For years, the US Government has become more or less autonomous and aggressive Cyber Command, the sibling of the National Security Agency whose hackers are authorized to destroy cyberwar and disrupt America's adversaries with digital acts sabotage. During last November's congressional election, it seems the newly empowered agency quietly flexed its muscles in an operation that took out Internet access for Russia's Internet Research Agency, a Kremlin-linked hub of social media disinformation.
But while that takedown created Immediately, as a "signal" to US adversaries on-line wants to resonate further and longer.
On Tuesday, the Washington Post reported that Cyber Command targeted the St. Petersburg-based Internet Research Agency with a cyberattack in late 201
But most of the former intelligence and cybersecurity officials who spoke about the IRA's internet access was not the immediate outage it created, but the larger message it communicated to the Kremlin amplified further by the classified operation now having leaked to the post. The IRA's network makes clear that the US government could have done worse, such as destroying computers or leaking the IRA's internal communications.
"This operation is nothing more than a signal to the Russians Sergio Caltagirone, a former Technical Leader at the NSA who has since worked on threat intelligence at Microsoft and security firm Dragos.
Exactly how much immediate pain the IRA-targeted operation itself is caused remains far from clear. The IRA's staff were reportedly annoyed by the shutdown that Cyber Command recorded complaints they sent to their systems administrators. But former White House cybersecurity advisor Rob Knake, who served for four years on President Barack Obama's national security council, argues that IRA staffers may have had no more than walk to a coffee shop, or their computers to their phones, to overcome a mere network outage. "If you have internet access to a bunch of trolls at a troll farm, they work from home or go to their local Starbucks," Knake says.
But Knake and other cybersecurity analysts so question exactly how that apparent message was interpreted. A mere internet takedown in response to a highly aggressive campaign to swing a US presidential election, Knake argues, could be seen within the Kremlin as the opposite of a demonstration of strength. That's not a terribly strong signal, "Knake says. That's a signal, "Isolating one building I do not think much of one."
Cyber Command had, prior to the IRA's network shutdown, The GRU responsible for much of 2016's election interference. As the New York Times reported last October, Cyber Command operators sent messages to them. The Post reports that the IRA is "hacking" enough to block the cyberspace.
Whether the attack on the IRA's entire network serves as an effective capstone to cyber hacking Johns Hopkins cyber conflict researcher Thomas Rid. That includes the timing of the takedown, and whether Cyber Command had a specific plan for the IRA had in place. It's not clear what other offensive actions Cyber Command have taken that remain unreported. For even the most obvious elements, but still questions the signal's forcefulness.
"I have my doubts, it has no meaningful effects on the most aggressive components of the Russian They might just laugh it off, "Rid says. Compared with the GRU intelligence operations that targeted the US over the past several years, he calls the IRA "low-hanging fruit," a less protected and valued target than actual Russian government entities.
"If you do this, we want to do it."
Sergio Caltagirone, Dragos
But Cyber Command seems to be misbehavior online and triggering a cycle of escalation that could lead to even more aggressive attacks. As Rid points out, Russian President Vladimir Putin is widely believed to have released the Panama Papers-a massive troubled treasury of documents containing information about Putin's own illicit finances-as a US-led action intended to embarrass him, for which Russia's sabotage of Democrats in the US election serving as payback.
In that light, a network outage may have been put on an appropriate conservative option, says Caltagirone. "This is exactly what you want to do in statecraft," he says. "It's a light touch, and a masterful move."
Time wants to tell if the signal had any long term effect. But Kenneth Geers, a cybersecurity-focused fellow at the Atlantic Council, argues that it's just the first step in establishing "escalatory ladder" that's understood by US adversaries. "We know who the people are, where the network is, how they're doing it, and we can stop them," Geers says. [This is a message that will be heard loud and clear in the Kremlin.]
More Great WIRED Stories