US Treasury Hack Info May Have Helped Russia Tycoons Dodge Sanctions

If Moscow was behind the months-long massive cyber-espionage operation that infiltrated multiple departments of the U.S. government, tycoons may have gotten a heads-up on sanctions and ultimately avoided them, former officials told Newsweek.

While neither the culprits nor the motive behind the supply chain that exploited software company SolarWinds have been conclusively identified, the increasing likelihood of a nation-state's involvement has turned eyes toward valuable potential targets within the encrypted halls of the nation's federal revenue management agency.

"I think it sort of stands to reason, depending on what the nature of the actual hack was, certainly sensitive discussions were probably exposed or at risk of exposure," Peter Kucik, who spent nearly seven years at the Treasury Department's Office of Foreign Assets Control (OFAC), told Newsweek.

OFAC enforces economic and trade restrictions. Kucik, who now serves as a counsel and regulatory and sanctions expert at Ferrari & Associates, P.C., described what he viewed as two sides to such discussions at the Treasury, one being more policy-oriented talks that often reflect less sensitive information, and a second representing more secure communications about specific individuals and institutions set to be designated.

Kucik explained that Illicit access to the two levels of talks have very different implications, using discussions of policy toward Russia as an example.

"Someone getting access to a U.S. government discussion of the broad scope of U.S. sanctions policy against Russia might really have only limited utility, because a lot of it is, frankly, out there and understood already anyway," Kucik told Newsweek.

But if they gain access to a higher level, it's a very different story.

"Now, if someone, on the other hand, got access to information suggesting what a new slate of potential targets was," he said, "well, that changes the calculus dramatically."

This could provide a major advantage for the target, such as companies or banks, as it would provide them foreknowledge and an opportunity to reinvest, he said.

"If you hypothetically have a company that has worldwide reach, and has bank accounts all over the place, and could conceivably even have U.S. interests," Kucik added, "knowing in advance that [imposition of sanctions] was a real viable threat, that could give that company the ability to pull back whatever it can and try and limit its exposure to the reach of sanctions, once they were imposed."

treasury, department, washington
An exterior view of the building of U.S. Department of the Treasury is seen on March 27 in Washington, D.C. The Treasury was among several U.S. federal agencies that have admitted to being affected by a massive supply chain attack that targeted the SolarWinds software company. OLIVIER DOULIERY/AFP/Getty Images

Sanctions have become an increasingly frontline tool of U.S. diplomacy, often an early mechanism to blacklist people and institutions engaged in what Washington deems to be criminal activity including financial misconduct, narcotics trade and/or terrorism.
Russia is among several countries against which sanctions have mounted in recent years, especially since the 2014 annexation of the Crimean Peninsula amid unrest in neighboring Ukraine, and allegations of interference on behalf of President Donald Trump in the 2016 U.S. election.

Several U.S. media outlets have also cited unnamed officials pointing to Russia as the most likely suspect behind the operation, which is believed to have used trojanized updates to SolarWinds' Orion software to intrude on customers across the globe since as early as May.

Among the Russia-linked individuals this year are Russian financier Yevgeniy Prigozhin, whose operations in Russia, Hong Kong, Thailand and Sudan were designated in July in connection with alleged paramilitary activities, protest suppression and sanctions-evasion; and Ukrainian lawmaker Andrii Derkach, who is accused of being a Russian agent active in attempting to influence the 2020 election.

Both men are said to have close ties to the Kremlin, which has outright denied responsibility for the recent hack.

Perhaps the most frustrating — and unsettling — part of what Kucik called a "cat-and-mouse-game" between the Treasury and designated targets around the world is the idea that so little is known about the latest hack, the severity of which is still being assessed.

What's irrefutable, however, is that the Treasury contains a trove of data intended for certain eyes only, data that could be put to alternative use by enemy actors.

"You would not have all the various secure systems of communication that the United States has if you were not concerned that this information might go where it's not intended," Kucik said. "There is definitely value to whatever group is trying to gather this information, and they're going to dissect it and they're going to extrapolate however they can and try and figure out how to use it in their book."

Sanctions have become an increasingly frontline tool of U.S. diplomacy, often an early mechanism to blacklist people and institutions engaged in what Washington deems to be criminal activity including financial misconduct, narcotics trade and/or terrorism.

Russia is among several countries against which sanctions have mounted in recent years, especially since the 2014 annexation of the Crimean Peninsula amid unrest in neighboring Ukraine.

Several U.S. media outlets have cited unnamed officials pointing to Russia as the most likely suspect behind the operation, which is believed to have used trojanized updates to SolarWinds' Orion software to intrude on customers across the globe since as early as May.

Hagar Hajjar Chemali, a former Treasury official who today is a senior fellow at the Atlantic Council think tank, also implicated the Kremlin, an eventuality she said would prove concerning for the U.S.

"Russia's hack into the Treasury Department, specifically, concerns me deeply because the type of information they could retrieve could be quite damaging to current and future U.S. national security efforts," Chemali told Newsweek.

Like Kucik, she said the most sensitive of this information could be used to dodge U.S. sanctions.

"Should they be able to get information on potential targets Treasury is considering for sanctions, it would allow the Russians to be a step ahead of sanctions efforts — moving funds and assets to avoid the effects of sanctions if they know who or what is being targeted next," she said.

There's also the potential for marketing coveted information on other state actors looking for an inside scoop on sanctions policy as it relates to their countries.

"Sanctions-related information could also be valuable if it pertains to Russia's buddies — for example, China and Syria," Chemali said. "That's information the Russians could sell or for which they get something in exchange."

Secretary of State Mike Pompeo discussed Russia's alleged cyberwarfare history in a conversation Tuesday with radio host Ben Shapiro, who also pointed the finger at Moscow being behind the massive hack.

"This is something that's been consistent," Pompeo said. "The Russian efforts to use cyber capabilities against us here in the United States is something that's been consistent certainly for — goodness, I guess I was in Congress six years and now four years in the administration. I have seen this consistently over time, right? They tried to mess with our elections in 2008, 2012, 2016."

us, fbi, russia, cyber, attacks
A poster showing six wanted alleged Russian military intelligence officers is displayed as U.S. Attorney for the Western District of Pennsylvania Scott Brady, right, accompanied by Assistant Attorney General for the National Security Division John Demers, left, speaks at a news conference at the Department of Justice, on October 19 in Washington, DC. Russia has efforts by the U.S. and its allies to blame the country for international cyber incidents. Andrew Harnik/Pool/Getty Images

He said the Trump administration, whom Democrats continue to accuse of colluding with the Kremlin to win the White House in 2016, has taken a tough line on Russia, though the issue remains ongoing.

"We frankly did better in 2020 pushing back against them. This is a real challenge," Pompeo said. "We have imposed costs on the Russians. We've urged them to cease this kind of malign activity. But they are a real challenge."

Russian officials have repeatedly denied engaging in such malicious activities.

Reached by Newsweek for comment, Moscow's embassy in Washington reiterated its dismissal of what it called "unfounded attempts of the U.S. media to blame Russia for hacker attacks on U.S. governmental bodies."

"We declare responsibly: malicious activities in the information space contradict the principles of the Russian foreign policy, national interests and our understanding of interstate relations," the embassy said in a statement. "Russia does not conduct offensive operations in the cyber domain."

The embassy also shared prior proposals for boosting cybersecurity cooperation between Moscow and Washington, offers the embassy has said were not reciprocated.

The Treasury Department has not yet responded to Newsweek's request for comment and several other agencies have declined or referred to public statements such as the National Security Council's announcement Tuesday of the formation of a Cyber Unified Coordination Group to investigate the hack.

A U.S. Cyber Command spokesperson told Newsweek on Monday it "is postured for swift action should any defense networks be compromised. An official with the U.S.-led NATO Western military alliance, some of whose networks also used SolarWinds software, said Tuesday that "cyber defence is a core part of our collective defence."