WASHINGTON — With little public fanfare, U.S. Cyber Command, the military's new center for combating electronic attacks against the United States, has launched operations to deter and disrupt Russians who have been meddling with the U.S. political system.
Like other U.S. cyberwar activities, this effort against Russia is cloaked in secrecy. But it appears to involve, in part, a warning to suspected Russian hackers that echoes a menacing phrase that's a staple of many fictional crime and spy thrillers: "We know where you live."
Beginning last fall, before the midterm elections, Cyber Command began directly contacting Russians who were linked to operations, such as those with the Internet Research Agency, which allegedly helped coordinate Moscow's campaign to subvert the 2016 presidential election. The apparent aim was to put people on notice that their covers had been blown, and that their ability to work and travel freely might be affected.
U.S. officials believe that the disruption effort has frazzled some of the Russian targets and may have deterred some interference during the midterms. The operation was first reported by the New York Times Oct. 23, and additional details have emerged from public and private sources.
One unlikely public confirmation came from Yevgeny Zubarev, the director of the St. Petersburg-based Federal News Agency and one of the apparent Russian targets. Justice Department prosecutors have alleged that Zubarev's information website, known by its Russian acronym FAN, was part of the same covert-action network as the Internet Research Agency.
"The United States Cyber Command writes to me to say that what I am doing is wrong, that their job is to fight trolls," Zubarev told the Daily Beast in December. "We are defending the motherland on the information fronts." But he denied he was part of any "troll farm."
A catalogue of potential Russian operatives, who might be targets of similar Cyber Command warnings, came in an indictment unsealed in October describing how a Russian bookkeeper's role in managing a "conspiracy … to sow division and discord in the U.S. political system."
A dozen fronts for this alleged political-interference operation, including FAN, are cited in the indictment, along with 14 companies that maintained bank accounts to finance operations. Prosecutors alleged that the bookkeeper prepared "hundreds of financial vouchers, budgets and payment requests," and the indictment listed precise figures from a series of monthly budgets from February 2017 to June 2018.
This was the covert world's version of a "gotcha." The implication was that U.S. intelligence had the names, dates, web addresses and other details of anyone touched by the bookkeeper's electronic connections. Some of these operatives and contractors may have been among those pinged by Cyber Command. The message, in part, was that their ability to operate in secrete had vanished.
This tactic of outing Russian cyber operatives may have a "deterrent effect," argues Thomas Rid, a Johns Hopkins professor and author of the forthcoming book, "Active Measures: A History of Disinformation." He explained in an interview: "We know from history that when intelligence officers who have prized secrecy their entire careers are exposed, it is a punch in the gut."
Cyber Command's doctrine in more aggressively targeting Russian manipulation was outlined by Gen. Paul Nakasone, its commander, in the current issue of Joint Force Quarterly. He said that past efforts to combat adversaries who penetrated U.S. networks or Internet sites "have not worked," and that the U.S. instead needed to take the offensive and "persistently engage" these adversaries through what he called "defending forward."
Nakasone's new doctrine moves the U.S. closer to Russia's view that cyberspace is part of a continuum of warfare, which can be dialed up or down, rather than a binary on-off switch.
In combating Russian information operations last year, Cyber Command and the NSA are said to have furnished information they had obtained about Russian trolling and passed it to the FBI and Department of Homeland Security, which then warned social-media platforms and other organizations to counter the threats. Facebook, Twitter and other companies have recently announced steps to curtail foreign manipulation through fake accounts, but they've said little about how they obtained their evidence.
We've repeated so often that a new age of warfare is dawning, with cyber and other forms of high-tech conflict, that it's easy to miss the importance of this inflection point. A foreign adversary conspired to undermine the American political system. The U.S. has responded, after initial uncertainty, by taking its cyber defense into the heart of the adversary's networks of covert manipulation.
Now that the battle has been joined, the world will be living in a contested information space, indefinitely.
Ignatius is a Washington Post columnist. He can be reached via Twitter: @IgnatiusPost.