US Cyber ​​Command Interrupted Russian Troll's Internet Access on 2018


The US military has blocked Internet access to an infamous Russian entity seeking to sow discord among Americans in the year 2018, several US officials said, warning that the group's operations against the United States would not not free.

The strike on the Internet Research Agency in St. Petersburg, a company subscribed by an oligarch close to President Vladimir Putin, was part of the first cyber-offensive campaign against Russia. designed to thwart attempts to interfere in an American election, officials said.

"They basically put the IRA off line," according to a person familiar with the case who, like others, spoke under the guise of anonymity to discuss the case. classified information. "They closed them."

The operation marked the first bodybuilding movement of the US Cyber ​​Command, thanks to information provided by the National Security Agency, under the new authority of powers conferred on President Trump and Congress last year. to strengthen its offensive capabilities.

If the impact of the St. Petersburg hasction will be long remains to be seen. Russia's tactics are evolving, and some analysts are skeptical about the deterrent value of the Russian troll factory or Putin, who US intelligence officials said ordered an "influence" campaign in 2016 to undermine confidence in American democracy. US officials also said the Internet Research Agency was working for the Kremlin.

"Such an operation would be more of a pinch that would be more annoying than a deterrent in the long run," said Thomas Rid, a professor of strategic studies at Johns Hopkins University, who said: has not been informed of the details.

But some US officials have argued that the "great strategic deterrent" was not always the goal. "Part of our goal is to throw a small curved ball, inject a little friction, to cause confusion," said a defense official. "There is value to that. We have shown what is in the realm of possibility. It's not the old way of doing business anymore. "

L & # 39; Action was hailed as a success by Pentagon officials, and Some US senators have given CyberCom the responsibility to avoid Russia's mid-term interventions.

"The fact that the 2018 electoral process unfolded without successful Russian intervention was not a coincidence," said Senator Mike Rounds (RS.D.), who did not discuss the details of the operation targeting the group of St. Petersburg. Without the efforts of CyberCom, "there would have been very serious computer incidents."

Cyber ​​Command and the NSA declined to comment.

The disruption of the networks of the Internet Research Agency took place while Americans went to the polls and a day or two later – the votes being counted, to prevent the Russians from launching a campaign of misinformation that casts doubt on the results, according to officials.

The blockage was so frustrating for the trolls that they complained to their system administrators about the disruption, officials said.

According to the Justice Ministry, the Internet Research Agency had started in 2014 and throughout the 2016 presidential election to undermine the American political system. Presenting themselves as Americans and exploiting pages and social media groups, Russian trolls have sought to exacerbate tensions over issues such as race, gender identity and guns.

According to federal prosecutors, the agency is funded by Yevgeniy Prigozhin, a St. Petersburg magnate and an ally of Putin. Prigozhin, Internet Research Agency and a company called Concord Management and Consulting headed by Prigozhin, were among the 16 people and Russian companies charged a year ago by the grand jury in the context of the investigation of the lawyer Special Robert S. Mueller III on the interference of Russia in the 2016 election.

In response to questions from the Washington Post, Prigozhin said in a statement on the Russian version of Facebook: "I can not in any way comment on the work of the Internet Research Agency because I have no connection with him." comment, citing current litigation in the USA.

Another element of the Cyber ​​Command campaign, reported for the first time by The New York Times, involved "direct messaging" which targeted trolls and hackers who work for the Russian military intelligence service, the GRU. By using eminstant messages, text messages or direct, US agents starting last October to let the Russians know that their real names and online pseudonyms were known and that they should not interfere in the business, defense or defense of others nations. the officials said.

Some officials at the Internet Research Agency were so disturbed by the message that they launched an internal investigation to find out what they thought were insiders disclosing personal information, according to two people.

The operation was part of a broader government effort to protect the 2018 elections, involving the departments of Homeland Security, State and Justice, as well as the FBI. It was led by General Paul Nakasone, who in July formed Russia's small group of 75 to 80 staff members from CyberCom and the NSA, who are part of the Defense Department.

When Nakasone took over the NSA and CyberCom in May, White House and Defense Secretary Jim Mattis announced his priority. should be defenders of mid-term elections, officials said. Nobody wanted the 2016 campaign to come back at the same time, when the GRU hacked Democratic Party computers and made numerous e-mails public. Internet Research Agency has run its campaign on social media to exploit social divisions.

In August, Daniel Coats, director of national intelligence, said that Russia was pursuing "an omnipresent messaging campaign" to try to weaken and divide the United States, although officials also concluded that it was not so obvious. aggressive as the 2016 operation by Russia.

Two new US authorities have facilitated the move against the Internet Research Agency. A presidential order last August CyberCom has more flexibility to undertake offensive operations below the level of an armed conflict – actions that do not result in death, significant damage or destruction. In addition, a provision of the National Defense Authorization Act passed this year also paved the way for covert cyber operations that fall below this threshold, calling them "traditional military activity".

"The math for us here is that you are just backing the same way as the opponent for years," said a second defense official. "It's not an escalation. In fact, we are finally in the game. "

But other officials are more circumspect.

"Causing consternation or throwing sand into the gears can increase the cost of participating in harmful activities, but that will not cause a nation-state to simply drop its electoral interference or its perverse influence in general," said a third official. "It's not going to convince the decision maker at the top."

The operation was also the first real test of CyberCom's new "persistent engagement" strategy published in April, which was to continually confront the adversary and exchange information with partners. In the autumn of 2018, CyberCom sent troops to Montenegro, Macedonia and Ukraine to help strengthen the defenses of their network, and Americans were able to obtain unknown malware samples that private security researchers have traced to the GRU, according to officials.

The Cyber ​​Command campaign was also part of what Nakasone described in an interview with Joint Force Quarterly as "acting beyond our borders, outside our networks, to make sure we understand what our opponents are doing."

Joseph Marks contributed to this report.


Source link