The only sitting member in the House of Representatives to have served in the CIA is advising fellow lawmakers to tread carefully with the information they collect during ongoing investigations focused on Russian hacking related to the recent presidential campaign.
Rep. Will Hurd, R-Texas, worked in the CIA for 9 years, spending time as an undercover intelligence officer in both Afghanistan and Pakistan. He recently told CyberScoop that human intelligence — agents on the ground — would likely be necessary to make an accurate assessment concerning the motivation and intention of those individuals who ordered a digital break in at the Democratic National Committee.
“Having some of this evidence declassified, I think we need to be really careful because we’re talking about people’s lives. Whatever we decide, whatever we declassify, Russian intelligence will be studying it very closely,” Hurd said.
Evidence uncovered by the New York Times backs Hurd’s assumption, noting that “human and technical” sources in Russia aided the intelligence community’s conclusion that Russian intelligence forces were involved in the DNC data breach.
Hurd’s outreach comes as Congress is pressuring the White House to declassify additional material related to data breaches at multiple U.S. political organizations. The intelligence community’s analysis will be laden with information concerning the tactics, sources, tools and procedures used by U.S. spies to attribute cyberattacks, Hurd says. And that material must be handled with extreme caution.
On Friday, The White House revealed that President Barack Obama had recently commissioned U.S. intelligence agencies to compile a comprehensive report containing information about malicious cyber activity aimed at past presidential elections. Deputy press secretary Eric Schultz told journalists that that this report would be completed before inauguration day and shared with congress and potentially, in a redacted form, with the public.
In the scope of uncovering new evidence and having a more open discussion about the influence of Russian hacking — especially as it pertains to the presidential election — politicians will need to walk a tightrope between responsible disclosure and protecting valuable intelligence assets, former intelligence officials say.
There is also some doubt as to whether a high profile exposure of the alleged Russian hackers — known to cybersecurity experts as APT28 — will ultimately impact the group’s ability to conduct missions, according to FireEye Intelligence Analysis Manager Christopher Porter.
“There exists a common perception that exposure is always good or useful in degrading a cyber threat group’s operations … [but] Russia-based groups have shown notable resilience in continuing their operations in the face of exposure. APT28, for example, had its operations exposed more than 20 times between Oct. 2014 and Oct. 2015, and not only sustained operations but became increasingly bold,” explained Porter, a former CIA intelligence officer. “In many cases, operations were entirely uninterrupted because APT28 was able to tap into a seemingly endless armory of zero-days or to retool and shift its infrastructure within 24 hour.”
ATP28’s “resilience,” Porter told CyberScoop, is driven in part by the group’s ability to quickly adapt whenever new information about their targets becomes available.