Since US intelligence agencies in October identified the Russian government as the source of hacker attacks that breached the Democratic party organizations and leaked private email conversations, President’s Obama’s White House has been searching for an appropriate response. Now, the administration has finally shot back, deporting Russian officials and calling out the individuals and organizations responsible for that hacking, in a set of measures never before seen in America’s digital diplomacy.

The White House on Thursday announced a severe series of measures aimed at punishing Russia’s state-sponsored political hackers and deterring further meddling in US elections. One element of the response, laid out in an executive order, includes sanctions against a handful of Russian organizations and individuals targeted by name. The US will expel 35 Russian diplomats believed to have acted as intelligence agents, and ban Russian personnel from two Russian-government compounds that the White House says were used for Russian intelligence gathering from American soil. Finally, the White House has expanded the scope of the president’s powers from an earlier executive order, giving the president the power to impose sanctions not only in response to cyberattacks that affect national security, but also against anyone “determined to be responsible for tampering, altering, or causing the misappropriation of information with the purpose or effect of interfering with or undermining election processes or institutions.”

“It’s extraordinary step to interfere in the democratic process,” said a White House official in a background phone call with reporters Thursday. “They need to be held accountable for that…This is an attack on our democratic system, and we’re responding in kind.”

Strong Sanctions

The White House’s collection of retaliatory tactics represents arguably the strongest-ever response to state-sponsored hacking attacks in the history of the internet, and goes significantly farther than the steps taken against North Korea in the wake of that country’s 2014 hack of Sony. “It’s the biggest retaliatory move against Russian espionage since the Cold War,” says James Lewis, a cybersecurity-focused fellow at the Center for Strategic and International Studies.

Even so, some prominent politicians from both political parties voiced concerns that the retribution does not go far enough. “The retaliatory measures announced by the Obama Administration today are long overdue. But ultimately, they are a small price for Russia to pay for its brazen attack on American democracy,” said Republican Senators John McCain and Lindsey Graham in a joint statement. “The actions the President took today are an important step, but preventing Russia from interfering in our elections will require a sustained response from the next administration and from Congress,” said Mark Warner, the leading Democrat on the Senate Intelligence Committee.

Ultimately, the response’s efficacy will depend in large part on whether President-elect Donald Trump’s administration carries the new sanctions forward. Trump has, until now, dismissed the threat of sanctions against Russia, and even the assessment of American intelligence agencies that the Russian government was behind the attack. “I think we ought to get on with our lives,” Trump told reporters Thursday when asked about the Russian attacks and a potential response. In an earlier statement, his transition team brushed off the intelligence agencies’ attribution of the attacks to Russia’s attempt to help him win the presidential election, writing that “these are the same people that said Saddam Hussein had weapons of mass destruction.”

Several hours after the White House announced its sanctions, Trump released an official response that seemed at least open to hearing the case against Russia out. “It’s time for our country to move on to bigger and better things. Nevertheless, in the interest of our country and its great people, I will meet with leaders of the intelligence community next week in order to be updated on the facts of this situation,” the Trump statement says.

Immediate Action

Obama’s White House, meanwhile, isn’t waiting for Trump’s approval. In addition to the 35 “diplomats” being asked to leave the US, the new sanctions blacklist specifically names five Russian organizations and six individuals. It includes not only Russia’s FSB and GRU intelligence agencies, but also its St. Petersburg-based intelligence agency known as the Special Technology Center, a security contractor known as Zor Security, and an innocuously named agency in Moscow known as the Autonomous Non-Commercial Organization Professional Association of Designers of Data Processing Systems. Among the six named men, four are GRU senior officials. The other two are a Russian and a Latvian, whom the White House describes as “notorious cybercriminals” responsible for a series of financially motivated attacks against American companies. Those are in addition to the 35 Russian “diplomats”—in fact believed to be working as intelligence operatives.

The Department of Homeland Security’s U.S. Computer Emergency Response Team also released new data (embedded in a PDF below) about a broad campaign of Russian government hacking it has named “Grizzly Steppe.” That campaign, according to US CERT, includes not only this year’s attacks on the Democratic National Committee (DNC) and the Democratic Congressional Campaign Committee (DCCC), but also hacks of think tanks, universities, and corporations.

The White House’s announcement didn’t include mention of retaliatory hacking, a measure the cybersecurity community has widely speculated might follow from the DNC and DCCC hacks. But officials hinted that some elements of the White House’s counterattack still haven’t been revealed. “This should not be mistaken for the sum total of our response,” one official said in the press briefing.

The Russian government, for its part, has been both dismissive of the retaliatory measures, and threatened its own response. Russia’s British Embassy in the United Kingdom tweeted that “everybody, [including] the [American] people, will be glad to see the last of this hapless [administration]” along with a picture of a duckling and the word “lame” written across it. In a statement to the Associated Press, the Russian government said it was mulling its own countermeasures against the U.S., which could include ejecting American officials from Moscow or naming American individuals involved in U.S. government intelligence operations.

The China Precedent

While deporting dozens of Russian officials sends a dramatic message, the added step of naming individuals responsible for Russia’s government hacking attacks isn’t exactly unprecedented. The White House’s new measures seek to replicate the Obama administration’s past success with that tactic in deterring an earlier wave of state-sponsored hacking by the Chinese government against private sector targets. Following years in which China’s cyber-spies were linked to hundreds of intrusions in the networks of American companies for the purposes of economic espionage, the US Justice Department in 2014 indicted five members of China’s People’s Liberation Army on hacking charges. It followed up with a threat of trade sanctions in 2015 that led to a mutual agreement with China later that year not to engagement in economic espionage. With a few exceptions, that agreement has held up, and Chinese attacks on corporate targets have fallen off as much as 90%, according to breach remediation security firms including FireEye and Crowdstrike that have tracked the attacks.

For that strategy to work again, the Trump administration will have to carry the sanctions forward when it takes power on January 20th. Despite Trump’s friendly posture toward Russia, his administration won’t be able to easily reverse the new measures, says CSIS’s Lewis. He points out that to lift the sanctions, the new Secretary of the Treasury would have to announce that the Russian hacking activity that sparked the measures had ceased. That could offer political fodder to hawkish members of Congress like McCain and Graham, hampering the confirmation process for Trump’s preferred cabinet members. “It would be handing the Hill a club to beat up Trump’s appointees,” says Lewis. “It would be very difficult to reverse this during the confirmation phase.”

Here’s US CERT’s full briefing on the Grizzy Steppe intrusion campaign, including details for potential targets of Russian hacking on how to mitigate their attacks.







JAR 16 20296 (PDF)



JAR 16 20296 (Text)



This story has been updated to include Donald Trump’s statement.