U.S. and international sanctions have already significantly weakened Russia’s economy. | Getty How could Obama secretly hack Russia? Cybersecurity experts say the Obama administration is not likely to pursue cloak-and-dagger steps against Russia now.

The Obama administration wasn’t shy Thursday about implying that the U.S. may stealthily strike back at Russia over its election-year meddling with more than just the financial and diplomatic punishments it publicly announced.

"These actions are not the sum total of our response to Russia’s aggressive activities," President Barack Obama said in a statement after the White House revealed its retaliation for a series of hacks that felled major Democratic groups and campaign operatives. "We will continue to take a variety of actions at a time and place of our choosing, some of which will not be publicized.”


The president didn’t elaborate, but it is well-known that the U.S. cyber arsenal is the best in the world, stocked with classified capabilities for clandestinely interfering with adversaries’ networks. Covert U.S. cyber responses could range from erasing Russian government databases, to leaking embarrassing documents on Kremlin officials, to releasing copies of Moscow’s elite hacking tools.

There are only two known instances so far of the U.S. using offensive cyber techniques. Nearly a decade ago, the so-called Stuxnet virus took out nearly 1,000 of Iran's 6,000 nuclear centrifuges . More recently, the Obama administration launched a sustained U.S. military cyber campaign against the Islamic State.

But cybersecurity experts — including some former government hackers who would have conducted these type of operations — cautioned that the Obama administration is not likely to pursue cloak-and-dagger steps against Russia now. They explained that such moves either risk escalation, reduce U.S. surveillance capabilities or exceed the traditional standard of proportionality in conflict.

“If you look at the proportionality,” said Blake Darché, who spent four years as an NSA hacker, “it is very difficult to come up with a proportional cyber response to what the Russian government did.”

Nonetheless, if Obama does want to go beyond what he has announced, he has many options to consider.

Embarrassing Putin

It is widely reported that Russian President Vladimir Putin profits from shadowy financial arrangements. One of the least aggressive cyber response options would be for the U.S. to release documents detailing these arrangements.

“I’d be looking for things that are more responsive, like manipulating [the] Russian press, smearing Vladimir Putin, causing long-term effects on Putin himself,” said Darché, currently the co-founder and chief security officer at Area 1 Security. “Things to undermine him.”

Michael Sulmeyer, the Pentagon’s former director of cyber policy planning, said that while releasing damning financial documents would probably be proportional to the Russian election interference, it’s “probably unlikely at this point.”

“It’d be so obvious who did it, why not just own it, at a certain point?” he said.

Of course, the Obama administration may release damning documents just to prevent President-elect Donald Trump from burying them when he takes office.

“If you’ve got that kind of information on Putin, maybe the theory is, ‘Use it now before the new team comes in,’” said Sulmeyer, who now leads the Cyber Security Project at Harvard’s Belfer Center for Science and International Affairs.

Defanging Russian hackers

When a mysterious group calling itself the Shadow Brokers earlier this year posted online a collection of NSA hacking tools, some intelligence experts believed Russia was trying to send the U.S. a message: We have the goods on your secret operations and will expose them if needed.

To hurt Russia where it counts, the Obama administration could do something similar.

American counterintelligence officials have recently renewed their focus on Russian spies, and the CIA might be able to acquire and publish a cache of Kremlin tools. The files would show how Russian hackers cracked into networks, including which code flaws they exploited, effectively neutering the potency of those attacks.

The Obama administration took a similar, albeit public, step Thursday when it published forensic data on Russian hackers that companies can plug into their monitoring software to scan for Moscow-linked intrusions.

But telling Russia — even secretly — that U.S. officials know about its hacking techniques amounts to a warning that Russian intelligence agencies should change their approach.

“I would think that many in the [intelligence community] would say, ‘Look, you don’t stand to gain that much anyway at this point. Why burn this particular information when it’s not clear what the return on that investment will be?’” said Sulmeyer.

A former NSA hacker, who requested anonymity due to the sensitivity of the subject, said trying to neuter Russian hackers is “a great approach as long as it doesn't compromise sources and methods.”

“I tend to think this is exactly what Russia did to the U.S. with the leaked NSA exploits,” said the former hacker, referencing the Shadow Brokers posting, which experts said would disrupt the NSA’s ability to digitally snoop for years to come as the agency works to rebuild the exposed hacking tools and reestablish footholds in networks where their presence was blown.

Wiping servers

Russian government agencies and state-owned corporations offer tempting targets for clandestine U.S. digital sabotage and destruction.

The NSA has spent years breaking into foreign adversaries’ computer networks and infecting machines with software that it calls “ implants ” — pieces of code that let the agency monitor data crossing those networks. These implants are comparable to hidden cameras that facilitate surveillance. But because they offer a gateway into a network, they can also be used as jumping-off points for disrupting operations on that network. They are, in effect, hidden cameras with built-in bombs.

“It allows you to do various operations against that asset, potentially to cause effects,” said Darché.

The U.S. could take advantage of implants in Russian ministry networks to erase or manipulate important databases.

In 2012, a cyberattack on the giant oil company Saudi Aramco wiped 35,000 computers and devastated supply operations, possibly using an implant. U.S. officials believe Iran was responsible.

But using an implant in this manner would reveal its existence to the Russians, and the intelligence community — which prides itself on casting a massive surveillance net — is likely to strenuously oppose such an order.

“I love this idea, but I'd be extremely hesitant to do it,” said the former NSA hacker who asked for anonymity. “If we have access to these servers or [communications] channels already, it could kill our access to good intel.”

Another problem with wiping a government server is that the target selection involves a precarious balancing act.

“The real trick there,” said Sulmeyer, “is what’s a target?”

It has to be something, he added, “that will have enough of a noticeable effect that it’s unmistakable that it wasn’t an accident — that someone just didn’t screw up — but isn’t so escalatory that you force the other side into a corner where they have to retaliate and escalate back.”

Disrupting communications

While the U.S. almost certainly won’t target civilian infrastructure in Russia, it could digitally attack the communications links between government agencies in Moscow. Severing official interagency channels would not cause catastrophic damage but would hamper those agencies’ work.

Russia has used a similar technique to attack other nations in the past.

In 2007, Russia deployed its hackers to bring down financial networks, communications systems and news organizations in Estonia, a West-leaning former Soviet republic that is one of the world’s most internet-dependent nations. A year later, in the weeks before it invaded the Georgian region of South Ossetia, Russian cyber operators blasted Georgian servers belonging to the same kinds of targets with garbage traffic — a crippling technique known as a distributed denial-of-service, or DDoS, attack.

“In the comparative scheme of things, that’s a less escalatory action to take in cyberspace than data deletion,” Sulmeyer said. “So there’s some benefit to distributing communications through something like a DOS.”

There are other precedents for communications disruptions. After North Korean hackers crippled Sony Pictures in 2014, the hermit kingdom’s entire internet connection went down and blinked on and off for about a week. North Korea accused the Obama administration of pressuring China, which controls its internet, to take the country offline, a charge that was never proven.

WikiLeaks founder Julian Assange — whose website this year published tens of thousands of Hillary Clinton campaign chairman John Podesta’s hacked emails — may have faced a similar punishment. A few weeks before the election, NBC News reported that U.S. officials pressured Ecuador — who has granted Assange diplomatic asylum in its London embassy since 2012 — to restrict his internet access. U.S. officials denied exerting any such pressure.

But one problem with this idea, said the former NSA hacker, is that disrupting certain agencies’ networks would tip Russia off about where the U.S. had a digital foothold.

Manipulating the financial system

One of the most dramatic options on the table is tampering with Russia’s economy, perhaps by releasing false information or sabotaging financial networks.

U.S. and international sanctions have already significantly weakened Russia’s economy, but senior Kremlin officials may have been able to weather that storm. A more direct attack on the financial system could make things more difficult for Putin and his aides.

But tampering with Russia’s financial sector is fraught with risk so extreme that it is almost certainly not being considered.

“If you started trying to manipulate Russian financial markets through cyberattacks,” Darché said, “what you did could all of a sudden cause a very big cascading effect in the U.S. financial market, because markets are so linked.”

“The last thing you want to do as the president of the United States,” he added, “is crash the U.S. economy because you’re trying to respond to some guy who’s hacked 10 politicians.”

In addition, digital tampering with Russia’s economy would violate the norms of cyber conduct that the Obama administration has consistently worked to encourage.

“You worry that that sets a norm that it’s more and more acceptable to do that,” Sulmeyer said. “There’s a lot of other actors who have a lot to lose if the international community comes to believe that, ‘Yeah, when things are unpleasant, it’s okay to start manipulating the financial sector.’”