US pushed Russian troll factory offline during US midterm elections

While Americans were going to the polls for the 2018 US midterm elections, the US military was cyber-hammering Russian’s infamous troll factory to frustrate its election-meddling ways, the Washington Post has reported.

According to unnamed US officials who weren’t authorized to discuss classified information, the cyberstrike was launched against the Russian government-linked Internet Research Agency (IRA).

This is reportedly the first official US cyberattack on the IRA, a St. Petersburg company underwritten by an oligarch close to President Vladi­mir Putin. From the sounds of it, it was more annoying – think messing with their minds – to those whom US intelligence has deemed to be Russian election meddlers than crippling to that country’s ongoing propaganda efforts.

The Post quoted one individual who was familiar with the matter:

They basically took the IRA offline. They shut them down.

Or not, said Thomas Rid, a strategic-studies professor at Johns Hopkins University:

Such an operation would be more of a pinprick that is more annoying than deterring in the long run.

Well, maybe, but there’s still value in inflicting fear, uncertainty and doubt, one defense official told the Post:

Part of our objective is to throw a little curveball, inject a little friction, sow confusion. There’s value in that. We showed what’s in the realm of the possible. It’s not the old way of doing business anymore.

US to Russia: You’re not the only internet-borne threat

The “new” way of doing business is another way to say hacking back – what’s also called offensive hacking, or what the Defense Department has called “defending forward” in its new cyber strategy, which it introduced in September.

It’s what we can think of as plain old “attacking,” but without the need for the military to get an OK from the president’s National Security Council.

One of the Post’s sources from the Defense Department said that the ability to hack back/defend forward makes the US, finally, a contender:

The calculus for us here was that you’re just pushing back in the same way that the adversary has for years. It’s not escalatory. In fact, we’re finally in the game.

Cybercom stomps

In this case, the Post reports, the attack was carried out by Cyber Command (Cybercom). In October, the New York Times reported that Cybercom’s attack was in part psychological: agents individually targeted Russian operatives to try to convince them not to spread disinformation that could skewer elections. The Russian operatives were told that US operatives knew their names and their online handles and that they were tracking their work.

Two US officials told the Post that some IRA officials were so freaked out, they launched an internal investigation to root out what they thought were insiders leaking information.

Some officials said that this type of mind-play won’t have much impact on Russia’s overall strategy. One such:

Causing consternation or throwing sand in the gears may raise the cost of engaging in nefarious activities, but it is not going to cause a nation state to just drop their election interference or their malign influence in general. It’s not going to convince the decision-maker at the top.

Besides Cybercom’s efforts to defend the elections, the broader defensive/offensive strategy included Homeland Security, the State and Justice departments, and the FBI. The Post reports that it was led by Gen. Paul Nakasone, who in July formed the Russia Small Group, made up of 75 to 80 people from Cybercom and the National Security Agency (NSA), which are part of the Defense Department.

In an interview with Joint Force Quarterly, Nakasone said that up until now, the country has employed ineffective defenses against adversaries who’ve penetrated our networks, weaponized information for conducting propaganda campaigns, stolen intellectual property, and ripped off people’s personally identifiable information (PII).

In order to fight off such adversaries, Nakasone said that we have to get on the same playing field and figure out their moves:

We’ve learned that if we’re going to have an impact on an adversary, we have to persistently engage with that adversary, we have to understand that adversary, we have to be able to impose cumulative costs on that adversary, and we have to be able to understand where that adversary not only is but also where he is going.