The NSA Is Likely 'Hacking Back' Russia's Cyber Squads

  U.S. government hackers at the National Security Agency  are likely targeting Russian government-linked hacking teams to see  once and for all if they're responsible for the massive breach at the  Democratic National Committee, according to three former senior  intelligence officials. It's a job that the current head of the NSA's  elite hacking unit said they've been called on to do many times before.  Robert Joyce, chief of the NSA's shadowy Tailored Access Operations,  declined to comment on the DNC hack specifically, but said in general  that the NSA has technical capabilities and legal authorities that allow  the agency to "hack back" suspected hacking groups, infiltrating their  systems to gather intelligence about their operations in the wake of a  cyber attack.  "In terms of the foreign intelligence mission, one of the things we have  to do is try to understand who did a breach, who is responsible for a  breach," Joyce told ABC News in a rare interview this week. "So we will  use the NSA's authorities to pursue foreign intelligence to try to get  back into that collection, to understand who did it and get the  attribution. That's hard work, but that's one of the responsibilities we  have."  

Predators Exploiting Personal Info in DNC Hack

'Beyond a Reasonable Doubt,' Russians Hacked DNC, Analyst Says

The NSA deferred direct questions about its potential involvement in the DNC hack investigation to the FBI,  which is the leading agency in that probe. Representatives for the  bureau have not returned ABC News' request for comment. Lisa Monaco,  President Obama's homeland security and counterterrorism adviser whose  responsibilities include cyber policy, declined to comment.  A former senior U.S. official said it was a "fair bet" the NSA was using  its hackers' technical prowess to infiltrate two Russian hacking teams  that the cybersecurity firm Crowdstrike alleged broke into the DNC's system and were linked to two separate Russian intelligence agencies, as first reported by The Washington Post.  In some past unrelated cases, the former official said, NSA hackers  have been able to watch from the inside as malicious actors conduct  their operations in real time.  Rajesh De, former general counsel at the NSA, said that if the NSA is  targeting the Russian groups, it could be doing it under its normal  foreign intelligence authorities, as the Russian government is "clearly  ... a valid intelligence target." Or the NSA could be working under the  FBI's investigative authority and hacking the suspects' systems as part  of technical support for investigators, said De, now head of the cyber  security practice at the law firm Mayer Brown.  In the aftermath of an attack, a CIA official said that if there is an  "overseas component," the NSA would be involved along with the CIA's own  newly formed Directorate of Digital Innovation. The two agencies would  work, potentially along with others in government, to sniff out  suspects' "digital dust."  "It turns out that the people who carry out these activities use their  keyboards for other things too," said Sean Roche, Associate Deputy  Director for Digital Innovation at the CIA. Any attribution  investigations, Roche said, would also include offline information --  the product of old fashioned, on-the-street intelligence gathering.  Like Joyce, Roche said he was speaking generally and could not comment on the DNC hack.  While U.S. officials have told news outlets  anonymously they concur with Crowdstrike and other private  cybersecurity firms who have pointed to Russian culpability, the U.S.  government has declined to publicly blame the Russians.  The Russian government has said the hacking allegations are "absurd".  Director of National Intelligence James Clapper told the audience at the  Aspen Security Forum Thursday that the U.S. intelligence community was  "not quite ready to make a call on attribution," though he said there  were "just a few usual suspects out there." The next day CIA Director  John Brennan said that attribution is "to be determined" and a lot of  people were "jumping to conclusions."  Professional hackers often use proxies, Brennan said, so investigators  have to make two or three "hops" before tracing cyber attacks back to a  state's intelligence agency, which makes the attribution process more  difficult.  Kenneth Geers, a former cyber analyst at the Pentagon who recently  published a book about Russian cyber operations, told ABC News earlier  this week that he didn't necessarily doubt it was the Russians, but said  that even in the best cases when doing cyber investigations, "You can  have a preponderance of evidence -- and in nation-state cases, that’s  likely what you’ll have -- but that’s all you’ll have."  That, he said, opens the possibility, however remote, that a very clever hacker or hacking team could be framing the Russians.  Michael Buratowski, the senior vice president of cybersecurity services  at Fidelis Cybersecurity which studied some of the malicious code, said  the evidence pointing to the Russians was so convincing, "it would have had to have been a very elaborate scheme" for it really to have been anyone else.  The NSA's Joyce said that in general it's very difficult to properly  frame someone for a complex attack, since too many details have to be  exactly right, requiring a tremendous amount of expertise and precision.  But Joyce said that before the U.S. government pins blame on anyone for a  cyber attack publicly, the evidence has to pass an "extremely high  bar."  So when they do come forward, he said, perhaps based on the results of  attribution techniques that have not been publicly described, "You  should bank on it."