Written by Shannon Vavra
The Department of Defense has sent personnel abroad to hunt for malicious software that adversaries may be using against U.S. voting infrastructure or networks prior to Election Day.
Gen. Paul Nakasone announced Tuesday in a Foreign Affairs editorial that Cyber Command personnel would be deployed as part of a plan to allow defensive cyber-operators from the Pentagon to identify malware targeting other countries’ networks and systems. Similar attacks could later be used for attempted intrusions aimed at disrupting American technologies. The announcement coincides with ongoing efforts between Cyber Command, the military’s offensive hacking outfit, and the National Security Agency to monitor threats to the 2020 U.S. presidential election from Russia, China, Iran, North Korea.
It was not immediately clear where the military personnel were deployed. Cyber Command has run multiple so-called Hunt Forward missions in Montenegro, which, Russian military hackers have aimed to disrupt their political process, as they did with a hack-and-leak operation against the Democratic National Committee in 2016. The state-sponsored hacking group APT28, or Fancy Bear, has been active throughout the world, but particularly in Eastern Europe.
“We learned that we cannot afford to wait for cyber attacks to affect our military networks,” Nakasone wrote in the op-ed, co-written with senior adviser Michael Sulmeyer. “We learned that defending our military networks requires executing operations outside our military networks.”
Since 2018, when the Hunt Forward missions began, Cyber Command has also sent cyber-operators to North Macedonia and Ukraine, a perennial target of Russian government operations, to gather intelligence aimed at protecting U.S. elections. Russia’s apparent interest in targeting smaller countries makes those allies opportune partners in understanding Russian malware threats, then preparing for potential similar attacks against American targets. Previous Hunt Forward missions have led to the “mass inoculation of millions of systems, which has reduced the future effectiveness of the exposed malware and our adversaries,” Nakasone and Sulmeyer wrote.
This year, though, U.S. intelligence agencies have assessed the set of potential threats from adversaries to be much broader than just Russia. China, and Iran also seek to influence the 2020 U.S. presidential election, according to the Office of the Director of National Intelligence. Meanwhile Cuba, Saudi Arabia, and North Korea are aiming to sow discord in the U.S., according to ODNI’s Director of the National Counterintelligence and Security Center Bill Evanina.
Cyber Command declined to comment on where the troops deployed and the duration of the missions. The foreign ministries of Montenegro, North Macedonia, and Ukraine did not immediately return request for comment.
Under a new set of authorizations from Congress and the Executive Branch issued in 2018, Cyber Command has been leveraging a number of ways to so-called “defend forward,” including by uploading malware samples to information-sharing repositories like VirusTotal and interrupting Russia’s troll farm’s internet access in 2018.
This year, like in 2018, the NSA and Cyber Command are sharing indicators of potential compromise with the Department of Homeland Security to “harden the security of election infrastructure.” The agencies are also sharing threat information with the FBI “to bolster that organization’s efforts to counter foreign trolls on social media platforms,” as well. Alongside the Hunt Forward missions, “Cyber Command is doing all of this and more for the 2020 elections,” according to Nakasone and Sulmeyer.