Will Obama Order American Hackers to Dox Putin?

Russian President Vladimir Putin

Russian President Vladimir Putin Ma Ping/AP

Cyberwar is so new, it's hard to know what a proportional response looks like.

President Barack Obama’s threat was direct and unequivocal: The United States will retaliate against Russia for its election-related cyberattacks. “And we will, at a time and place of our own choosing,” the president told NPR’s Steve Inskeep in an interview that aired Friday. “Some of it may be explicit and publicized; some of it may not be.” But what he didn’t say is what the response will look like.

Obama's national-security team has likely laid out a menu of options for him: He could ask intelligence agencies to train a cyberattack on Russian networks or infrastructure, to demonstrate the strength of their offensive capabilities. He could release damaging information about Vladimir Putin, the Russian president, just like Russian hackers published data stolen from top Democrats’ email accounts. Or he could choose a more traditional response, like imposing economic sanctions.

It’s most likely Obama will pick a combination of these options—both overt and covert—that punishes Russia and damages Putin’s reputation, while sending a signal to would-be hackers that interfering in American democracy comes with a heavy price.

One public option is a direct, tit-for-tat response to the release of Democrats’ emails and research.

“If they’re doxing you, you can dox back,” said Peter Singer, a senior fellow at New America, referring to the practice of releasing potentially damaging secret information. Releasing embarrassing information has gotten under Putin’s skin before, like when the Panama Papers revealed details about how members of his inner circle make, move and hide their wealth. Exposing more about his money and his relationships with oligarchs would be a jab aimed straight at one of Putin’s pressure points, said James Lewis, the director of the technology program at the Center for Strategic and International Studies.

A visible reaction would indicate to other adversaries how the U.S. will respond to cyberattacks in the future.

“We’ve got to demonstrate and be a little more transparent about some of our own attack capabilities,” said Frank Cilluffo, the director of George Washington University’s Center for Cyber and Homeland Security. “That is part of this delicate dance. We shouldn’t be treating this as black magic.”

A doxing campaign would have to aim high to be effective. Lewis says officials have considered leaking Putin’s botox-injection schedule, or photos of his girlfriend. That won’t embarrass him, he said.

“That’s not just going to happen with this guy," Lewis said. 

Obama made it clear deterrence is one of the main objectives of responding to cyberattacks.

“Our goal continues to be to send a clear message to Russia and others not to do this to us—because we can do stuff to you,” he said at a press conference Friday.

But he said his answer to Russia’s election meddling might have a secret element to it, too, without making it clear what he has in mind. A quiet, targeted cyberattack—on Russian intelligence networks, for example, or on military infrastructure—would send a message about the American government’s offensive capabilities, and could make Putin think twice about using hackers to meddle so directly in U.S. politics in the future.

But the administration will need to tread carefully: Hacking back risks escalating the situation.

“A cyberattack could be interpreted by the Russians as the use of force, justifying a military response,” Lewis said.

Obama wants to leave a legacy of strength and leadership in cyberspace—not of provoking war.

“We have been working hard to make sure that what we do is proportional, and that what we do is meaningful,” the president said on NPR.

There are always traditional, nontechnological forms of retaliation to fall back on. As Russia made moves to annex a part of Ukraine in 2014, the U.S. and the European Union placed coordinated economic sanctions on individuals and businesses close to Putin. To the extent there’s anything left to sanction, further penalties could cause targeted harm on sectors of the Russian economy and people in power—and unlike a hacking campaign, imposing sanctions is a familiar tactic less likely to spiral out of control into a larger conflict. Another, softer option is to expel Russia’s ambassador, a classic public rebuke.

The cyberwar experts I spoke with were exasperated the conversation has turned to retaliation only now, more than a month after the election and with just weeks left in Obama’s presidency.

“It’s like, what clock are you using?” Singer said.

The DNC announced in June its networks had been infiltrated by two separate Russian intelligence agencies, but according to a report in The New York Times, the FBI knew as early as September 2015 that Russian hackers were targeting the organization. But the administration didn’t retaliate before the election.

Obama said Friday he didn’t retaliate publicly at the time in order to avoid further politicizing an already “hyperpartisan atmosphere,” especially because Donald Trump had repeatedly questioned the integrity of the elections.

“I wanted to make sure that everybody would know that we were playing this thing straight,” Obama said.

The administration may have also decided it may not have to to do anything too dramatic, expecting Hillary Clinton to win the election. What’s more, the State Department was in talks with Russian diplomats at the time to strike a peace deal in Syria, which may have made the administration hesitant to antagonize Putin in the moment. (The peace deal fell apart in October.)

“I talked to officials at three different agencies who would’ve been responsible for implementing this, and they were ready to do so” before the election, Lewis said. “If you’d called me up in August, I would’ve told you we were two weeks away from doing something.”

The reticence to respond before the election may have also been related to the intelligence community’s initial disagreement over whether Russia’s involvement was meant just to cause chaos in American politics, or if the Kremlin was specifically trying to get Donald Trump elected.

On Friday, The Washington Post reported the FBI, the CIA and the director of national intelligence had reached a consensus that Russia was trying to help Trump win the presidency. Obama declined to elaborate on the intelligence community’s findings on Friday, but he strongly implied Russia’s president had directed the hacking operations himself.

“Not much happens in Russia without Vladimir Putin,” Obama said.

But Singer says the resolving question of intent shouldn’t have held up the administration’s response.

“If someone’s robbed a bank, we don’t stop to debate, ‘Did they rob the bank because they wanted the money themselves, or because they wanted to harm the bank owners?’” Singer said. “That’s a great debate to have. But that doesn’t make you go, ‘Oh, I should wait to figure that out before I go respond to the bank robbery.’ And it also doesn’t mean people debate if the bank was robbed or not, which is what half the community is doing.”

Singer was referring to Trump’s habit of questioning the fact that Russia was behind the cyberattacks that targeted political institutions.

With just five weeks to go before inauguration day, Obama’s actions may be aimed partly at hemming in Trump once he takes office in January. Putting Trump in the position of having to undo whatever political and economic retaliation the Obama administration decides to pursue could make it harder for him to make immediate overtures to Putin once he arrives at the White House.

And a strong response will throw echos beyond just the U.S.-Russia relationship.

“The Germans, the French and the British have the same kind of evidence we have that the Russians are attempting to interfere in their elections," Lewis said. "We need to help our friends, now. We need to put the Russians on notice. Right now, they have a green light. At least we can change it to yellow.”

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.