While tensions between the world's superpowers in relation to hacking and cyber-espionage continues to escalate, the suspected state-sponsored hack at the Democratic National Committee (DNC) by alleged Kremlin-linked groups threatens to turn the term 'cyberwar' from rhetoric into reality.
Amid mounting evidence that at least two hacking groups – dubbed Cosy Bear and Fancy Bear – were able to infiltrate computer networks used by the US Democratic Party, the National Security Agency (NSA) has openly reaffirmed it has the capability – and legal authority – to "hack back" against chosen foreign targets, including government-linked adversaries.
"In terms of the foreign intelligence mission, one of the things we have to do is try to understand who did a breach, who is responsible for a breach," Robert Joyce, chief of the NSA's secretive 'Tailored Access Operations' told NBC News in an interview.
"We will use the NSA's authorities to pursue foreign intelligence to try to get back into that collection, to understand who did it and get the attribution. That's hard work, but that's one of the responsibilities we have."
While Joyce declined to discuss the DNC breach specifically, which the FBI is now investigating, he did note the NSA has the "technical capabilities and legal authorities" which allows the agency to 'hack back' against suspected groups for intelligence gathering purposes. At least three intelligence sources told ABC News such NSA activities are already likely to have started.
The comments came on the same day that Russian intelligence service, the FSB, claimed to have found evidence of a "professional" spyware attack that targeted roughly 20 state agencies and military institutions. While it did not speculate on who was behind the attacks, Russian intelligence said "entities involved in crucial infrastructure" were impacted.
The full scope of the TAO was exposed following the Edward Snowden revelations in 2013. In one profile by German publication Der Spiegel, it was branded the NSA's "secret weapon". Based on analysis from the trove of leaked NSA files, it was revealed the highly specialised hacking unit's operations ranged from counterterrorism to cyberattacks to traditional espionage.
Meanwhile Snowden, who now resides in Russian under asylum, recently made headlines for asserting that the NSA would have no problem tracing the culprits of the DNC hack. "Evidence that could publicly attribute responsibility for the DNC hack certainly exists at #NSA," he tweeted on 25 July.
As the FBI-led investigation continues, the Obama Administration has remained reluctant to point a finger directly towards Russia. "What we do know is that the Russians hack our systems," the US president said during one recent interview with NBC News. "Not just government systems, but private systems. But you know, what the motives were in terms of the leaks, all that — I can't say directly."
Other officials, including Democratic Party presidential candidate Hillary Clinton, have become more assertive in how they are choosing to attribute the recent DNC hack and data leak, which eventually resulted in the release of 20,000 sensitive internal emails by whistleblowing outfit WikiLeaks.
"We know that Russian intelligence services, which are part of the Russian government, which is under the firm control of Vladimir Putin, hacked into the DNC. We know that they arranged for a lot of those emails to be released," Clinton said in an interview with Fox News aired on 31 July. For its part, the Russian government has repeatedly denied involvement in the breach.
Meanwhile, experts from multiple firms – including US-based CrowdStrike, Fidelis Security and FireEye's Mandiant – continue to stand by assertions that malware used by known Russian hacking groups was deployed in the attack. None are likely to state the claim with 100% certainty as attribution in cyberspace remains unpredictable at best.
Writing on Lawfare, Matt Tait, former GCHQ security specialist and current CEO of UK security consultancy Capital Alpha Security, said officials need to "proceed with care and precision" on how they now respond to the attack.
"If future similar leaks are to be properly discouraged, we need to carefully consider whether the hackers are really the Russian government; if so, what part or parts of the DNC leak operation we fundamentally object to; and finally what domains and what scale of response is proportionate and appropriate to respond to the attack," he noted.
"[The response] will set the normative precedent for responses to attributed-but-denied collateral mass leaks of private citizen data by foreign governments in the future."