US cyber command expands operations to hunt hackers from Russia, Iran and China

Nov 03, 2020 Travel News

US cyber command expands operations to hunt hackers from Russia, Iran and China

FORT MEADE, Md. – The United States Cyber ​​Command has expanded its overseas operations aimed at finding foreign hacking groups ahead of Tuesday’s election, an effort to identify not only Russian tactics but also those of the China and Iran, military officials said.

In addition to new operations in Europe to prosecute Russian hackers, Cyber ​​Command has sent teams to the Middle East and Asia over the past two years to help find Iranian, Chinese and North Korean hack teams. and identify the tools they used to penetrate computer networks.

Cyber ​​Command was building on an initiative launched in 2018, when it sent teams to North Macedonia, Montenegro and other countries to learn more about Russian operations. The move also reflects an increased effort to secure this year’s presidential election.

Cyber ​​Command, which directs the military’s offensive and defensive operations in the online world, was largely on the sidelines in 2016. But for the 2018 midterm elections, the command took a much stance. more aggressive. In addition to sending the teams to the allied countries, he sent warning messages to future Russian trolls before the vote, during his first offensive operation against Moscow; he then took at least one of those troll farms offline on election day and the days after.

The 2018 operation was primarily focused on Russia, according to what is publicly known about it. But ahead of this year’s election, intelligence officials described efforts by Iran and China, as well as Russia, to potentially influence the vote, and Cyber ​​Command has also broadened its reach. action.

“Since 2018, we have extended our forward fighter operations to all major adversaries,” Lt. Gen. Charles L. Moore Jr., deputy chief of Cyber ​​Command, said in an interview in his Fort Meade office.

Cyber ​​Command calls its work with its allies to find enemy pirates “to continue operations.” After approaching foreign adversaries’ own networks, Cyber ​​Command can then penetrate inside to identify and potentially neutralize attacks against the United States, according to current and former officials.

“We want to find the bad guys in the red space, in their own operating environment,” General Moore said. “We want to take the archer down rather than dodge the arrows.”

Officials would only identify the regions and not the countries in which they operated before the 2020 election. But Cyber ​​Command officials said those efforts uncovered malware used by opposing hacking teams. . Other government agencies have used this information to help national and local authorities strengthen their electoral defenses and inform the public of threats.

Cyber ​​Command sends teams of experts overseas to work with partner and allied nations to help them find, identify, and eliminate hostile intrusions on their government or military computer networks.

For allied nations, inviting Cyber ​​Command agents not only helps improve their network defenses, but also demonstrates to adversaries that the U.S. military is working with them. For the United States, the deployments give their experts an early glimpse of the tactics that potential adversaries are honing in their own neighborhoods, techniques that could later be used against the Americans.

Information gathered from forward hunting operations was shared with the rest of the U.S. government to help defend critical networks ahead of the election, Cyber ​​Command chief Gen. Paul M. Nakasone wrote in a post. in August in Foreign Affairs.

Cyber ​​security experts have argued that the deployments allow Cyber ​​Command to work alongside partner teams that are under attack on a daily basis from Russia, Iran or China.

“The best way to get intelligence is through genuine cooperation and collaboration with other teams fighting it,” said Theresa Payton, cybersecurity expert and former public servant under the George W. Bush administration. “They will have received different types of targeted attacks that you may not have seen.”

Cyber ​​Command officials said they continued to try to identify and stop foreign threats to the elections after the midterm vote in 2018, adding new partners to their defensive network.

“The attacks are still ongoing; this is why Cyber ​​Command’s continued work with the military cyber operations of other countries is our best way to be at fault to protect US interests, ”said Ms. Payton, whose book“ Manipulated ”examined emerging types of cyberattacks.

Some lawmakers and experts believe foreign influence efforts could escalate if the election outcome is challenged, amplifying allegations of fraud or demands for a recount.

Likewise, Cyber ​​Command officials said their efforts to try to counter foreign threats would not end with the vote closing on Tuesday; they will continue as the votes are counted and the Electoral College prepares to meet in December.

“We are not stopping or thinking about relaxing our operations on November 3,” General Moore said. “Defending the elections is now a persistent and ongoing campaign for Cyber ​​Command.”