back to top

US "Writing Playbook" On Response To Russia For Hacking Into DNC

“This isn’t espionage anymore,” said one former official. “They are now actively trying to disrupt the elections.”

Posted on

SAN FRANCISCO — The US has no “playbook” for how to respond to Russia, following the Obama administration’s public blaming of Russia for a series of hacks intended to interfere with the US election process, a Pentagon official said.

“We are writing the playbook as we go along,” said the official, who spoke to BuzzFeed on condition of anonymity, because he wasn’t authorized to speak to the press. “There are a number of options open to us at this juncture, now that official attribution has been confirmed.”

Attribution — officially naming a person or a country behind a cyberattack — is increasingly difficult to determine. In order to name Russia, the US would have been “extremely confident that the evidence in hand pointed to no other actor,” said the DOD official.

The statement by the Department of Homeland Security (DHS) and US Intellifence Community (USIC) blamed Russia for a series of hacks on Democratic Party officials, stating, “the recent disclosures of alleged hacked e-mails on sites like and WikiLeaks and by the Guccifer 2.0 online persona are consistent with the methods and motivations of Russian-directed efforts.” Those hacks include more than 20,000 emails from the Democratic National Committee’s (DNC) servers, which have been published on Wikileaks and on the DCLeaks websites. A hacker going by the name of Guccifer 2.0 has also released emails allegedly from the servers of the Clinton Foundation, and DNC. Guccifer 2.0, who has answered questions from BuzzFeed News relayed over direct messages, has previously claimed to be Romanian. He did not respond to a request for comment Friday on the accusation that he was Russian.

The joint statement from the Department of Homeland Security and intelligence community comes less than two weeks after the White House tried to keep two of Congress's top intelligence officials from naming the Kremlin as the originator of the string cyberattacks. Sen. Dianne Feinstein and Rep. Adam Schiff, vice-chairs of the Senate and House Intelligence Committees, respectively, were the first government officials to publicly accuse Russia of the hacks in a joint-statement last month.

That statement, one US official said, appeared to have backed the White House into a corner. "Once they briefed Congress, it was only a matter of time [until they would have to publicly accuse Russia]," the official said.

Actions that the US could take range from placing new sanctions on Russia, to issuing criminal indictments for individuals involved, to taking diplomatic action, such as expelling Russian diplomats from the United States. And while cybersecurity experts agree that the US is likely already engaged in counter cyber-espionage against Putin’s government, more offensive actions against Russia could be the next step.

“We’ve got cyber command, and I think we need to use them, not to attack Russia but to counter attack,” said Jason Healey, former White House Director of Cyber Infrastructure, and a Senior Research Scholar at Columbia University’s School of International and Public Affairs. “We need to do a counter offensive to disrupt the Russians who are attacking us. To attack their command and control servers, and to throw some sand in the gear.”

Healey said that the public leaking of the emails had “crossed the line.”

“They are disrupting systems. This isn’t espionnage anymore. They are now actively trying to disrupt the elections. If they are going to be confrontational we should be trying to thwart this,”

One precedent the government currently can look to is the naming of North Korea as the source of the December 2014 hack against Sony. In the wake of that attack, the Obama administration announced sanctions against 10 North Korean officials, and later issued an executive order as a general framework for sanctions as a response to hacks. (Prior to Chinese President Xi Jiping’s visit to the US in September 2015, the US publicly discussed sanctions, and issued indictments against five Chinese individuals whom the Department of Justice accused of attacking US targets.)

Russia, however, has a much more expansive and advanced internet infrastructure than North Korea, and is unlikely to have left behind proof identifying particular individuals involved in the hacks on Democratic targets. Healey said that it was clear from Russia’s ongoing military actions in Ukraine and Crimea that “Putin doesn’t care about sanctions.”

Another DOD official, who works within US Cyber Command, told BuzzFeed News in an interview last week that the US was already engaged in a “cold war-esque cyber war with Russia,” and that any offensive steps taken were “dangerous and likely to escalate quickly.”

“There are calculations being made on both sides. The cyber-espionage was not new. What was new was making those emails public, and trying to influence an ongoing election in the United States in such a blatant fashion. If it is definitively announced that the Russian government were behind this, it would be a serious escalation from their side,” said the second official, who spoke on condition of anonymity because he was not authorized to speak to the press.

He would not answer whether the US might engage in its own dissemination of damaging information against the Russian government, or what sort of offensive actions the US cyber command would consider taking, but did say they US had, “one of the best offensive cyber capabilities in the world.”

Whatever action the Obama administration takes is likely to be reconsidered by whomever wins the US presidential elections. Hillary Clinton, the Democratic Party presidential nominee, has said that if she becomes president the US could respond to cyberattacks with military action.

"As President, I will make it clear that the United States will treat cyberattacks just like any other attack. We will be ready with serious political, economic, and military responses," she said at an Aug. 31 campaign event in Cincinnati. "I want us to lead the world in setting the rules in cyberspace. If America doesn't, others will."

Republican presidential nominee Donald Trump, who has previously said that it was unclear if Russia was behind the DNC hacks, has said that the US should get, “very tough on cyber,” though he hasn’t articulated what that would mean.

“We should be better than anybody else, and perhaps we’re not. I don’t think anybody knows that it was Russia that broke into the DNC. She’s saying Russia, Russia, Russia—I don't, maybe it was. I mean, it could be Russia, but it could also be China. It could also be lots of other people. It also could be somebody sitting on their bed that weighs 400 pounds, okay?,” Trump said, during the first presidential debate last Monday.

Sheera Frenkel is a cybersecurity correspondent for BuzzFeed News based in San Francisco. She has reported from Israel, Egypt, Jordan and across the Middle East. Her secure PGP fingerprint is 4A53 A35C 06BE 5339 E9B6 D54E 73A6 0F6A E252 A50F

Contact Sheera Frenkel at

Got a confidential tip? Submit it here.