will release a Joint Analysis Report containing declassified information on malicious cyberactivity conducted by Russian civilian and military groups. The information will include:

  • Information on computers around the world that Russian intelligence services have co-opted without the knowledge of their owners in order to conduct their malicious activity in a way that makes it difficult to trace back to Russia.
  • Data that enables cybersecurity firms and other network defenders to identify certain malware that the Russian intelligence services use. 
  • Information on how Russian intelligence services typically conduct their activities.

The U.S. government previously warned that it would conduct covert cyberactivities as part of any response to the Russian activities. This was not mentioned by the White House on Thursday, but some cybersecurity executives are warning that any cyber response must be carefully considered.

Response was also quick and positive from two members of the House, both of whom have a strong cybersecurity background.

Rep. Ted Lieu (D-Calif.) called the president's actions a step in the right direction and warned Americans that they are now living in a new environment.

"America became the punching bag for Russian, Chinese and North Korean hackers due to our previous weak responses and lack of strong cyber security defenses.  We still need to increases our cyber security defenses by an order of magnitude. Wake up America, we no longer live in the 1930s.  As Dorothy in the Wizard of Oz said, 'we're not in Kansas anymore,'" Lieu said.

From the other side of the aisle Rep. Will Hurd (R-Texas) said that while it to the government too long to take action he applauded the moves, but added more must be done.

“Months ago I called for this administration to respond to Russia's malicious cyber-attacks on American organizations by showing their ambassador to the door. While these sanctions took too long to be put into place, they are an important step in showing Russia and other adversaries that we will not allow these kinds of attacks to go unanswered," Hurd said.

Steve Grobman, Intel Security's CTO, warned that the consequences of any cyber counterattack could only be detrimental to the United States by kicking off a series of punitive attacks that could quickly spread worldwide.

“While offensive cyber operations can be highly precise munitions in that they can be directed to only impact specific targets, the global and interconnected nature of computing systems can lead to unintended consequences," Grobman said. "Impacting digital infrastructure beyond the intended target opens the door to draw additional nation-states into a conflict. This increases risk to civilian populations as countries see the need to retaliate or escalate."

Update includes Ted Lieu and Will Hurd comments.