The Americans hack the Russians, the Russians hack the Americans, this is the song that never ends. But what comes next on our merry-go-round?
On Tuesday, the Washington Post reported that U.S. Cyber Command hacked and “shut down” the Russian Internet Research Agency (IRA) during the U.S. midterm elections in November. The IRA is that notorious “troll factory” U.S. officials say is dedicated to supporting Russia’s global geopolitical goals with online information warfare.
You might remember the IRA from previous indictments such as Robert Muller’s 2018 prosecution against 13 Russian individuals and three companies allegedly involved in a plot to interfere with the 2016 U.S. elections.
Now that the 2020 campaign cycle has started, the best way to understand last year’s U.S. attack against the IRA is to look at the United States’ shifting its strategy and rules in cyberspace: That means it’s now easier for the U.S. military to engage in offensive hacking that sends a message.
Rob Joyce, a senior cybersecurity advisor at the National Security Agency and previously the White House cybersecurity coordinator, underlined the policy in an interview on Thursday with CyberScoop about the Trump administration opening the door to more offensive cyber operations by the U.S. military.
“We have to impose costs in a visible way to start deterrence,” Joyce said. “We have to go out and try to make those operations less successful and harder to do.”
In the language of politicians and spies, deterrence is an action designed to discourage. In this case, the new rules are meant to discourage attacks against the United States—like, for instance, the interference in the 2016 election.
But beyond the basics, the story leaves a Mt. Everest worth of questions. The Post article—which is based on leaks from “several” unnamed “U.S. officials”—includes cheerleading from Senator Mike Rounds who credits U.S. Cyber Command’s attack with preventing “serious cyber-incursions.”
That doesn’t make a lot of sense on its face, given that the IRA carries out information warfare rather than actual hacking resulting in “intrusions.” At this point, it’s impossible, by design, for the public to decipher what the latest American actions actually mean—not to mention how Moscow might ultimately react.
In the short term, Russia has responded in a variety of telling ways.
Russia’s Federal News Agency (FAN), made globally famous in a 2015 New York Times exposé about its army of troll propagandists, seemed to confirm an American offensive and called it “unproductive and unprofessional.”
Asked about the U.S.-claimed attack, a prominent Kremlin spokesman said “cyberattacks are constantly carried out from U.S. territory against various Russian organizations.” The spokesperson didn’t confirm or deny the attack, but he did argue in general that U.S. attacks against Russia justified Moscow’s tests of disconnecting its internet from the world as part of a “sovereign internet” plan.
FAN is not a particularly famous name inside the United States. Government-owned outlets like Sputnik and TASS get more exposure while the IRA is seen as an epicenter of Russian information warfare.
Think of FAN as a little brother. The organization has operated in the same building as the IRA, raising questions about the relationship between the two organizations that may just be different bureaus of the same operation. The New York Times has reported that the two are intimately connected. FAN publishes and pushes what can only be described as transparent pro-Kremlin trolling desperate to get coverage inside the United States.
FAN’s history includes sensationalist and homophobic complaints about the FBI recognizing LGBTQ employees, offices with pictures of President Donald Trump next to the Confederate flag, and frankly bizarre attempts to organize rallies at the White House.
In other words, they’re trolls eager to provoke a reaction, and there is little or no effort to hide it.
The Post article notes that the IRA was denied internet access on the day of the 2018 midterms but, when it comes to influence operations, it’s the preceding months and years that matter most. Still, it’s hard to beat the optics of hacking an enemy on Election Day, and the recently revealed back and forth is genuinely something we’ve never seen before—even if no one outside of U.S. Cyber Command’s Ft. Meade headquarters really understands what it all means yet.
“I believe that signals indicating one country making a cyber operation against targets at another country, together with the subsequent signals coming from sources in another country confirming such operations would be an unprecedented event in the history of ‘cyber conflicts,’” Dr. Lukasz Olejnik, an independent cybersecurity and privacy researcher and advisor, and research associate at Center for Technology and Global Affairs of Oxford University, told Gizmodo via email.
In addition to delivering messages to adversaries in Moscow, the U.S. intelligence community is intent on delivering one to the American public. NSA’s Joyce, in his recent interview, touted how well his colleagues had handled 2018 and signaled more to come in the lead up to 2020.
“We’re pretty proud of delivering a midterm election that was free of malfeasance and interference, and we’re already working pretty hard on the 2020 [election],” the NSA’s Joyce told CyberScoop, emphasizing the NSA’s partnership with agencies including U.S. Cyber Command and the FBI. “[W]e’ve said the time has come that we have to alter the field and not just stand back and wait for opponents to probe us.”