Obama hits back for Russia hack, but leaves top spy off the hook

Michael Isikoff
·Chief Investigative Correspondent
Aleksander Bortnikov, head of the Russian Federal Security Service, at President Vladimir Putin's meeting last August with the Russian Security Council in Moscow. (Photo: Russian Look via ZUMA Wire)
Aleksander Bortnikov, head of the Russian Federal Security Service, at President Vladimir Putin’s meeting last August with the Russian Security Council in Moscow. (Photo: Russian Look via ZUMA Wire)

In what White House officials portrayed as tough retaliation for Russia’s cyberattack on the U.S. election, President Obama on Thursday evicted 35 suspected Russian spies from the country and imposed economic sanctions on four top officials of the country’s military intelligence service.

But the administration’s newly imposed sanctions list contains a striking omission: Aleksander Bortnikov, Russia’s top spy. As chief of the Russian Federal Security Service, or FSB (Russia’s successor to the Soviet KGB), Bortnikov heads the spy agency that launched his country’s cyberattack on the members of the Democratic National Committee and other U.S. political figures nearly a year and a half ago, according to a newly released joint FBI-Department of Homeland Security report.

Yet while the FSB itself and Russia’s military intelligence agency, the GRU (as well as three of its private contractors), were subject to sanctions, the list of individuals facing potential economic reprisals if they come to the United States was selective: Igor Korobov, current chief of the GRU and three of his top deputies were targeted (even though there is little evidence they actually come to the U.S.) Yet Bortnikov — a more significant player who last year attended a White House summit on countering the threat of violent extremism — and other high-ranking FSB officials were untouched by the new Treasury Department sanctions, underscoring what some critics say are the limits of the administration’s response.

“This was a good step, but there is one person who should have been named, and that’s Bortnikov,” said David Kramer, a former senior State Department official who is now the senior director for Human Rights and Democracy at the McCain Institute for International Leadership, a global security and human rights think tank that is overseen by some of Sen. John McCain’s longtime political allies and aides.

The decision to leave Bortnikov off the sanctions list shows the delicate balancing act administration officials engaged in as they grappled with how to respond to what they viewed as unprecedented interference by Moscow in the U.S. political process. But some feared that an excessive response might set off a collision with President Vladimir Putin’s government and damage U.S. interests in the Mideast and elsewhere.

Although consideration was given to including Bortnikov on the sanctions lost, it was resisted by U.S. intelligence agencies that have, at times and to a limited degree, received cooperation from the FSB, especially on terrorism issues, said sources familiar with the debate. U.S. intelligence agencies “never wanted to go after [Bortnikov] directly,” said one official involved in the administration’s deliberations.

Just how closely U.S. officials have been willing to try to work with Bortnikov and the FSB was demonstrated in February 2015, when the Kremlin’s chief spy came to Washington as part of a Russian delegation attending a White House summit on countering violent extremism. Bortnikov took the opportunity to stress the need for the FSB and U.S. agencies to work together to combat the threat from the Islamic State. “Current events are of such a serious nature that we need to unite,” Bortnikov was quoted as saying at the time.

How much intelligence the FSB actually shares with the FBI and the CIA is far from clear. And when it does, it is an on-again, off-again affair, said Michael McFaul, who served as President Obama’s ambassador to Moscow until 2014. “When we are in a period that we are cooperating, he does,” McFaul said in an interview with Yahoo News. “When his boss [Putin] says we shouldn’t, he doesn’t. And when his boss says, we should harass U.S. diplomats, he does that, and he does outrageous things.”

What is especially notable, in retrospect, about Bortnikov’s appearance at last year’s White House summit is that it took place only four months before his agency unleashed the brazen Russian attack on the U.S. political system, according to the newly released FBI-Homeland Security report. That cybercampaign — code-named “Grizzly Steppe” in the report — began in June 2015, when Russian hackers identified as Advanced Persistent Threat 29 (U.S. sources say that is a reference to the FSB) sent more than 1,000 “spear-phishing” emails to U.S. government officials and political figures that contained attachments embedded with malicious computer codes.

The emails, the report says, were disguised as coming from legitimate U.S. organizations and educational institutions. At least one “targeted individual” was tricked into clicking on one of the attachments, enabling the FSB hackers to penetrate the computer network of the Democratic National Committee and begin stealing emails through “encrypted” connections that went unnoticed by the DNC’s computer experts.

A U.S. official involved in the sanctions deliberations said that one reason Bortnikov was spared the sanctions list is because the GRU was judged to be the more serious offender. As spelled out in the FBI-DHS report, another set of Russian hackers, named APT 28 and associated with the GRU, unleashed another spear-phishing attack in the spring of 2016 that tricked recipients into changing their passwords, resulting in a second intrusion into DNC computers. That later attack resulted in the “exfiltration” of emails and other information from “multiple senior party members” that were later leaked to the press (through WikiLeaks and other websites) in an act that has been likened to information warfare.

Yet the U.S. official also acknowledged that U.S. agencies had some intelligence suggesting that the FSB may have assisted the GRU in the second wave attack, contradicting earlier reports indicating that the two intelligence agencies were acting on their own and even competing with each other.

Either way, the debate over whether to impose sanctions on Bortnikov may not matter, according to McFaul. The most important part of Thursday’s announcement was the more robust “attribution” identifying the Russian government as being behind the cyberattacks — a step that should put an end to the “silly debate” about who was responsible, he said.

And the key decision maker in that action was not just any Russian intelligence official, said McFaul. “Let’s be clear: The guy who orchestrated the whole thing is Vladimir Putin,” he said. “Bortnikov works at the pleasure of Putin. They didn’t sanction Bortnikov for the same reason they didn’t sanction Putin — so they would have an interlocutor they could keep an open channel with.”