Lawmakers call for action following revelations that APT28 posed as ISIS online
The world got a fresh reminder Tuesday of the difficulties associated with assigning blame for hacking – and of the consequences when a case of mistaken identity takes hold.
New evidence reinforces the notion that a group dubbed the CyberCaliphate, which sent death threats to the wives of U.S. military personnel in 2015 under the banner of the Islamic State, is actually an infamous Russian-government-linked hacking group accused of meddling in the 2016 U.S. presidential election, the Associated Press reported. Activity from the CyberCaliphate coincided with attempts by the Russian group, known as APT28 or Fancy Bear, to breach the womens’ email accounts, according to the Associated Press.
The episode brings to life established links between the CyberCaliphate and APT28 in a way that no cybersecurity research did. The hacking victims were led to believe that jihadists, and not state-backed Russians, were breaching their accounts and leaving threatening messages.
Amy Bushatz, a journalist and one of the women allegedly targeted by APT28 in this case, took issue with the U.S. government’s response to the hacking.
Over the course of a month during which the attack took place, Army officials sent personal data for at least 500 Army family members to her personal email address, Bushatz said. “If I was compromised, so were they,” she wrote Tuesday. “And they likely have no idea. The U.S. government knew this happened and did virtually nothing.”
Told of APT28’s alleged use of a false-flag operation against U.S. military families, American lawmakers said the United States had much more to do to keep Russia in check in cyberspace. (Moscow has repeatedly denied orchestrating such hacking operations against the United States.)
“We need to continue to do more until [the Russian government feels] the pain…and they understand that their actions – and acting irresponsibly in cyberspace – are not going to be tolerated,” Rep. Jim Langevin, D-R.I., co-founder of the Congressional Cybersecurity Caucus, told CyberScoop.
APT28’s apparent use of a false flag “underscores the fact that we can’t just look at IP addresses or a group that might claim responsibility for a particular action as the sole indicator” of responsibility, Langevin said.
Rep. Adam Schiff, D-Calif., ranking member on the House Intelligence Committee, said that while the U.S. government has gotten “very good at attribution” through improvements made in signals intelligence and data forensics technologies, “the advantages are all with the offense.”
“There’s always going to be some level of plausible deniability, so we have to establish a far more effective deterrent,” Schiff told CyberScoop.
This isn’t the first time that Russian government-linked hackers reportedly used false-flag techniques to disguise their activity. In February, Russian military hackers breached hundreds of computers supporting the 2018 Winter Olympics in South Korea and then tried to frame North Korea for the attack, the Washington Post reported.