US Cyber Operation Protected Midterms

News  |  Feb 26, 2019

U.S. Cyber Command, with intelligence from the National Security Agency, launched an offensive attack on the Russian troll farm indicted for election interference in 2016, blocking Internet access on Election Day 2018 and "a day or so afterward" as officials counted votes. 

Washington Post

The strike on the Internet Research Agency in St. Petersburg, a company underwritten by an oligarch close to President Vladi­mir Putin, was part of the first offensive cyber campaign against Russia designed to thwart attempts to interfere with a U.S. election, the officials said.

“They basically took the IRA offline,” according to one individual familiar with the matter who, like others, spoke on the condition of anonymity to discuss classified information. “They shut them down.”

NBC News reports President Trump personally authorized the operation:

nbc news

Washington Post:

The action has been hailed as a success by Pentagon officials, and some senators credited Cyber Command with averting Russian interference in the midterms.

“The fact that the 2018 election process moved forward without successful Russian intervention was not a coincidence,” said Sen. Mike Rounds (R-S.D.), who did not discuss the specific details of the operation targeting the St. Petersburg group. Without Cybercom’s efforts, he said, there “would have been some very serious cyber incursions.”

(...)

The disruption to the Internet Research Agency’s networks took place as Americans went to the polls and a day or so afterward as the votes were tallied, to prevent the Russians from mounting a disinformation campaign that cast doubt on the results, according to officials.

The blockage was so frustrating to the trolls that they complained to their system administrators about the disruption, the officials said.

(...)

Another element of the Cyber Command campaign, first reported by the New York Times, involved “direct messaging” that targeted the trolls as well as hackers who work for the Russian military intelligence agency, the GRU. Using emails, pop-ups, texts or direct messages, U.S. operatives beginning in October let the Russians know that their real names and online handles were known and they should not interfere in other nations’ affairs, defense officials said.

Some Internet Research Agency officials were so perturbed by the messaging that they launched an internal investigation to root out what they thought were insiders leaking personnel information, according to two individuals.

(...)

Two new U.S. authorities facilitated the move against the Internet Research Agency. A presidential order in August gave Cybercom greater latitude to undertake offensive operations below the level of armed conflict — actions that would not result in death, significant damage or destruction. And a provision in the National Defense Authorization Act passed last year also cleared the way for clandestine cyber operations that fall below that same threshold, categorizing them as “traditional military activity.”

“The calculus for us here was that you’re just pushing back in the same way that the adversary has for years,” a second defense official said. “It’s not escalatory. In fact, we’re finally in the game.”

U.S. Cyber Command operation disrupted Internet access of Russian troll factory on day of 2018 midterms (WaPo)