As legislators grill Silicon Valley executives over Russian hacking ahead of midterm elections, some observers say the debate over expanded government oversight is far from over.
On Tuesday, Twitter CEO Jack Dorsey met with legislators in Washington ahead of today's hearing, where Dorsey and Facebook COO Sheryl Sandberg answered questions about cybersecurity before the Senate Intelligence Committee.
Senator Mark Warner of Virginia, the committee's ranking Democrat, told The Washington Post's Tony Romm that the hearing aims to "to sound the alarm that what happened in 2016, as we've seen, was not a one-off."
In recent weeks, Microsoft reported that it had disabled six Russian-launched websites masquerading as U.S. think tanks and Senate sites. Facebook and the security firm FireEye revealed influence campaigns, originating in Iran and Russia, that led the social network to remove 652 impostor accounts, some targeting Americans. The office of Republican Senator Pat Toomey of Pennsylvania said hackers tied to a "nation-state" had sent phishing emails to old campaign email accounts.
Hacking attempts
Newly reported attempts at infiltration and social media manipulation — which Moscow officially denies — point to Russia's continued interest in meddling in U.S. politics. While observers say there is no clear evidence of Kremlin efforts to disrupt midterms, it nonetheless appears hackers outside the American political system are probing for a way in.
"What's interesting about this is that the Russians have shown here that they are not at all partisan in this," said David Sanger of The New York Times, who first reported on Microsoft's account of the latest attacks, in which company officials seized website domains created by the Kremlin-linked hacker group known as Fancy Bear or APT28 — the same group that federal investigators and private cybersecurity firms blamed for the 2016 election hack.
The phony sites, designed to emulate the Hudson Institute and International Republican Institute, surreptitiously routed users to pages built by hackers to steal passwords and log-in credentials. The aim, Sanger said, is to disrupt institutions that challenge Moscow or Russian President Vladimir Putin.
"They are pursuing their own national interests, going after think tanks that have taken positions that the Russians find uncomfortable or threatening, whether it's the use of sanctions or promotion of democracy or pursuit of kleptocrats," Sanger told VOA.
The extent to which Microsoft coordinated with federal investigators to thwart the latest attack wasn't clear, he said.
"I'm not sure whether they gave the government an advance heads up, but the nature of cyber now is that you hear about these [attacks from the] companies before you hear about them from government," Sanger added.
In recent months, legislators on both sides of the aisle have expressed willingness to regulate how U.S. tech companies safeguard themselves against intrusions. But analyst Ben Nimmo of the Atlantic Council's Digital Forensic Research Lab says the Microsoft takedown bodes well for the private sector's ability to prevent attacks independently.
"This is something we've seen over the last couple of months — tech companies have been much more forward-leaning in their attempts to prevent this kind of interference," Nimmo told VOA.
"We had Microsoft coming out up front and saying we've just stopped this attack, and they actually attributed it directly to Fancy Bear, which is very striking that they're actually confident in making that direct attribution. A couple of weeks ago, we had Facebook coming out and exposing a number of inauthentic accounts, which had some connections with the troll farm in St. Petersburg," he added, referring to the Internet Research Agency linked to the 2016 U.S. election hack. "About a month before that, we had Twitter coming out and releasing a list of handles that it had traced back to the troll farm."
A troll farm is a group of people who attempt to create disruption in an online community by posting comments online that are deliberately inflammatory or provocative.
US, European action
With all of the recent activity on the platform side, Nimmo said the question is "what are we going to see on the government level?"
More specifically, what can the West can do in order to pressure the Russian government — and does the West have the political will to do it? If nothing else, the latest attacks are likely to embolden U.S. and European lawmakers to pass additional sanctions.
"Although I think we need to fully understand the scope of this activity that Microsoft has reported, it clearly demonstrates that Russia is not in any way pulling back from the techniques that it used in 2016," said Alexander Vershbow, a distinguished fellow at the Atlantic Council's Scowcroft Center for Strategy and Security, and a former NATO deputy secretary general.
"If anything, it's broadening its target to include conservative think tanks and organizations like the Hudson Institute, and so I think you can say right now, at a minimum, it would give momentum to congressional efforts to tighten the sanctions even further," added Vershbow, who also has been a U.S. ambassador to Russia, South Korea and NATO. "It may also strengthen the hand of administration officials as they consult with Europe in trying to push the Europeans to tighten their sanctions as well."
Retired Marine General Jim Jones, former national security adviser during the Obama administration, said although sanctions can be effective in the short term, long-term national security depends on safeguarding cyber infrastructure itself—and internationally regulating its deployment in the same way that trade and military practices are regulated.
“Because of the progress many countries have achieved in technology, it allows them to do things that are unregulated," he told VOA. "There is no treaty on cyber security; technology has outstripped our capacity to regulate it, both here [in the U.S.] and internationally."
Until regulatory treaties are established, Jones said, "we are locked in this free for all, where countries like China, like Russia, Iran, and, to a certain extent, North Korea, can use this new type of competitive warfare—21st century warfare—to penetrate our culture, to penetrate our intellectual properties, our science and technology and keep abreast of the West.
"I think for the foreseeable future what we are looking at is getting into a world that is competitive in the network sense," he added. "This first country that achieves security where the networks are impenetrable will walk away with the prize of the 21st century. I really mean this in a serious way. This is where we are, this is where the competition is.”
Until that day comes, individuals targeted by foreign hackers, such as the Hudson Institute's Russian kleptocracy expert Ben Judah, no amount of new sanctions, international regulatory statutes or malware detection will ever be enough.
"Be careful of what you keep on your computer and on your phone," Judah told VOA in an extended interview. "Have sensitive information? Use pen and paper."
Following Wednesday morning's Senate hearing, Twitter CEO Dorsey will appear solo before the House Energy and Commerce Committee, where he'll be asked to address allegations of political censorship.
This story originated in VOA's Russian Service. Original reporting contributed by Natalia Antonova and Jela De Franceschi. Some information is from AP.