Show an ad over header. AMP

Botnet disruption shows aggressive U.S. cyber posture

A U.S. military-led cyber strike aimed at hobbling the world’s largest botnet is the latest escalation of the Trump administration's increasingly aggressive cyber policy.

Why it matters: Going more on the offensive in cyberspace can mean more chances to preempt state-backed or criminal cyber operations before they can harm Americans. But it also raises concerns about America's cyber warriors overstepping their authority and trampling on people's privacy.


What's happening: The military's Cyber Command recently disrupted the TrickBot botnet, per the Washington Post and CyberScoop News.

  • U.S. officials were concerned the botnet, which has generally been used in ransomware schemes, would be deployed to snarl up computer systems tied to U.S. elections.
  • Cyber Command reportedly doesn't expect the move to permanently take the network offline, but it hopes its action will be enough to degrade the TrickBot-linked syndicate's capabilities until after the election.

The big picture: In general, the Trump administration has been willing to launch much more aggressive cyber operations than its predecessor, including on botnet takedowns, says a former senior intelligence official.

  • The Obama administration discussed stripping botnet-planted malware out of victims' computers, recalls this official, in an operation that could have also swept up U.S.-based devices.
  • But the operation never happened because officials believed if it went awry, the U.S. government would be deemed responsible for covertly damaging infected computers.
  • "The chance of a negative incident was so small, so small — minute," recalls the official. "But it was enough for them to not do it."

This changed with the Trump administration, whose "risk tolerance is higher," this person says. "They’re willing to take the risk of upsetting other countries."

The intrigue: The blow to TrickBot reflects that growing assertiveness, which has emerged under cyber commander Paul Nakasone and his doctrine of "persistent engagement" — the idea that U.S. cyber spies should deal blows against adversaries instead of merely playing defense.

The catch: As experts have noted, Cyber Command’s actions raise serious questions about the scope of its powers.

  • The Pentagon’s cyber operators have targeted malicious nation-state actors and even terrorists like ISIS, but this is the first documented case of them executing an operation against a cyber criminal group.
  • It's unclear what authority the U.S. military has to do so, particularly absent a demonstrable contemporary connection between the TrickBot syndicate and the Russian government, or any other state actor.

Privacy concerns have also been raised.

  • In addition to padding the TrickBot network’s records with fake data, Cyber Command’s operation involved pushing out a phony update to infected computers, including in the U.S., cutting them off from the cyber criminals' control.
  • That means Cyber Command forcibly altered the functioning of U.S.-based computers, unbeknownst to their users.
  • Of course, this was done for benign reasons. But it still leaves open the question of whether the government, by forcing its way into Americans' computers, violated the Fourth Amendment.

Meanwhile: Private actors are also moving against the group behind TrickBot.

  • In a related action, Microsoft, leading a coalition of private cybersecurity firms, got the go-ahead from a U.S. federal court to start disabling the syndicate's access to servers critical to TrickBot infrastructure, the company announced Monday.
  • Yes, but: Like Cyber Command, the Microsoft-led coalition believes its action won't keep the cybercriminals from eventually rebuilding TrickBot.

Context: There are more than 1 million computers and other Internet of Things devices hijacked by the TrickBot network, which has been active since 2016.

  • In September, TrickBot operators used the network to launch a major ransomware attack against United Healthcare Services, a large U.S.- and U.K.-based health care company.

The bottom line: The Cyber Command and Microsoft-led actions should forestall similar attacks, at least for a little while. The broader debates around appropriate cyber policy will long outlive TrickBot’s period of darkness.

Fauci says if people won't wear masks, maybe it should be mandated

NIAID director Anthony Fauci told CNN on Friday evening that if "people are not wearing masks, then maybe we should be mandating it."

Why it matters: Fauci made the comments the same day the U.S. hit its highest daily COVID-19 case count since the pandemic began.

Keep reading... Show less

Harris to Black voters: Casting a ballot is about honoring your ancestors

Sen. Kamala Harris appealed to Black voters in Georgia on Friday, urging them to "honor the ancestors" by casting ballots, and again calling President Trump a "racist."

Why it matters: The U.S. saw a significant decline in African-American voter turnout between 2012 and 2016, reaching its lowest point since 2000. Higher turnout among Black Americans this year could tip the balance in favor of Democrats in key battleground states, including Georgia.

Keep reading... Show less

U.S. hits highest daily COVID-19 case count since pandemic began

The U.S. confirmed at least 83,010 coronavirus cases on Friday, the country's highest daily total since the pandemic started, according to data from COVID tracking project.

By the numbers: Friday's total surpassed the previous daily case record set on July 17 when 76,842 cases were recorded.

Keep reading... Show less

Fauci: Trump hasn't been to a COVID task force meeting in months

President Trump has not attended a White House coronavirus task force meeting in “several months,” NIAID director Anthony Fauci told MSNBC on Friday.

Why it matters: At the beginning of the pandemic, the task force, led by Vice President Mike Pence, met every day, but in the "last several weeks," members have held virtual meetings once a week, Fauci said, even as the number of new cases continues to surge in the country.

Keep reading... Show less

Universal mask use could save 130,000 lives in U.S.

Nearly 130,000 fewer people will die of COVID-19 this winter if 95% of Americans wear face masks in public, according to research published Friday.

Why it matters: “Increasing mask use is one of the best strategies that we have right now to delay the imposition of social distancing mandates," Dr. Christopher Murray of the University of Washington told the N.Y. Times.

Keep reading... Show less

Israel and Sudan begin normalization process after call with Trump

Sudan and Israel announced today that they will “end the state of belligerence” between them and start the process of normalizing ties.

Driving the news: The announcement came after a phone call hosted by President Trump with Israeli Prime Minister Benjamin Netanyahu, Sudanese Prime Minister Abdalla Hamdok, and the head of Sudan's governing council, Gen. Abdel Fattah al-Burhan.

Keep reading... Show less

We're all guinea pigs for Tesla's latest self-driving tech

Tesla is beta-testing its latest self-driving technology with a small group of early adopters, a move that alarms experts and makes every road user — including other motorists, pedestrians and cyclists — unwitting subjects in its ongoing safety experiment.

Why it matters: Tesla hailed the limited rollout of its "full self-driving" beta software as a key milestone, but the warnings on the car's touchscreen underscore the risk in using its own customers — rather than trained safety drivers — to validate the technology.

Keep reading... Show less

Trump removes Sudan from state sponsors of terrorism list

President Trump signed Friday an order to remove Sudan from the State Department’s state sponsors of terrorism list, senior U.S. officials tell me.

Why it matters: Trump’s signature paves the way for the U.S. and Sudan to move forward on a larger deal — which will also include a Sudanese announcement on normalizing its relations with Israel.

Keep reading... Show less

Insights

mail-copy

Get Goodhumans in your inbox

Most Read

More Stories