The Internet Research Agency (IRA) is one of the Russian agencies involved in the country’s all-too-successful 2016 efforts to support Donald Trump and wreck the U.S. election system. Their role in the affair has already earned both the IRA and many of those who lead it a hefty set of charges from Robert Mueller and the special counsel’s office, including charges of conspiracy to defraud the United States. But on Election Day 2018, the IRA’s ongoing role in election interference earned them something else—a direct attack from the NSA’s Cyber Command.
As the Washington Post reports, U.S. Cyber Command fired more than a warning shot across IRA’s bow, demonstrating an ability to completely shut down the state-sponsored hackers by taking away their internet access.
“They basically took the IRA offline,” according to one individual familiar with the matter who, like others, spoke on the condition of anonymity to discuss classified information. “They shut ‘em down.”
Experts were not sure if the demonstration would have any lasting effect on Russia’s tactics, and it’s not clear that anything has really changed post-attack. The IRA still seems to be active in, among other things, cyber intrusion and using both human and bot trolls to direct social media conversations. That’s been true in both the U.S. where bots have been important in boosting stories that seek to divide Democrats, and in the U.K., where the IRA is amplifying the confusion around Brexit. There are also concerns from some that, having demonstrated to Russia that it can take action, Russia will surely move to safeguard its efforts against this specific form of attack.
But the bigger question should be: What took so long? Why, if they had the capability to disrupt the IRA (and the IRA was a known instigator in 2016), did the NSA not move to take the IRA and related groups offline when it could have had the most impact in securing democracy?
U.S. Cyber Command began another effort in the month before the 2018 election. It began sending direct messages and emails to the accounts of Russian operatives informing them that they were known instigators, and that Cyber Command was aware of their activities. The Russians were shown that the NSA had connected their online accounts and their real names. That effort seems to have generated a fair amount of paranoia within the IRA, and created an “internal investigation” to find potential leakers.
In any case, the 2018 elections seemed to be much less hampered by efforts to intrude into local and state election information, disrupt elections through planted stories and targeted ads, and false fronts masquerading as U.S. interest groups. So the cyber attacks may have been successful …
Or they could have been a minor skirmish in a war where the next major battle is less than two years away.