US ran offensive cyber ops to support Ukraine, says general

Public acknowledgement 'unusual', one cybersec exec tells us


America's military conducted offensive cyber operations to support Ukraine in its response to Russia's illegal invasion, US Cyber Command chief General Paul Nakasone has said.

"We've conducted a series of operations across the full spectrum; offensive, defensive, [and] information operations," General Nakasone told Sky News in an interview that aired Wednesday.

Nakasone, who also serves as director of the NSA, didn't provide specific details about the offensive operations, though he said they were lawful and complied with US policy.

"My job is to provide a series of options to the secretary of defense and the President, and so that's what I do," he said. 

White House press spokesperson Karine Jean-Pierre doubled down on the message, saying: "We don't negotiate our security assistance packages to Ukraine. We are doing exactly what the President said he would do ... to provide security assistance that is above and beyond."

Tom Kellermann, head of cybersecurity strategy at VMware, called the move "historic."

"Since 2013, the Russians have waged an insurgency in American cyberspace and our retaliation and disruption has been muted," Kellermann, who is also a global fellow for cyber policy at the Wilson Center, told The Register

"The paradigm has changed as Russia must play defense now," he continued. "The US brings to bear the formidable capabilities of Cyber Command against rogue nation states. Cyberspace is a new domain for warfare."

Tenable CEO Amit Yoran added: "That the US has engaged in offensive cyber operations should be of no surprise to anyone. There are very few countries around the globe today who do not use such measures. The fact that these operations are acknowledged in a public way is unusual."

Last month, the US and the European Union officially blamed Russia for a series of a destructive data-wiping malware infections in Ukrainian government and private-sector networks that began in January, and continued after Russian troops invaded Ukraine the following month.

At the time, the governments also said they would "take steps" to defend against and respond to Kremlin-orchestrated attacks.

And while President Joe Biden has indicated the US would respond with kinetic force to a major cyberattack against the West, General Nakasone's comments are the first confirmation of US-sanctioned hacking against Russia. 

Nakasone did, in May, reveal that US Cyber Command conducted nine "hunt forward" operations last year, sending teams to different countries including Ukraine to help them improve their defensive security posture and hunt for cyberthreats. 

These missions provide "security for our nation in cyberspace," Nakasone said during a Summit on Modern Conflict and Emerging Threats at Vanderbilt University. "It provides an inoculation of these threats, and it provides a partnership with a nation that has asked us for assistance."

In fact, the agency's first hunt-forward exercise sent a Cyber Command team to Ukraine in 2018 with the goal to "understand what our adversaries are doing, being able to capture that and then being able to share it," Nakasone said. That adversary, although he didn't name names, is presumably Russia.

When asked by Sky News journalist Alex Martin, formerly of this parish, about the risk of Russian attacks targeting the US, General Nakasone said: "We remain vigilant every single day. Every single day. I think about it all the time." ®


Other stories you might like

  • Cisco warns of security holes in its security appliances
    Bugs potentially useful for rogue insiders, admin account hijackers

    Cisco has alerted customers to another four vulnerabilities in its products, including a high-severity flaw in its email and web security appliances. 

    The networking giant has issued a patch for that bug, tracked as CVE-2022-20664. The flaw is present in the web management interface of Cisco's Secure Email and Web Manager and Email Security Appliance in both the virtual and hardware appliances. Some earlier versions of both products, we note, have reached end of life, and so the manufacturer won't release fixes; it instead told customers to migrate to a newer version and dump the old.

    This bug received a 7.7 out of 10 CVSS severity score, and Cisco noted that its security team is not aware of any in-the-wild exploitation, so far. That said, given the speed of reverse engineering, that day is likely to come. 

    Continue reading
  • Never fear, the White House is here to tackle web trolls
    'No one should have to endure abuse just because they are attempting to participate in society'

    A US task force aims to prevent online harassment and abuse, with a specific focus on protecting women, girls and LGBTQI+ individuals.

    In the next 180 days, the White House Task Force to Address Online Harassment and Abuse will, among other things, draft a blueprint on a "whole-of-government approach" to stopping "technology-facilitated, gender-based violence." 

    A year after submitting the blueprint, the group will provide additional recommendations that federal and state agencies, service providers, technology companies, schools and other organisations should take to prevent online harassment, which VP Kamala Harris noted often spills over into physical violence, including self-harm and suicide for victims of cyberstalking as well mass shootings.

    Continue reading
  • International operation takes down Russian RSOCKS botnet
    $200 a day buys you 90,000 victims

    A Russian operated botnet known as RSOCKS has been shut down by the US Department of Justice acting with law enforcement partners in Germany, the Netherlands and the UK. It is believed to have compromised millions of computers and other devices around the globe.

    The RSOCKS botnet functioned as an IP proxy service, but instead of offering legitimate IP addresses leased from internet service providers, it was providing criminals with access to the IP addresses of devices that had been compromised by malware, according to a statement from the US Attorney’s Office in the Southern District of California.

    It seems that RSOCKS initially targeted a variety of Internet of Things (IoT) devices, such as industrial control systems, routers, audio/video streaming devices and various internet connected appliances, before expanding into other endpoints such as Android devices and computer systems.

    Continue reading

Biting the hand that feeds IT © 1998–2022