© 2024 WLRN
Play Live Radio
Next Up:
0:00 0:00
Available On Air Stations

Russian Hackers Doxxed Me. What Should I Do About It?

NPR's David Welna had personal documents posted by a pro-Kremlin website when he applied for press credentials in Ukraine. He's far from the only one. But it's an issue the U.S. is reluctant to discuss.
Ariel Zambelich
NPR's David Welna had personal documents posted by a pro-Kremlin website when he applied for press credentials in Ukraine. He's far from the only one. But it's an issue the U.S. is reluctant to discuss.

It's a strange experience seeing your own passport posted on a pro-Kremlin website.

That's what happened to me last month after Ukraine's Defense Ministry got hacked — including the documents I'd sent there to get press credentials.

The news site showed a letter from my editor, my passport details and identified me as a high-ranking "American adviser" who was in Ukraine to work on a military radio station in that country.

In reality, I was reporting an NPR story on the radio station Army FM, which broadcasts to Ukrainian troops on the country's eastern front, near the border with Russia.

For Ukrainian journalist Alya Shandra, that fabrication is hardly surprising.

"This is how Russian propaganda works — they just take some document that they find somewhere and they send this absurd story around," says Shandra, managing editor of Euromaidan Press. " 'Ukraine is being run by the Americans' — that's their main narrative."

How to respond? In my case, all I could do was get a new passport.

Things get more complicated when it comes to a much more publicized cyberintrusion: the recent allegations that Russia hacked the Democratic National Committee and leaked its internal emails.

Congressional calls to blame Russia

Adam Schiff, a Democratic representative from California, has no doubts about the proper response. The Obama administration, he says, should name and blame Russia.

"I would like to see the administration make public the attribution of responsibility for the hack of the DNC, and I think there's ample evidence," says Schiff, the House Intelligence Committee's top Democrat. "Certainly, we've seen ample evidence — even within the public sources."

Indeed, in a June online posting, the cybersecurity firm CrowdStrike identifies two competing Russian state intelligence services as having intruded in the DNC's network in May. CrowdStrike's incident response group had been hired by the DNC to investigate a suspected computer breach.

But not all cybersecurity experts are rushing to blame the Kremlin.

"The problem with cyberspace is that you can't confirm your suspicions, because anybody can pretend to be anyone," says Jeffrey Carr, CEO and president of Taia Global Inc., a cybersecurity-risk assessment firm.

Carr agrees with other experts that the digital tool used to hack the DNC was made by a Russian company. But he contends there is no conclusive evidence that it was Russian authorities who used it.

"This is why skepticism is so critical when it comes to claims of attribution in cyberspace, because it's very easy to place the blame on a foreign power," Carr adds. "Especially if there's already tension between the U.S. and that other foreign power."

Russian President Vladimir Putin flatly denies having had a hand in the DNC hack.

"I don't know anything about it," he told Bloomberg News in early September. "And on a state level, Russia has never done this."

U.S. response

In an apparent response to Putin's claim of innocence, a few days later U.S. Defense Secretary Ash Carter at the University of Oxford rebuked what he termed "Russia's aggression."

Asserting that the U.S. seeks neither a cold nor a hot war with Russia, Carter nonetheless warned "we will counter attempts to undermine our collective security — and we'll not ignore attempts to interfere with our democratic processes."

It was the closest any administration official had come to publicly suggesting Russia is meddling in the presidential election.

For John McCain, the Republican chairman of the Senate Armed Services Committee, Carter's remarks fell short.

"Is that the best the United States can do?" an outraged McCain demanded at a cybersecurity hearing held a week later.

"Sir, we continue to see activity of concern," was the reply from the hearing's top witness, Adm. Michael Rogers, the chief of the U.S. Cyber Command. But Rogers, who also directs the National Security Agency, declined to name names: "I'm not going to characterize this activity — is it a foreign nation state or not."

The FBI investigates

The official line from the White House has been that before making any attributions of responsibility, it's waiting for the FBI to complete its investigation of the DNC hack.

"I am confident that the Obama administration is going to send the right signals to Russia," says Connecticut Democratic Sen. Chris Murphy. He cites diplomatic reasons for why little has been said or done so far — including recent frustrated efforts to have a U.S.-Russia-sponsored cease-fire in Syria.

"This is not a moment," says Murphy," in which we can shut down a relationship that is vital to the future disposition of potential peace in a place like Syria."

But with Election Day looming, Schiff, the California Democrat, worries time is running out.

"I think if you level with the American people and you say this is what the Russians are doing and we need to protect against this," Schiff argues, "it's far better to alert the public now than to wait until after the election and say, 'OK, this is what happened.' "

And what happens when you get hacked — as both I and the DNC found out — raises a still thornier issue: What, then, do you do about it?

Copyright 2020 NPR. To see more, visit https://www.npr.org.

Corrected: September 27, 2016 at 12:00 AM EDT
A previous Web version of this story incorrectly called the U.S. Cyber Command the U.S. Cyber Security Command.
David Welna is NPR's national security correspondent.
More On This Topic