U.S. sanctions Russia and releases hacking report

Lawmakers are giving the White House faint praise for its executive order imposing a mix of sanctions and expulsions in response to Russia's election-related hacking.

The long-awaited action, which included the sanctioning of two of Russia's intelligence agencies, four individuals and three companies involved in Russia's cyber operations, is being characterized as "too little, too late," by a number of senior GOP lawmakers.

"The retaliatory measures announced by the Obama Administration today are long overdue," said Sens. John McCain (R-Ariz.) and Lindsey Graham (R-S.C.) in a joint statement.

"But ultimately," they added, "they are a small price for Russia to pay for its brazen attack on American democracy. We intend to lead the effort in the new Congress to impose stronger sanctions on Russia".

The executive action also included closing two Russian compounds in the U.S. and expelling 35 Russian intelligence officials – actions Sen. Tom Cotton (R-Ark.) called "half measures designed to appear tough."

"Sanctioning Russian entities associated with the intrusion of the DNC sounds bold, but it's unclear what the practical impact will be on organizations that likely don't have holdings in the United States," said Cotton.

The Kremlin has elected to ignore the diplomatic riposte. "Further steps towards the restoration of Russian-American relations will be built on the basis of the policies carried out by the administration of President Trump," a Russian official statement said.

President-elect Donald Trump praised Putin's show of restraint in a tweet issued Dec. 30.

"Great move on delay (by V. Putin) - I always knew he was very smart!" Trump tweeted.

Security hawks in both parties had been urging Obama for months to take decisive action to punish Russian President Vladimir Putin and deter Russia and other actors from conducting cyber attacks against the U.S.

"The actions the president took today are an important step, but preventing Russia from interfering in our elections will require a sustained response from the next administration and from Congress," said Sen. Mark Warner (D-Va.);

"We are obligated to conduct a thorough, timely and bipartisan investigation in the 115th Congress with the goal of releasing as much information as possible, while protecting sources and methods so that the American people can understand exactly what happened and what could well happen again if we fail to respond appropriately," he added.

A senior administration official speaking to the press on background said that the publicly announced sanctions and expulsions "should not be mistaken for the sum total of our response."

"There may be things that commence while we're in office in addition to what we're saying today," the official added.

Another official defended the time it's taken for the response, given that the intelligence community officially attributed the hacking of Democratic Party servers and emails to Russia on Oct. 7.

"The process of putting together sanctions packages is extremely onerous and requires evidence that can stand up in court," said the official. "So this is a very intense, elaborate process with a lot of input from agencies across the board."

In taking the actions against Russia, President Obama added an amendment to Executive Order 13964 that originally outlined U.S. responses to significant malicious cyber incidents. The amendment specifically authorizes the U.S. to sanction or seize property of individuals suspected of trying to manipulate or undermine the election process.

In addition to the executive order and actions taken against Russia, the FBI and DHS also released a joint analysis report dubbed Grizzly Steppe -- Russian Malicious Cyber Activity" -- that provides more details and evidence of the hacking activities.

According to the analysis, two separate Russian intelligence agencies "participated in the intrusion" into Democratic party targets. One group, called Advanced Persistent Threat 29 in the report, launched attacks beginning in summer 2015. The second group, APT 28, attacked in spring 2016.

The APT 29 attack used malware to take over Democratic National Committee systems and steal email. The APT 28 hack went after specific users with malware that tricked them into changing their passwords via a platform known to the hackers. This is the attack that yielded the email trove of Hillary Clinton campaign chairman Jon Podesta.

The report states that actors associated with Russian intelligence are "continuing to engage in spearphishing campaigns, including one launched as recently as November 2016, just days after the U.S. election."

A senior official stated that in addition to the joint analysis report, the administration released "two malware samples that Russian intelligence services use to broadly conduct their malicious activities, and we've given those to antivirus vendors so that they can be used to help, again, both private sector and government folks defend their networks."

Administration officials urged private entities to review their systems and logs and provide any details they can to DHS.

"It helps to fill in the bigger picture, provides greater insight into the scope and scale of Russian activity, and helps all the network defenders," said the official.