To believe the The Washington Post, the US Cyber Command in recent days it has been engaged in a preventive operation aimed at the botnet Trickbot. The operation was intended to complicate the life of the managers of one of the largest botnets in the world (probably more than two million infected PCs). Trickbot it is used to conduct ransomware campaigns but also to spread fake news in order to influence voters.
The desired effect has precisely to do with the American presidential elections that will take place a few weeks from now. Also according to the article, the operation is a consequence of the new military doctrine of the commander of the US Cyber Command (as well as director of the NSA) Paul Nakasone (photo): "Persistent engagement".
The first to report what was happening to the botnet Trickbot was Brian Krebs on his site, KrebsonSecurity, who explained how, at the end of September, it was injected into the C2 chain of Trickbot a configuration file designed to block, at least temporarily, the botnet. About ten days later the same thing happened, suggesting that it was a planned activity and not a mistake.
According to the company threat intelligence Intel 471, in the second attack against the botnet incorrect data was entered in order to delay recovery operations.
Why bothering to "annoy" the activities of a botnet reveals the The Washington Post an anonymous of US Cyber Command, as we said.
It is mainly about disrupting the disinformation operations conducted through the botnet, aimed at influencing the US presidential election.
I think it is interesting to put this news into a system with what is happening on the diplomatic level in the cyber field.
An interesting article appeared in the New York Times on September 25 stating that the Russian president, Vladimir Putin, would have asked the US to stipulate a truce in cyberspace. Of course, Putin did not admit that he was responsible for influencing activities conducted in previous elections.
President Putin's message is in four points, simple and straightforward:
1 ° - Restore an all-encompassing, high-level, inter-agency bilateral dialogue on the key issue of ensuring Information Security on an international scale;
2 ° - To maintain communication channels that are always open between the competent agencies (USA and Russia) through the "Nuclear Risk Reduction Centers", the "Computer Emergency Responsible Teams" and high-level officers on issues relating to the bodies involved in ensuring safety national, including information.
3 ° - To develop and to jointly conclude a bilateral intergovernmental agreement on the prevention of accidents in the information space similar to the one for the prevention of accidents on the high seas of 25 May 1972.
4 ° - To exchange, according to an acceptable format, guarantees of non-intervention in internal affairs, including electoral processes, by means of ICT tools and high-tech.
This statement opens up two scenarios:
- in the first, Russia puts Cyber capabilities on the same level as nuclear ones and proposes to study some system to reduce their use in the future;
- in the second scenario, Russia uses this proposal as a continuation of its operations of influence, trying to split Western public opinion with a proposal for "cyber peace" which will undoubtedly have many followers and as many opponents!
To learn more:
- https://krebsonsecurity.com/2020/10/attacks-aimed-at-disrupting-the-tric...
- https://public.intel471.com/
- https://www.washingtonpost.com/national-security/cyber-command-trickbot-...
- https://www.nytimes.com/2020/09/25/world/europe/russia-cyber-security-me...
- http://en.kremlin.ru/events/president/news/64086
Photo: US Cyber Command / web
