Below is a list of all the U.S. government documents released on Thursday as part of the Obama administration’s announced response to Russian interference in the U.S. election process. See also Kristen Eichensehr’s initial post in response to the announcement and released documents. And stay tuned for more coverage and analysis by Eichensehr and others at Just Security.
1.Background document: Joint DHS and ODNI Election Security Statement, “Joint Statement from the Department of Homeland Security and Office of the Director of National Intelligence on Election Security,” October 07, 2016
2. Statement by the President on Actions in Response to Russian Malicious Cyber Activity and Harassment, December 29, 2016
Importantly, President Obama explains that the measures announced today do not include possible covert operations. His statement reads: “These actions are not the sum total of our response to Russia’s aggressive activities. We will continue to take a variety of actions at a time and place of our choosing, some of which will not be publicized” (emphasis added).
3. White House, Fact Sheet: Actions in Response to Russian Malicious Cyber Activity and Harassment, December 29, 2016
Explains that the President has approved amending Executive Order 13964 to authorize sanctions on those who “[t]amper with, alter, or cause a misappropriation of information with the purpose or effect of interfering with or undermining election processes or institutions.” Lists actions taken against nine entities and individuals, including two Russian intelligence services (the GRU and the FSB); four individual officers of the GRU; and three companies that gave“material support” to the GRU’s cyber operations, plus actions taken by the Treasury Department and State Department, as described below.
4. Executive Order — Taking Additional Steps to Address the National Emergency with Respect to Significant Malicious Cyber-Enabled Activities
Includes the new text for section 1(a)(ii) allowing sanctions for those responsible for “(E) tampering with, altering, or causing a misappropriation of information with the purpose or effect of interfering with or undermining election processes or institutions.”
Note: The Executive Order does not list election processes or institutions under the separate sections on “critical infrastructure” (1(a)(ii)A-B). For the significance of this decision, see earlier post on Kristen Eichensehr’s analysis.
5. Annex to Executive Order — Taking Additional Steps to Address the National Emergency with Respect to Significant Malicious Cyber-Enabled Activities
Lists five Russian entities and four Russian individuals.
6. Text of Letter from the President to the Speaker of the House of Representatives and the President of the Senate, December 28, 2016
Communicates the newly revised Executive Order (see numbers four and five below) to the House and Senate, pursuant to the International Emergency Economic Powers Act, notes that “[t]hese steps have been taken with respect to the national emergency declared in Executive Order 13694 of April 1, 2015,” and that the President has “delegated to the Secretary of the Treasury the authority, in consultation with the Attorney General and Secretary of State, to take such actions … as may be necessary to carry out the purposes of the order.”
7. FBI and DHS, Joint Analysis Report, “GRIZZLY STEPPE – Russian Malicious Cyber Activity,” JAR-16-20296 December 29, 2016
Provides technical details about tools and infrastructure used by Russian intelligence services and civilian hackers “to compromise and exploit networks and endpoints associated with the U.S. election, as well as a range of U.S. Government, political, and private sector entities.”
8. Department of Homeland Security, Joint DHS, ODNI, FBI Statement on Russian Malicious Cyber Activity Statement from Secretary of Homeland Security, Jeh Johnson and Director of National intelligence, James Clapper discussing the Joint Analysis Report (see number six, above) accusing the Kremlin of orchestrating a “decade-long” cyber operations campaign against a wide range of US targets. Johnson and Clapper reiterated that the “intelligence community is confident the Russian Government directed the recent compromises of e-mails from U.S. persons and institutions, including from U.S. political organizations, and that the disclosures of alleged hacked e-mails on sites like DCLeaks.com and WikiLeaks are consistent with the Russian-directed efforts.”
“We encourage security companies and private sector owners and operators to look back within their network traffic for signs of the malicious activity described in the Joint Analysis Report. We also encourage such entities to utilize these indicators in their proactive defense efforts to block malicious cyber activity before it occurs,” said Johnson and Clapper.
9. Mark C. Toner, Deputy Department Spokesperson, Department of State Actions in Response to Russian Harassment Toner’s explains the State Department’s actions to expel from the United States 35 Russian “officials … who were acting in a manner inconsistent with their diplomatic or consular status,” and bar Russian personnel access to two Kremlin-owned “recreational compounds” in the United States.
In addition to being carried out as a response to Russia’s interference in the 2016 elections, the expulsions are in response to “harassment of our diplomats overseas that has increased over the last four years, including a significant increase in the last 12 months. This harassment has involved arbitrary police stops, physical assault, and the broadcast on State TV of personal details about our personnel that put them at risk,” according to Toner.
10. U.S. Department of Treasury, Treasury Sanctions Two Individuals for Malicious Cyber-Enabled Activities
A description of the Treasury Department’s sanctions against Evgeniy Mikhailovich Bogachev and Aleksey Alekseyevich Belan for developing malware used by criminals to hack US financial systems and for stealing user data, such as email addresses and account passwords from US e-commerce businesses and selling that data. Specifically, Bogachev is accused of helping to develop and manage the sale of the Zeus malware to cyber-criminals, “as well as tailoring subsequent versions of Zeus to meet his clients’ needs,” according to the statement. “Bogachev is also directly responsible for the development and use of Cryptolocker, a form of ransomware, which is known to have held over 120,000 U.S. victims’ data hostage for financial gain.”
Belan is accused of breaking into the networks of at least three US-based companies to access the data of 200 million people worldwide and selling that data to criminals.