US disrupted alleged Russian trolls' internet access during midterms: Report
Cyber Command chief had signaled more aggressive moves outside U.S. borders.
U.S. cyber operators disrupted internet access for purported Russian trolls on the day of the 2018 midterm elections in a bid to hamper their propaganda operations, according to a report by The Washington Post.
The operation by U.S. Cyber Command reportedly targeted the St. Petersburg-based Internet Research Agency (IRA), which U.S. officials and prosecutors from Robert Mueller’s special counsel team allege operated an expansive influence operation designed in part to undermine American democracy by sowing discord online ahead of the 2016 presidential election and 2018 midterm elections.
“They basically took the IRA offline,” an individual familiar with the operation told the Post. “They shut ‘em down.”
The head of U.S. Cyber Command and the National Security Agency (NSA), Gen. Paul Nakasone, previously indicated his cyber warriors would be more aggressive in countering America’s adversaries across borders in cyberspace. Ahead of the midterms, the U.S. set up the “Russia Small Group,” a joint Cyber Command-NSA task force, specifically to “assist in the securing of the 2018 midterm elections,” he said.
“Acting includes defending forward,” he said in an interview with the military journal Joint Force Quarterly (JFQ). “How do we warn, how do we influence our adversaries, how do we position ourselves in case we have to achieve outcomes in the future? Acting is the concept of operating outside our borders, being outside our networks, to ensure that we understand what our adversaries are doing.”
The New York Times previously reported that Cyber Command officials had taken to warning individual alleged Russian operatives suspected of spreading disinformation online that they should not mess with the midterms.
Representatives for the NSA and Cyber Command did not immediately return ABC News’ requests for comment.
It remains to be seen what kind of impact the reported internet disruption may have had, according to experts.
Bret Schafer, a social media analyst at the Alliance for Securing Democracy, told ABC News that his organization didn’t notice a dramatic drop off of online propaganda on the day of the midterms, but he noted that his organization wasn’t focused solely on purported IRA accounts. He also pointed out that by then social media giants Twitter and Facebook already had taken down hundreds of accounts suspected to be linked to the IRA and other nefarious actors.
After conducting a review of foreign interference attempts during the midterms, the U.S. intelligence community released a report concluding that while there was no evidence that votes or vote tallies were altered, online influence operations emanating from Russia and other nations persisted similar to the weeks leading up to voting.
Jake Williams, a former Defense Department cyber operations official, told ABC News, “I don’t doubt they caused disruptions, I’m only dubious about how much... [But] it’s important to remember that this is a disruption operation, so any level of disruption is considered a success. It’s not necessary to take the target completely offline to be ‘successful.’”
Williams said that a potential problem with such operations is that American cyber operators can likely only use whatever secret tactics they used once.
“Unlike a missile that you test and say ‘if you oppose us, you’ve got one of these coming,’ cyber weapons are easy to defend against once you know what’s happening,” he said.
In his interview with JFQ, Nakasone suggested that U.S. Cyber Command was no longer interested in holding its cyber tools in reserve.
“Unlike the nuclear realm, where our strategic advantage or power comes from possessing a capability or weapons system, in cyberspace it’s the use of cyber capabilities that is strategically consequential,” he said. “The threat of using something in cyberspace is not as powerful as actually using it because that’s what our adversaries are doing to us.”