This afternoon President Obama issued an executive order to expand upon response to cyber threats – in this case against Russia. The original Executive Order (13964), “Blocking the Property of Certain Persons Engaging in Significant Malicious Cyber-Enabled Activities”, was issued on April 1st, 2015 by President Barack Obama. This order was expanded to allow sanctions to be ordered against people who fiddle with United States election processes or institutions.
The original executive order number 13964 probably should have included this bit in the first place. The new, amended order includes authority to sanction those who: “Tamper with, alter, or cause a misappropriation of information with the purpose or effect of interfering with or undermining election processes or institutions.” The announcement of this amendment can be found in the US Department of the Treasury ordered earlier today.
After issuing the new executive order to include that amendment, it was announced that President Obama would sanction “nine entities and individuals.” All of these operatives were Russian, and include the following list as of this afternoon.
• The Main Intelligence Directorate (a.k.a. Glavnoe Razvedyvatel’noe Upravlenie) (a.k.a. GRU)
• Federal Security Service (a.k.a. Federalnaya Sluzhba Bezopasnosti) (a.k.a FSB)
• Igor Valentinovich Korobov, the current Chief of the GRU
• Sergey Aleksandrovich Gizunov, Deputy Chief of the GRU
• Igor Olegovich Kostyukov, a First Deputy Chief of the GRU
• Vladimir Stepanovich Alexseyev, also a First Deputy Chief of the GRU
• Special Technology Center (a.k.a. STLC, Ltd. Special Technology Center St. Petersburg)
• Zorsecurity (a.k.a. Esage Lab)
• Autonomous Noncommercial Organization “Professional Association of Designers of Data Processing Systems” (a.k.a. ANO PO KSI)
In addition, 35 Russian government officials from the Russian Embassy in Washington and the Russian Consulate in San Francisco have been declared “persona non grata” by the State Department. That’s a “person not welcome” – and in this case, someone who has 72 hours to leave the United States entirely.
The Department of State has also made known that as of noon local time on Friday, the 30th of December, two Russian government-owned compounds will be closed off to Russian access. One of these compounds is in Maryland, while the other is in New York.
“Today, I have ordered a number of actions in response to the Russian government’s aggressive harassment of U.S. officials and cyber operations aimed at the U.S. election.,” said President Obama in his official statement this afternoon. “These actions follow repeated private and public warnings that we have issued to the Russian government, and are a necessary and appropriate response to efforts to harm U.S. interests in violation of established international norms of behavior.”
The White House included a Fact Sheet with today’s statement about the situation. The FBI and Homeland Security’s Joint Analysis Report on related “Russian Malicious Cyber Activity” can be found at US-Cert in full. This JAR goes under reference number JAR-16-20296 and is dated December 29th, 2016.
In this report, two malicious entities are shown to have stolen information from United States political party entities during the election process throughout the year 2016. They also report that Russian entities continue to operate, attempting to attain access to information in the United States using spearphishing campaigns that continue to be sadly effective.