Russian President Vladimir Putin in Moscow on Jan. 30. (Maxim Shemetov/AP)
A right-of-center Washington think tank has a novel recommendation for how the Trump administration can push back on Russian and Chinese hacking and disinformation campaigns: Strike back with its own information warfare operations.
The United States could hack and release embarrassing information about Russian President Vladimir Putin’s personal wealth, for example, as a bargaining chip to convince him to halt digital attacks against the United States, David Maxwell and Annie Fixler with the Foundation for Defense of Democracies told me.
U.S. officials could also release information about corrupt business practices by Chinese Communist Party officials or Iran’s theocratic rulers with similar goals, Maxwell and Fixler said.
“This generated from our thinking about where our adversaries are weak and we’re strong,” Fixler told me.
The idea, which comes from the think tank’s “Midterm Assessment” of the Trump administration’s foreign and national security policies, is aimed at giving the United States more leverage in cyberspace where it is routinely pummeled by adversaries that are highly aggressive and don’t fear U.S. retaliation.
The report may also may hold sway with the Trump administration. The Midterm Analysis includes a foreword by Trump’s former national security adviser H.R. McMaster, who says the report “transcended the vitriolic and shallow partisan discourse that dominates much of what passes for commentary on foreign policy and national security.”
Yet the United States has not previously used hacking and information operations as a tool to shame adversaries — or at least, it hasn’t publicly acknowledged releasing hacked information about other leaders in the way the researchers describe. Doing so would mark a major escalation from typical U.S. responses to hacking campaigns,which have focused on escalating sanctions, indictments and calling out foreign government-backed hackers on the world stage.
Those diplomatic and law enforcement responses have the benefit of giving the United States a clear moral high ground about what is and isn’t acceptable in cyberspace.
But they haven’t actually deterred U.S. adversaries from playing dirtier, the researchers note. With Russian, Chinese, Iranian and North Korean hackers unbowed two years after Russian hacking upended the 2016 elections, it’s time for a bolder response, Fixler and Maxwell told me.
The non-profit think tank is known for its focus on robust American engagement abroad. Funded by conservative luminaries includingcasino magnate Sheldon Adelson, it employs numerous former Republican officials including John Hannah, who advised former vice president Dick Cheney on the Middle East. McMaster is now chairman of its board of advisers at their center on military and political power.
Hacking and releasing compromising information about adversary nations’ leaders plays into U.S. adversaries’ weaknesses, Fixler and Maxwell told me. Unlike U.S. citizens, Russians, Chinese and Iranians aren’t used to a free press that publishes lots of detailed and often embarrassing information about their leaders, they said.
“We can use that to our advantage by providing more information to their public about corruption, about where their leaders have money, things that can be very damaging for authoritarian countries,” Fixler told me.
That idea carries its own set of dangers, cautions Chris Painter, the former State Department cyber coordinator under former president Obama who’s now a fellow at Stanford University’s Center for International Security and Cooperation— especially if the United States falls into a tit-for-tat exchange releasing hacked information with a far more unscrupulous adversary.
“The worry is you have this escalating cycle with false and manipulated information that Russia has shown a great proclivity and ability to use,” Painter said. “But, on the other hand, they’re using it anyway, so we need to counter that.”
U.S. officials should make clear that the ultimate goal of any information operation is to make cyberspace more peaceful rather than simply to punch back in anger, Painter said. “You need to communicate very clearly that we’re using these tools and we’ll stop using them when you stop what you’re doing,” he told me.
Still, the idea of using information operations against adversaries is not a novel concept. U.S. intelligence officials considered but rejected such a plan to release damaging information about Russian officials, including bank account data, in response to Russia’s release of Democratic political emails before the 2016 election, according to a New Yorker report. And similar plans were widely discussed by analysts outside government after the election.
Fixler and Maxwell aren’t advocating releasing false or misleading information like Kremlin operatives did before the 2016 elections, they were quick to note.
They also don’t want the United States to abandon other methods of punishing adversaries that hack U.S. targets and launch disinformation campaigns, such as sanctions and indictments targeting companies and individuals that benefit from those operations.
But, so far, those methods have done little to change the willingness of Russia, China and Iran to hack U.S. targets or to engage in disinformation operations.
Just Thursday, in fact, Facebook and Twitter removed thousands of malicious accounts originating from Russia, Iran and Venezuela that spread false information about the 2018 U.S. election. On Wednesday, special counsel Robert S. Mueller III’s team revealed a Russian disinformation effort using documents the team shared with a Russian company that it had indicted on a charge of 2016 disinformation operations.
“What we’re saying is that, to date, [U.S. adversaries] haven’t felt the pain and we need to demonstrate that there’s a real cost to these actions that will change their calculations,” Fixler told me.