WASHINGTON

DNC cyber attack by Russia highlighted delayed response, FBI chief says

Kevin Johnson
USA TODAY
FBI Director James Comey and NSA Director Michael Rogers testify on March 20, 2017.

WASHINGTON — Near the end of Monday’s extraordinary House committee hearing in which FBI Director James Comey dealt a double-barreled blow to the White House — acknowledging the existence of a wide-ranging counter-intelligence investigation into Russian interference in the 2016 election — the director also made a less-noticed but striking concession about Russia’s unprecedented cyber assault on the American political system.

It took 10 months, Comey said, from the time the FBI first notified the Democratic National Committee of Russia’s intrusion in 2015 before the bureau was provided a forensic analysis of the hack into the sensitive electronic archives of the DNC.

The breach, which ultimately allowed a wave of embarrassing internal communications to stream into public view in the midst of a contentious general election, represented not only an unprecedented attempt to influence an election but also underscored a lack of urgency in the collective response to it.

“Knowing what we know now, would the FBI have done anything different in trying to notify the DNC of what happened?,’’ Rep. Will Hurd, R-Texas, asked.

“We’d have set up a much larger flare,’’ Comey responded, explaining that while agents made “extensive efforts’’ to notify the DNC, the committee never turned over its physical equipment to the bureau for examination and moved to hire a private firm to investigate.

“Yeah, we’d have just kept banging and banging on the door, knowing what I know now. I might have walked over there (to the DNC) myself, knowing what I know now.’’

Frustrated by inaction

The director's assessment, legal analysts said, echoes a long-standing frustration with the lack of a uniform response to cyber intrusions generally and the increasing risk posed by Russia and other global adversaries, who are seeking economic and national security advantages at the expense of the U.S. corporations and political institutions.

"Unfortunately, it always seems to take a major crisis for America to move to confront a problem,'' said Ron Hosko, a former chief of the FBI's Criminal Division. "Even after all that occurred in the past election, Russia and others are continuing their campaigns of intrusion. They are doing it because they have been emboldened by the inconsistent response and inaction.''

Hosko said the DNC's initial efforts to "quietly resolve" the intrusions discovered in 2015 without first seeking law enforcement assistance more commonly track the response of most commercial and institutional victims.

"I don't think there is a cohesive strategy of how to respond on either side — the victims or law enforcement,'' he said. "If they all are looking at their own equities in isolation, nobody will be the wiser except for the Chinese or the Russians.''

Read more:

Here's what we know from the House hearing with FBI Director James Comey

Russian-ties investigation needs to be non-partisan: #tellusatoday

Analysis: FBI bombshell creates 'a big gray cloud' over Trump's White House

Last week, Internet giant Yahoo's own experience continued to play out in public when the Justice Department announced charges against four people, including two Russian intelligence officers, in connection with a attack that compromised the personal information of hundreds of millions of consumers.

Federal prosecutors alleged the suspects hacked into Yahoo systems to "steal information from about 500 million accounts and then used some of that stolen information to obtain unauthorized access to the contents of accounts at Yahoo, Google and other webmail providers."

Yahoo, which is selling its core Internet business to Verizon, has paid a heavy and painful price for the security breaches. Verizon negotiated a price discount, trimming $350 million from the acquisition of Yahoo for a total of $4.48 billion. And the two companies will share some legal and regulatory liabilities arising from the breaches. The acquisition is expected to close in the second quarter.

Yahoo CEO Marissa Mayer agreed to forgo any annual equity award she might get for 2017 because of the massive breach her company suffered in 2014. And in December, the Securities and Exchange Commission opened a formal probe into the company's handling of the attacks, investigating whether Yahoo should have notified investors sooner about both security breaches.

Despite such high-profile breaches, Philip Mudd, a former CIA and FBI counter-terrorism official, said American corporations and other entities remain in "chapter one'' of their cyber security planning, often failing to keep pace with even physical security considerations.

"People keep hearing about the phantom of cyber security breaches without acting,'' Mudd said.

Russia's interference in the 2016 election, Mudd said, should at least prompt a discussion about whether the campaigns of the major party nominees for president should be offered government-sponsored cyber defenses just as they are provided physical security by the U.S. Secret Service.

"I think that debate has to be had,'' Mudd said.

John Carlin, former chief of the Justice Department's National Security Division, said it remains "surprising'' that major corporations continue to function without response plans for dealing with cyber intrusions, large or small.

"If you don't have a tested in plan in place when something happens, figuring out who makes key decisions (on how and when to notify authorities) could take weeks,'' Carlin said, adding that the rules of engagement are equally unclear across the government.

"Right now, it seems like there are a lot of dead canaries in this gold mine,'' he said.