Former FBI cyber-chief reveals how US will respond to the DNC hack

With the FBI now investigating the breach at the Democratic National Committee (DNC), and with speculation growing that hackers aligned with the Russian government are involved, interest is rising in how the US administration will respond.

Just prior to the Democratic Party convention, thousands of sensitive internal emails and over two dozen voicemails were released into the wild by a reinvigorated WikiLeaks.

In response, in its only public-facing statement to date, the agency said: "The FBI is investigating a cyber intrusion involving the DNC and are working to determine the nature and scope of the matter. A compromise of this nature is something we take very seriously."

So what are the next steps for law enforcement? To find out more, IBTimes UK contacted Leo Taddeo, the former special agent in charge of the FBI's cyber division in New York who worked at the agency between 1995 and 2015. He now works alongside cybersecurity firm Cryptzone as chief security officer (CSO).

"The FBI will study the digital evidence for clues to the true identity of the hackers," Taddeo said. "This includes picking apart the malicious code that was recovered from the DNC network and the infrastructure used to launch the attack.

"The malware will be analysed for unique features that may point to the attackers," he continued. "It will also be examined for potential mistakes that reveal who wrote the code. For example, programmers sometimes take shortcuts that reveal information about their location, language, and work hours. All of this contributes to forming a complete picture of the hackers."

A complex puzzle

With the breach at the DNC, there are multiple factors at play. US-based cybersecurity experts analysing the incident maintain that Russian state-sponsored hackers – at least two separate teams – are responsible for infiltrating its computer networks.

The appearance of an unknown figure dubbed Guccifer 2.0, which at least one firm has linked to Russian web-services, complicated things further. Then came the massive leak of Democratic Party emails by WikiLeaks on 23 July, however the group's founder, Julian Assange, has refused to name the source of the documents – that's if he even knows himself, of course.

According to Taddeo, FBI investigators will now study the clues in attempt to reveal the true location of the attackers' command and control (C&C) servers.

"Combined with the malware analysis, enough data points may be developed to narrow down the possible culprits to a very small set," he said. "This type of investigative work may assemble enough circumstantial evidence to allow US officials to conclude, with confidence, the motive for the attack and who was behind it."

When asked about the recent comments made by former NSA contractor Edward Snowden that US intelligence agencies would likely be able to use their spy programmes – like XKeyscore – to locate the group or individual behind the attack, Taddeo admitted that computer forensics only provide the FBI with "some of the pieces of the puzzle."

He noted: "The FBI will most certainly rely heavily on its partners in the US intelligence community and allied nations to fill in the rest."

However, without solid proof, the agency is unlikely to point any fingers directly towards Putin's government or the Kremlin. Currently, as noted by CNN, the current assistant director of the FBI's cyber division (New York) said the facts in the case are still emerging and don't yet prove Russian involvement.

"The FBI will most certainly rely heavily on its partners in the US intelligence community"

Interestingly, Taddeo said that even if a link was solidly established, the US government is unlikely to respond with a 'cyber offensive'. He said nothing about a response from intelligence agencies, some of which are widely believed to conduct the same cyber-espionage activities as rival nations on behalf of the US government – often with little oversight.

"Given our reliance on the integrity on continuity of the internet, it's not in the US interest to escalate the risks to communications and global commerce by engaging in an exchange of cyberattacks with Russia," he said.

"It's not likely there will be a cyber response to this hack, even if it is proven to have been sanctioned by the Putin regime. Instead, the US will likely respond with other non-cyber levers of US soft and hard power. As President Obama has made clear, all options are on the table."