On 17 December, the US Cybersecurity and Infrastructure Security Agency issued a warning saying that American government agencies, critical infrastructure entities, and private sector organisations had been compromised "by an advanced persistent threat (APT) actor" since at least March 2020.
The story popped up on Saturday, with Reuters and The Washington Post reporting about the alleged cyber intrusion into the US Treasury and Commerce departments and pointing the finger at Russia, citing "people familiar with the matter". Russian Ambassador to the US Anatoly Antonov rejected the media claims during a video conference held by Georgetown University and suggested establishing a platform for a dialogue between the US and Russian intelligence communities.
Timing of the Allegations Speaks Volumes
The timing of the alleged hack evokes strong memories of the 2016-2017 transition period when Russia was accused of breaching the Democratic National Committee's (DNC) servers, according to Gilbert Doctorow, an international relations and Russian affairs analyst.
"One constant feature of American foreign policy going back at least to the last transition in power following Donald Trump's election in November 2016 is that in this transition the wreckers use the 'interregnum' to prevent reasonable policies from being implemented by the incoming administration", he says.
He recollects that at that time Donald Trump's chances of reaching an accommodation with Russia were upset "by the illegal and unjustified expropriation of Russian consular property in December 2016, for example, and the phony Steele dossier was released before Trump took the oath of office". The latest accusations mentioning Russia came on the heels of the 2020 Electoral College vote in favour of ex-Vice President Joseph Biden, who earlier vowed to increase pressure on Moscow.
Doctorow believes the Democratic-controlled House may use the recent anti-Russia allegations to put forward a bill on tougher sanctions, likely related to the Gazprom-led Nord Stream 2 pipeline project that is heading towards completion.
"On the other hand, the Senate may not be very cooperative, especially if the Republicans win the two vacant seats in Georgia during the January election run-off", he suggests. "And the incoming Secretary of State Blinken is unlikely to want to strike the Russian jugular - he is on record as favouring SALT renewal, which would be impossible if there are draconian sanctions about to be imposed".
During his annual press conference on 17 December Russian President Vladimir Putin commented on the spying allegations promoted by the mainstream media in the US, suggesting the anonymous sources behind these reports are, in fact, US officials and intelligence agencies. The Russian president noted that these very structures were behind the similarly groundless claims against Moscow following the 2016 presidential elections, adding the new reports of "Russian hackers" could have been fabricated at their behest.
Hacking Allegations Don't Hold Water, Again
"As with the DNC hacks and Russiagate we once again find the 'Russians' being accused of hacking absent any evidence", says Earl Rasmussen, executive vice president of the Washington-based think tank Eurasia Centre. "For one, I am tired of the Russia Hack Syndrome".
The scholar recalls that four years ago Russia was accused of "exfiltrating" thousands of emails and documents from the Democratic National Committee's servers and passing them to WikiLeaks which subsequently released the trove in the summer of 2016.
In January 2017, the Intelligence Community Assessment (ICA) formally accused Russia of the supposed breach, while in July 2018 Special Counsel Robert Mueller assigned with the task of looking into the alleged ties between the Trump campaign and Moscow indicted a number of Russian individuals said to be officers of the Main Intelligence Directorate (GRU) for the reported hack. The accusations were based on the conclusions of the DNC's private cyber defence contractor CrowdStrike since neither the FBI, nor any other US government intelligence agency have to date examined the committee's hardware.
"[However], recently unclassified sworn testimony of CrowdStrike officials and senior intelligence officials all stated that there was no evidence of a hack or exfiltration", Rasmussen highlights, citing CrowdStrike President Shawn Henry's December 2017 admission under oath that the cyber firm "did not have concrete evidence that the data was exfiltrated from the DNC".
Interesting admission in Crowdstrike CEO Shaun Henry's testimony. Henry is asked when "the Russians" exfiltrated the data from DNC.— Aaron Maté (@aaronjmate) May 8, 2020
Henry: "We did not have concrete evidence that the data was exfiltrated from the DNC, but we have indicators that it was exfiltrated." 🤔 pic.twitter.com/TyePqd6b5P
CrowdStrike claimed at the time that the intruders were "two Russian espionage groups", Cozy Bear (APT29) and Fancy Bear (APT28), suggesting with a "low" to "medium"-level of confidence that they "may indicate affiliation" with Russia's Federal Security Service (FSB) and Main Intelligence Department (GRU), respectively. Moscow summarily shredded the assumptions as absurd.
The DNC contractor is also known for a groundless claim that the "Russian" group Fancy Bear hacked a Ukrainian artillery app which led to heavy losses of howitzers in 2016 that was later debunked by both the Ukrainian Defence Ministry and the US state-owned media Voice of America.
Yet, the aforementioned inconsistencies did not prevent the US intelligence community and mainstream media from continuously accusing Russia of the alleged DNC hack for over four years, Rasmussen notes.
"I think the credibility of US intelligence, law enforcement, and media are pretty much discredited", he says. "I am leery of anything coming from the media and their so-called sources without significant evidence. Besides, our own government is one of the biggest and most sophisticated cyber threats in the world".