U.S. strikes back at Russia in cyberspace warfare
WASHINGTON -- With little public fanfare, U.S. Cyber Command, the military's new center for combating electronic attacks against the United States, has launched operations to deter and disrupt Russians who have been meddling with the U.S. political system.
Like other U.S. cyberwar activities, this effort against Russia is cloaked in secrecy. But it appears to involve, in part, a warning to suspected Russian hackers that echoes a menacing phrase that's a staple of many fictional crime and spy thrillers: "We know where you live."
Beginning last fall, before the midterm elections, Cyber Command began directly contacting Russians who were linked to operations, such as those with the Internet Research Agency, which allegedly helped coordinate Moscow's campaign to subvert the 2016 presidential election. The apparent aim was to put people on notice that their covers had been blown, and that their ability to work and travel freely might be affected.
U.S. officials believe that the disruption effort has frazzled some of the Russian targets and may have deterred some interference during the midterms. The operation was first reported by The New York Times Oct. 23, and additional details have emerged from public and private sources.
One unlikely public confirmation came from Yevgeny Zubarev, the director of the St. Petersburg-based Federal News Agency and one of the apparent Russian targets. Justice Department prosecutors have alleged that Zubarev's information website, known by its Russian acronym FAN, was part of the same covert-action network as the Internet Research Agency.
"The United States Cyber Command writes to me to say that what I am doing is wrong, that their job is to fight trolls," Zubarev told the Daily Beast in December. "We are defending the motherland on the information fronts." But he denied he was part of any "troll farm."
A catalogue of potential Russian operatives, who might be targets of similar Cyber Command warnings, came in an indictment unsealed in October describing how a Russian bookkeeper's role in managing a "conspiracy ... to sow division and discord in the U.S. political system."
A dozen fronts for this alleged political-interference operation, including FAN, are cited in the indictment, along with 14 companies that maintained bank accounts to finance operations. Prosecutors alleged that the bookkeeper prepared "hundreds of financial vouchers, budgets and payment requests," and the indictment listed precise figures from a series of monthly budgets from February 2017 to June 2018.
This was the covert world's version of a "gotcha." The implication was that U.S. intelligence had the names, dates, web addresses and other details of anyone touched by the bookkeeper's electronic connections. Some of these operatives and contractors may have been among those pinged by Cyber Command. The message, in part, was that their ability to operate in secrete had vanished.
This tactic of outing Russian cyber operatives may have a "deterrent effect," argues Thomas Rid, a Johns Hopkins professor and author of the forthcoming book, "Active Measures: A History of Disinformation." He explained in an interview: "We know from history that when intelligence officers who have prized secrecy their entire careers are exposed, it is a punch in the gut."