The United States rarely blames foreign governments for hacks targeting US corporations. Yet in a Wednesday presser, the Department of Justice did just that — announcing indictments against two agents of the Russian FSB spy agency, Dmitry Dokuchaev and Igor Sushchin, for a 2014 breach of Yahoo that got access to 500 million users’ data.
“They worked ... to steal information including information about individual users and access the private contents of their accounts,” acting Assistant Attorney General Mary McCord said during the presser. “They also targeted Russian journalists, numerous employees of other providers’ networks that the conspirators sought to exploit, and employees of financial services and other commercial entities.”
This is a big deal. The Yahoo hack was one of the largest cyber crimes in history. This is also the first time the US government has ever brought charges against Russian officials for cyber-related crimes. (Two private hackers who allegedly worked with Dokuchaev and Sushchin were also indicted, and one was apprehended on Tuesday.) It speaks to how significant a threat Russian hacking operations have become to Western companies, journalists, and private citizens — and to how the Kremlin has made it a key part of its espionage arsenal.
The indictments come at a very uncomfortable time for the Trump administration. Russia-related scandals forced the resignation of National Security Adviser Michael Flynn and the recusal of Attorney General Jeff Sessions from any Russia-related FBI inquiries. Either the president will have to stand up to Russia on hacking, which he’s been loath to do, or he’ll face a continuing and growing cascade of questions about his relationship with the Kremlin and his own integrity and honesty, as well as that of his closest aides.
Why Russia would hack Yahoo
One interesting thing here is the way Dokuchaev and Sushchin allegedly went about hacking Yahoo. Instead of just doing it on their own, they hired two cyber criminals — Alexsey Belan and Karim Baratov — to help them breach the corporation’s defenses.
The Russian agents were looking for information on dissidents and US corporations — information that had “intelligence value,” as McCord put it, though she didn’t say exactly what it was they took. But the hackers were in it for themselves.
“Belan used his access to Yahoo to search for and steal financial information such as gift card and credit card numbers from users’ email accounts,” McCord said. “He also gained access to more than 30 million Yahoo accounts whose contacts he then stole to facilitate an email scam.”
The FSB, apparently, did not care. Belan lives in Russia, where, according to the Washington Post’s Ellen Nakashima, he is being protected by the Russian government. (Baratov was not so lucky; he was arrested in Canada on Tuesday.)
“The FSB unit that [Dokuchaev and Sushchin] worked for, the Center for Information Security, also known as Center 18, is also the FBI’s point of contact in Moscow for cyber crime matters,” McCord explained. “The involvement and direction of FSB officers with law enforcement responsibilities makes this conduct that much more egregious.”
Russia, in other words, has some specific objectives (like acquiring information on domestic dissidents) and has shown it’s willing to employ tactics (partnering with cyber criminals) that are very likely to hurt innocent civilians.
Russian strategic doctrine suggests that it sees cyber espionage as a valid and increasingly important kind of warfare. In an influential 2013 article, Russian Chief of the General Staff Valery V. Gerasimov argued that "non-military means,” including “new information technologies,” have eclipsed traditional weaponry in their strategic importance.
“In the 21st century we have seen a tendency toward blurring the lines between the states of war and peace,” Gerasimov wrote. "The role of non-military means of achieving political and strategic goals has grown, and, in many cases, they have exceeded the power of force of weapons in their effectiveness.”
This is why it makes sense to hack Yahoo, even at the expense of exposing tens of millions of innocent people to email scams from a random hacker. Putin’s regime sees the world as existing in a perpetual gray area of pseudo-conflict; stealing information on dissidents and corporations that play major roles in the US economy is one way of strengthening Russia’s hand in that fight. The Kremlin doesn’t really care who gets hurt in the process.
This is a problem for Trump
The Yahoo hack, as far as we can tell, isn’t linked in any operational sense to the Russian hack of the Democratic National Committee and Clinton aide John Podesta. “That’s an ongoing and separate investigation,” McCord said in response to a question about connections between the two.
But that hack, too, fits with the Gerasimov Doctrine.
Gerasimov’s article uses the Arab Spring as a key example of the new way warfare works, which is telling. The Arab Spring wasn’t about wars between countries, but rather upheaval inside countries. Gerasimov’s ideas, then, are explicitly designed to be used in attempts to influence other countries’ internal politics and conflicts. We’ve seen this kind of information warfare used in Russian hacks against neighbors such as Estonia and Ukraine. The strategic goal of the 2016 hacks — weakening a foreign politician that Russia sees as hostile to its interests — make a lot of sense under his playbook.
What this all suggests, then, is that Russian hacking is not going away as a threat. The Russians have, for years, targeted American corporations and political actors. They have done so with the clear intent of acquiring intelligence and meddling with domestic politics, in a way that’s clearly in line with their strategic doctrine. And they’ve succeeded at it, which means there’s no reason to think they won’t try again.
This is a major problem for President Trump. It’s clear, from his own statements, that he’d like to develop a closer relationship with Russia. But that will be very hard if evidence keeps surfacing that Russia is intentionally attacking US interests in cyberspace. It’ll put pressure on the president to do something, both from the public and from influential corporations worried they’ll be next.
If Trump takes meaningful action, perhaps imposing new sanctions on Russia, then his efforts to buddy up to Putin won’t amount to very much. If he doesn’t, concerns about what, exactly, his administration’s relationship with the Kremlin is will mount.
This line of inquiry has already cost Trump one of his most important advisers, former National Security Adviser Flynn. It may yet do more: FBI Director James Comey is appearing before the Senate at 2:30 on Wednesday to update senators on the status of the FBI’s investigation into Trump’s Russia ties.
So while the Yahoo indictments may not have anything to do with the Trump and Russia scandals directly, it creates yet another headache for the president on the issue that has most damaged his young presidency.