U.S. disrupted Internet access of Russian troll factory on day of 2018 midterms | TribLIVE.com

U.S. disrupted Internet access of Russian troll factory on day of 2018 midterms

Aerial photo shows the Pentagon in Washington.

The U.S. military blocked Internet access to an infamous Russian entity seeking to sow discord among Americans during the 2018 midterms, several U.S. officials said, a warning that the group’s operations against the United States are not cost-free.

The strike on the Internet Research Agency in St. Petersburg, a company underwritten by an oligarch close to President Vladimir Putin, was part of the first offensive cyber campaign against Russia designed to thwart attempts to interfere with a U.S. election, the officials said.

“They basically took the IRA offline,” according to one individual familiar with the matter who, like others, spoke on the condition of anonymity to discuss classified information. “They shut ‘em down.”

The operation marked the first muscle-flexing by U.S. Cyber Command, with intelligence from the National Security Agency, under new authorities it was granted by President Trump and Congress last year to bolster offensive capabilities.

Whether the impact of the St. Petersburg action will be long-lasting remains to be seen. Russia’s tactics are evolving, and some analysts were skeptical of the deterrent value on either the Russian troll factory or on Putin, who, according to U.S. intelligence officials, ordered an “influence” campaign in 2016 to undermine faith in U.S. democracy. U.S. officials have also assessed that the Internet Research Agency works on behalf of the Kremlin.

“Such an operation would be more of a pinprick that is more annoying than deterring in the long run,” said Thomas Rid, a strategic studies professor at Johns Hopkins University, who was not briefed on the details.

But some U.S. officials argued that “grand strategic deterrence” is not always the goal. “Part of our objective is to throw a little curve ball, inject a little friction, sow confusion,” said one defense official. “There’s value in that. We showed what’s in the realm of the possible. It’s not the old way of doing business anymore.”

The action has been hailed as a success by Pentagon officials, and some U.S. senators credited CyberCom with averting Russian interference in the midterms.

“The fact that the 2018 election process moved forward without successful Russian intervention was not a coincidence,” said Sen. Mike Rounds, R-S.D., who did not discuss the specific details of the operation targeting the St. Petersburg group. Without CyberCom’s efforts, there “would have been some very serious cyber incursions.”

Cyber Command and the NSA declined to comment.

The disruption to the Internet Research Agency’s networks took place as Americans went to the polls and a day or so afterward — as the votes were tallied, to prevent the Russians from mounting a disinformation campaign that casts doubt on the results, according to officials.

The blockage was so frustrating to the trolls that they complained to their system administrators about the disruption, the officials said.

The Internet Research Agency as early as 2014 and continuing through the 2016 presidential election sought to undermine the U.S. political system, according to the Justice Department. Posing as Americans and operating social media pages and groups, Russian trolls sought to exacerbate tensions over issues such as race, sexual identity and guns.

The agency, according to federal prosecutors, is financed by Yevgeniy Prigozhin, a tycoon from St. Petersburg and an ally of Putin. Prigozhin, the Internet Research Agency and a company Prigozhin runs called Concord Management and Consulting, were among 16 Russian individuals and companies that a grand jury indicted a year ago as part of Special Counsel Robert Mueller’s investigation into Russian interference in the 2016 election.

In a response to questions from The Washington Post, Prigozhin said in a statement on the Russian version of Facebook, “I cannot comment on the work of the Internet Research Agency in any way because I have no relation to it.” Concord Management declined to comment, citing the ongoing litigation in the United States.

Another element of the Cyber Command campaign, first reported by the New York Times, involved “direct messaging” that targeted the trolls and as well as hackers who work for the Russian military intelligence agency, the GRU. Using emails, pop-ups, text or direct messages, U.S. operatives beginning last October let the Russians know that their real names and online handles were known and they should not interfere in other nations’ affairs, defense officials said.

Some Internet Research Agency officials were so perturbed by the messaging that they launched an internal investigation to root out what they thought were insiders leaking personnel information, according to two individuals.

The operation was part of a broader government effort to safeguard the 2018 elections, involving the departments of Homeland Security, State and Justice, as well as the FBI. It was led by Gen. Paul Nakasone, who in July formed the Russia Small Group, made up of 75 to 80 personnel from CyberCom and NSA, which are part of the Defense Department.

When Nakasone took up the helm at the NSA and CyberCom in May, the White House and Defense Secretary Jim Mattis told him his priority needed to be the defense of the midterm elections, officials said. No one wanted a repeat of the 2016 campaign, when the GRU hacked Democratic Party computers and released troves of emails and the Internet Research Agency mounted its social media campaign to exploit social divisions.

In August, Director of National Intelligence Daniel Coats said Russia was continuing “a pervasive messaging campaign” to try to weaken and divide the United States, though officials also concluded it was not as aggressive as the 2016 operation by Russia.

Two new U.S. authorities facilitated the move against the Internet Research Agency. A presidential order last August gave CyberCom greater latitude to undertake offensive operations below the level of armed conflict – actions that don’t result in death, significant damage or destruction. And a provision in this year’s National Defense Authorization Act also cleared the way for clandestine cyber operations that fall below that same threshold, categorizing them as “traditional military activity.”

“The calculus for us here was that you’re just pushing back in the same way that the adversary has for years,” a second defense official said. “It’s not escalatory. In fact, we’re finally in the game.”

But other officials are more circumspect.

“Causing consternation or throwing sand in the gears may raise the cost of engaging in nefarious activities, but it is not going to cause a nation state to just drop their election interference or their malign influence in general,” said a third official. “It’s not going to convince the decision-maker at the top.”

The operation also was the first real test of CyberCom’s new strategy of “persistent engagement” issued in April, which involved continually confronting the adversary and information sharing with partners. CyberCom in fall 2018 sent troops to Montenegro, Macedonia and Ukraine to help shore up their network defenses, and the Americans were able to obtain unfamiliar malware samples that private security researchers traced to the GRU, according to officials

The Cyber Command campaign also was part of what Nakasone has described in an interview with Joint Force Quarterly as “acting outside our borders, being outside our networks, to ensure that we understand what our adversaries are doing.”

Categories: News | Top Stories | World
TribLIVE commenting policy

You are solely responsible for your comments and by using TribLive.com you agree to our Terms of Service.

We moderate comments. Our goal is to provide substantive commentary for a general readership. By screening submissions, we provide a space where readers can share intelligent and informed commentary that enhances the quality of our news and information.

While most comments will be posted if they are on-topic and not abusive, moderating decisions are subjective. We will make them as carefully and consistently as we can. Because of the volume of reader comments, we cannot review individual moderation decisions with readers.

We value thoughtful comments representing a range of views that make their point quickly and politely. We make an effort to protect discussions from repeated comments either by the same reader or different readers

We follow the same standards for taste as the daily newspaper. A few things we won't tolerate: personal attacks, obscenity, vulgarity, profanity (including expletives and letters followed by dashes), commercial promotion, impersonations, incoherence, proselytizing and SHOUTING. Don't include URLs to Web sites.

We do not edit comments. They are either approved or deleted. We reserve the right to edit a comment that is quoted or excerpted in an article. In this case, we may fix spelling and punctuation.

We welcome strong opinions and criticism of our work, but we don't want comments to become bogged down with discussions of our policies and we will moderate accordingly.

We appreciate it when readers and people quoted in articles or blog posts point out errors of fact or emphasis and will investigate all assertions. But these suggestions should be sent via e-mail. To avoid distracting other readers, we won't publish comments that suggest a correction. Instead, corrections will be made in a blog post or in an article.