[BreachExchange] US military hackers conducting offensive operations in support of Ukraine, says head of Cyber Command

[Matthew Wheeler]

https://www.three.fm/news/world-news/us-military-hackers-conducting-offensive-operations-in-support-of-ukraine-says-head-of-cyber-command/

US military hackers have conducted offensive operations in support of
Ukraine, the head of US Cyber Command has told Sky News.

In an exclusive interview, General Paul Nakasone also explained how "hunt
forward" operations were allowing the United States to search out foreign
hackers and identify their tools before they were used against America.

Speaking in Tallinn, Estonia, the general, who is also director of the
National Security Agency (NSA), told Sky News that he is concerned "every
single day" about the risk of a Russian cyber attack targeting the US and
said that the hunt forward activities were an effective way of protecting
both America as well as allies.

General Nakasone confirmed for the first time that the US was conducting
offensive hacking operations in support of Ukraine in response to the
Russian invasion.

He told Sky News: "We've conducted a series of operations across the full
spectrum; offensive, defensive, [and] information operations."

The four star general did not detail the activities, but explained how they
were lawful, conducted with complete civilian oversight of the military and
through policy decided at the Department of Defence.

"My job is to provide a series of options to the secretary of defence and
the president, and so that's what I do," he said. He declined to describe
those options.

But he noted how in contrast to Russia, which conducts information
operations by beginning with a lie, the US aims to strategically tell the
truth.

"A classic example is in 2020, when we saw a series of different proxies,
in this case troll farms that were starting to develop in Africa," he said.

Cyber Command and the NSA shared this information with the FBI and also
with CNN, providing "a flashlight that suddenly exposes this type of
malicious behaviour".

This strategic disclosure has been developing since 2018, General Nakasone
added, and has informed the Western response to the invasion of Ukraine.

"We had an opportunity to start talking about what particularly the
Russians were trying to do in our midterm elections. We saw it again in
2020, as we talked about what the Russians and Iranians were going to do,
but this was on a smaller scale.

"The ability for us to share that information, being able to ensure it's
accurate and it's timely and it's actionable on a broader scale has been
very, very powerful in this crisis," he said.

Ukraine's intriguing resilience

General Nakasone disagreed with commentators who suggested that the cyber
aspects of the Russian assault on Ukraine had been overblown and praised
the Kyiv government and defenders for their resilience.

"If you asked the Ukrainians, they wouldn't say it's been overblown. If you
take a look at the destructive attacks and disruptive attacks that they've
encountered - you wrote about it in terms of the attack on [satellite
company] Viasat - this is something that has been ongoing," he added.

The general continued: "And we've seen this with regards to the attack on
their satellite systems, wiper attacks that have been ongoing, disruptive
attacks against their government processes.

"This is kind of the piece that I think sometimes is missed by the public.
It isn't like they haven't been very busy, they have been incredibly busy.
And I think, you know, their resilience is perhaps the story that is most
intriguing to all of us."

Concern about Russian attacks targeting America

Asked how high the risk was of Russian attacks targeting the US, General
Nakasone said: "We remain vigilant every single day. Every single day. I
think about it all the time."

"This is why we're working with a series of partners to ensure we prevent
that, not only against the United States but against our allies as well,"
he added.

General Nakasone had delivered a keynote speech at CyCon, an international
conference on cyber conflict, hosted by NATO's Cooperative Cyber Defence
Centre of Excellence in Tallinn, and praised the partnerships between
democratic states as a key strategic benefit.

Hunt forward - a strategy developed under General Nakasone's leadership -
is a key aspect of the Cyber Command's partnerships. It is "so powerful...
because of the fact that we see our adversaries and we expose their tools".

Read more:

US, UK and EU officially blame Russia for cyber attack

Cyber Command specialists have been deployed abroad to 16 other nations
where they can seek intelligence from the allies' computer networks -
always on a consensual, invitation basis, General Nakasone said.

Crucial to how hunt forward works is Cyber Command sharing the intelligence
they find with the host nation.

"If you're an adversary, and you've just spent a lot of money on a tool,
and you're hoping to utilise it readily in a number of different
intrusions, suddenly it's outed and it's now been signatured across a broad
range of networks, and suddenly you've lost your ability to do that," the
general said.

In one such hunt forward deployment, US military hackers had been present
in Ukraine very close to the date of the invasion.

"We went in December 2021 at the invitation of the Kyiv government to come
and hunt with them. We stayed there for a period of almost 90 days," the
general said.

A spokesperson confirmed this team withdrew in February, alongside other
Department of Defence personnel, before the invasion.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20220601/57300a71/attachment.html>