For its first year in office, the Trump administration seemed soft on Russia’s hyper-aggressive hackers, reluctant even to point out they’d brazenly meddled in the U.S. election. Then, just two months ago, the White House suddenly came out swinging, calling out Russia for its massively disruptive NotPetya malware and intrusions into the U.S. power grid, and imposing new sanctions in response. Now, in its latest warning to Russia over its hacking bonanza, the White House may have confused the message again, this time in the other direction: By scolding Russia not for its uniquely destructive hacking activities, but by all appearances for the kind of cyberespionage many governments do—including the U.S.
An alert issued jointly by the Department of Homeland Security, the White House, the FBI, and the UK’s National Cyber Security Center on April 16 warned that hackers tied to the Russian government have attempted to compromise millions of routers and firewalls across the internet, from enterprise-focused network equipment to the humble routers in homes and small businesses across the world. The report warns that the attacks “enable espionage and intellectual property [theft] that supports the Russian Federation’s national security and economic goals,” and offers technical advice about how to detect and stop those attacks.
“When we see malicious cyberactivity, whether Kremlin or other nation state actors, we are going to push back,” said White House cybersecurity coordinator Rob Joyce in a call with reporters. (The call came just hours before reports surfaced that Joyce is resigning his White House position.) “We condemn this latest activity in the strongest possible terms,” added senior DHS official Jeanette Manfra.
But those weighty statements, for some in the intelligence and security community, actually muddy the message to Russia. After all, US government hackers—and particularly those in NSA—perform broad intrusions across the world for espionage, too. Often they even hack routers like the ones mentioned in April 12’s alert, based on classified leaks and cybersecurity researchers’ findings. And calling out Russia for the same sort of spying the U.S. routinely does as well only blurs the red lines that Western governments have demanded Russia and other nations respect—prohibitions like disruptive attacks on civilian infrastructure or meddling in elections.
“It’s weird. Why are they making such a fuss about something that even the US must be engaged in?” asks Thomas Rid, a professor of strategic studies at Johns Hopkins’ School of Advanced International Study.
Just last month, for instance, researchers at Russian security firm Kaspersky revealed a hacking campaign known as Slingshot that spied on more than a hundred targets around the world, in many cases by infecting MicroTik routers. That operation was later revealed to be a U.S. Special Operations Command effort to monitor members of ISIS using internet cafes across Africa and Middle East. “So, that Slingshot APT was Russian?” quipped Kaspersky researcher Aleks Gostev in a tweet responding to April 12’s DHS alert. Previous classified leaks have shown that the NSA and CIA hack routers too, both big and small.
Former NSA hacker Jake Williams points in particular to the DHS alert’s warning that Russian hackers hijack home routers when their owners don’t change the default password—a form of hacking he considers almost laughably mundane, performed by even unskilled cybercriminals. “Everybody hacks routers,” Williams says. “Saying that home routers with default passwords are getting owned is like saying that thieves are picking up unattended money in a public area.”
Rather than a serious warning of a new line-crossing cyberattack by the Russian government, Williams says he sees the latest alert as part of a larger geopolitical message. After all, the Trump administration’s relations with the Kremlin have been cooling, due in part to opposing interests in the ongoing war in Syria.
Meanwhile, Russia has repeatedly crossed red lines with its cyberattacks over the last few years, from its blackout-inducing cyberwar in Ukraine to its leaks of stolen Clinton campaign documents in the 2016 presidential election to the NotPetya outbreak that paralyzed civilian infrastructure and companies around the world, now believed to be the most costly cyberattack in history. Lumping in routine router-hacking with those misdeeds seems to confuse the stakes.