US newspaper’s ‘Biden will hack Russia’ claim: A good way to reassure Putin you’ll leave him alone

Opinion The US government might have subtly signalled that it likely won’t hack Russia this month – by telling credulous journalists it has a “clandestine” plan to, er, launch an attack against its rival before April.

The counterintuitive move came over the weekend when The New York Times published a story setting out how “over the next three weeks… a series of clandestine operations” will take place “across Russian networks” with the intention of secretly getting the attention of Vladimir Putin and his intelligence services.

Set against the backdrop of the SolarWinds and FireEye hack, and the most recent Hafnium attacks against Microsoft Exchange servers, it isn’t hard to imagine presidential PR advisors wanting to give the impression that cyber warfare is their boss’s top priority.

Yet the effect of those words is to warn Russia that an attack of some sort is on its way, and it’ll be soon, thus putting Vlad and chums on high alert. Clearly this is not how cyber warfare is going to be waged, any more than the US Air Force might phone ISIS and warn them of a missile strike on their leader’s compound next Tuesday.

A better way of looking at this political briefing is to divine what the real message is and who it’s intended for. Here it seems that the target market is US audiences, worried that new president Joe Biden hasn’t yet done something decisive to respond beyond rhetoric in the face of America’s enemies.

Ciaran Martin, former head of Britain’s National Cyber Security Centre and no stranger to the feverish atmosphere of international cyber policy, agreed, telling The Register: “I think this is for domestic consumption. I suspect if it was an authorised leak, it was authorised by someone who doesn’t understand it.”

He also pointed to his tweets this week on the topic.

The greater danger, if the newspaper report is taken at face value, is that a US cyberattack (of whatever form) against Russia in the next few months would give plenty of ammunition to Russia for complaining about US cyber-aggression: a charge that would be impossible to refute – and which would be gleefully repeated at any moment when Western leaders tried to seize the moral high ground over international cyber norms.

“Clearly valuable information has been lost and, worse, it is now public,” Matthew Connor, a senior service delivery manager at Finnish infosec firm F-Secure, told The Register. “Russia can deny [involvement in recent cyberattacks] despite how strong the evidence might be, and escalate any actions taken against them. A new president has to show strength, but this one might have wanted to keep any necessary retribution out of the public eye.”

That’s now impossible; the cat is out of the bag. Moreover, Martin, who has a better claim to expert knowledge of the cyber policy field than most commentators, said in the past that bombast about launching cyber attacks generally hasn’t worked as a deterrent against hostile attacks.

Whatever the White House’s press officers were thinking, it seems safe to conclude that this is a bold tactic in cyber policy and international relations. ®

Bootnote

The Biden government has made moves to distance itself from the article, as a CNBC TV news station correspondent has uncovered.

READ MORE HERE