In its first 14 months, the Trump administration has earned a reputation for being soft on the Kremlin, even as the extent of the chaos Russia’s hackers and trolls have inflicted online becomes increasingly clear. But more recently, the White House’s rhetoric towards Russia has begun to shift. And now the executive branch has not only called out the Kremlin for a broad collection of rogue actions online, but finally meted out a concrete financial punishment.
On Thursday, the US Treasury announced new sanctions against a list of Russian citizens, officials and entire agencies, including 19 individuals and five organizations. The list comprises more than a dozen members of the so-called Internet Research Agency, whose broad social-media trolling campaign to influence the 2016 election was outlined in an indictment from special counsel Robert Mueller weeks ago. It also includes several agents of the GRU, the Russian military intelligence agency believed to be responsible for both the hacking of the election-related targets like the Democratic National Committee and the creation of the malware known as NotPetya, whose outbreak last summer the White House has called the most cost cyberattack in history. And if that weren’t enough, the White House also threw in a warning about ongoing Russian probes of the US power grid and other industrial control systems, which the cybersecurity industry has warned about since late summer of last year.
“Hard as it may be to believe, it looks like the White House attitude towards Russia is hardening,” says James Lewis, the director of the Center for Strategic and International Studies’ Technology and Public Policy Program. “The Russians have really gone overboard in doing bad things, and there’s a general consensus now in the US intelligence and military that we need to push back. Sanctions are a preferred method because it’s not a use of force, but the Russians hate them.”
‘Sanctions are a preferred method because it’s not a use of force, but the Russians hate them.’
James Lewis, Center for Strategic and International Studies
The GRU officials and the IRA-connected individuals will be banned from doing business with any US companies or traveling to the US. The sanctions also hit the IRA itself and two linked companies, Concord Management and Consulting and Concord Catering. The earlier indictment of IRA staff had included allegations two Russians travelled to the US as part of their disinformation campaign and paid for politically focused ads on Facebook—two elements of the group’s work that will be significantly harder to achieve with the new sanctions in place. “These targeted sanctions are a part of a broader effort to address the ongoing nefarious attacks emanating from Russia,” Treasury Secretary Steve Mnuchin wrote in a statement to reporters, promising more to come. “Treasury intends to impose additional…sanctions, informed by our intelligence community, to hold Russian government officials and oligarchs accountable for their destabilizing activities by severing their access to the US financial system.”
The financial ban, according to CSIS’s Lewis, represents more than a slap on the wrist. “It makes you sort of an outcast on Wall Street,” Lewis says. “You’re going to take a vacation to Hungary and present them with a Russian credit card? What’s a Russian credit card? You’re cutting these people off from the American economy, and that has a global effect.”
The sanctions notably address not just election meddling, but Russia’s broader destabilizing cyberattacks. In a press call with reporters, one senior official emphasized that the GRU sanctions came in response to the NotPetya malware attack, a data-destroying worm that rippled out from targets in Ukraine to cripple companies and organizations around the world last summer, including business giants like Merck, Maersk, and FedEx. “We have an additional expectation that tools like NotPetya not be used in a reckless fashion, causing $10 billion in damage or more across the globe,” said one senior intelligence official, naming a new estimate yet of NotPetya’s damage, the highest number yet that officials have named. “We’ve made clear the rule, we’ve started to make clear the penalty associated with that rule.”
Piled on top of the sanctions announcement was a distinct, disturbing warning from the Department of Homeland Security and the FBI, providing the first public statement yet tying Russia to a series of attacks on US infrastructure targets that first came to light last summer. Those attacks, which the industry has pinned on a hacker group known as Dragonfly 2.0 or Palmetto Fusion, gained direct access to the industrial control system interfaces of US power grid targets, including nuclear facilities, potentially giving hackers the opportunity to start flipping switches at will.
The new alert from the FBI and DHS confirms that deep intrusion, even including a screenshot of a control panel the hackers accessed, as well as pointing the finger at the Russian government for the first time as the source of the attacks. In their report, the two agencies describe the attacks as a “multi-stage intrusion campaign by Russian government cyber actors who targeted small commercial facilities’ networks where they staged malware, conducted spear phishing, and gained remote access into energy sector networks. After obtaining access, the Russian government cyber actors conducted network reconnaissance, moved laterally, and collected information pertaining to Industrial Control Systems (ICS).”
Taken with the sanctions, the grid-hacking warning represents a serious message from the Trump administration to Russia that its multifaceted internet mischief will no longer be ignored, says John Hultquist, a director of research at the security intelligence firm FireEye who has closely followed Russia’s state-sponsored hacking campaigns. “This seems like a coordinated action between multiple departments to expose multiple Russian activities,” Hultquist says. “They’ve created some repercussions for those actions. It’s a pretty strong statement.”
The sanctions add to a mounting backlash against Russia’s provocations, both digital and physical. They follow an indictment last month from the special counsel Robert Mueller that described Russia’s online trolling and disinformation in new detail, with charges against 13 individuals involved. They also follow new sanctions from the UK against the Kremlin for its use of a nerve agent to attack a former Russian military intelligence officer and his daughter in the city of Salisbury last week.
“This is a bad day for the Russians. They’ve been smacked by the UK and now by the US,” CSIS’s Lewis said. “I can’t think of a better candidate for being smacked.”