The hacker blame game isn't working anymore
Add Axios as your preferred source to
see more of our stories on Google.
Illustration: Brendan Lynch/Axios
Publicly pointing the finger at foreign adversaries' hackers doesn't hold the same power that it used to.
Why it matters: Attributing nation-state hacks has long been one of the few tools the U.S. government had to deter adversaries in China, Russia, Iran and North Korea from coming after American officials and companies.
The big picture: That no longer seems to be the case — as Iran continues to ramp up attacks on the U.S. elections, China burrows into U.S. critical infrastructure networks, and Russian ransomware gangs rake in more cash from U.S. companies.
- "You know it's them, and they know you're not going to do anything, so it really doesn't have any effect," James Lewis, director of the strategic technologies program at the Center for Strategic and International Studies, told Axios.
Driving the news: The intelligence community formally pinned the blame on Iran on Monday for a set of cyberattacks targeting the Trump and Biden-Harris campaigns.
- The joint statement from the FBI, the Office of the Director of National Intelligence, and the Cybersecurity and Infrastructure Security Agency marked one of the quickest attributions that the U.S. government has made in cyberspace, coming in just a little over a week.
Flashback: Historically, the U.S. government has taken several months to publicly blame a nation-state for spying and hacking officials, political parties or similar organizations.
- In 2016, it took the Obama administration about three months to formally blame Russia for hacking the Democratic National Committee and Hillary Clinton's presidential campaign.
- In 2021, the Biden administration didn't formally attribute a massive hack of Microsoft Exchange servers to Chinese government spies for four months.
Yes, but: The U.S. government and private sector have since developed better analysis tools and partnerships for these investigations — speeding up the process for them to pin the blame on an adversary.
Between the lines: Attribution of nation-state attacks is now more important for getting allied nations on board for retaliatory sanctions and joint law enforcement investigations, Lewis said.
- Smaller nations typically want to be certain that a specific adversary was behind an attack before they take action against them for fear of facing a major attack on their own networks, he added.
- The U.S. government also needs to attribute an attack to pursue sanctions or indictments.
- And attributing an attack tied to election infrastructure, especially in the 2024 cycle, is important for assuaging any potential disinformation about the security of the voting process, David Kennedy, the CEO at TrustedSec and a former NSA hacker, told Axios.
The intrigue: Attribution, sanctions and even indictments are no longer enough, experts said, but the U.S. government and its allied nations have yet to come up with an alternative.
- "At the end of the day, Iran is largely going to go unpunished for this," Kennedy said. "It makes no sense for Iran to stop."
What we're watching: Experts said the ongoing war in the Middle East — and Iranian threats to attack Israel — might deter the U.S. from pursuing stricter sanctions.
