On Tuesday, the Washington Post, the U.S. military reduced the internet access of an infamous Russian trolling operation around the mid-term elections last year to stem the spread of noxious disinformation.
According to an article by the The New York Times in October 2018, the U.S. Cyber Command plans to undertake more aggressive action to prevent election interference and propaganda.
The operation targeted the Internet Research Agency, based in St. Petersburg, Russia. In January 2017, the IRA, whose employees numbered at approximately 1,000, was fingered by U.S. intelligence agencies has created social media content seeking to divide U.S. voters and drive support for President Donald Trump’s candidacy.
Gen. Paul Nakasone, who leads the U.S. Cyber Command lead the operation. The Post reports that Nakasone also leads the Russia Small Group, a special CyberCom and NSA task force focused on Russian threats.
Since 2016 presidential election, Facebook, Twitter and Google have mounted efforts to block their platforms from being used for nation-state disinformation and “fake news” campaigns, including trying to remove bogus accounts, U.S. officials suspected Russia would not cease its efforts.
Tapping on the Window
The midterm election response apparently also relied on a personal touch – akin to tapping on a window from afar.
In October 2018, the U.S. revealed to Russian hackers know they knew their real names and online handles. They did this through emails, pop-ups, text and direct messages.
Naming and shaming is a tactic increasingly used by the U.S.
In February 2018, the Justice Department issued an indictment against three companies and 13 Russians, on charges of election interference. The indictment grew out of Special Counsel Robert Mueller’s ongoing investigation into collusion and election interference.
Any alleged nation-state hackers indicted by the U.S. face scant chance of prosecution, provided they remain in their home countries.
Knocking the IRA Offline
How the U.S. intelligence establishment went about disconnecting the IRA from the internet is unknown; however, it’s likely to assume the company had far lower levels of security than the GRU, the Russian military intelligence agency connected with the Fancy Bear hacking campaigns.
The IRA represents low-hanging fruit, writes Thomas Rid, a professor of strategic studies at Johns Hopkins University’s School of Advanced International Studies, on Twitter.
The U.S. has battled with how to respond to aggressive cyber actions by other nations without escalating the conflict. Although the U.S. has also cautiously removed barriers that its intelligence agencies previously faced, which now provides them with greater flexibility in how they respond.
In September 2018, the Trump administration rewrote its national cybersecurity strategy to allow for more offensive operations. The purpose of this move is to allow the U.S. to pursue strategies that try to deter other nations and communicate that aggressive actions toward the U.S. will carry costs. The strategy also includes prosecutions and economic sanctions.
Moreover, the U.S. must be careful to not trigger damaging provocations. In April 2018, the U.S. and U.K. announced a rare joint warning that Russian state-sponsored hackers have been working for years to gain footholds in vulnerable routers, firewalls and network intrusion systems.
The hacking effort has capitalized on standard, age-old security problems: insecure configurations, unpatched devices and the use of outdated protocols.