For more than two years, general Paul Nakasone has promised that under his leadership, United States Cyber Command would "defend forward," finding adversaries and preemptively disrupting their operations. Now that offensive strategy has taken an unexpected form: An operation designed to disable or take down Trickbot, the world's largest botnet, believed to be controlled by Russian cybercriminals. In doing so, Cyber Command set a new, very public, and potentially messy precedent for how US hackers will strike out against foreign actors—even those working as non-state criminals.
Over the past weeks, Cyber Command has carried out a campaign to disrupt the Trickbot gang's million-plus collection of computers hijacked with malware. It hacked the botnet's command-and-control servers to cut infected machines off from Trickbot's owners, and even injected junk data into the collection of passwords and financial details that the hackers had stolen from victim machines in an attempt to render the information useless. The operations were first reported by the Washington Post and KrebsOnSecurity. By most measures, those tactics—as well as a subsequent effort to disrupt Trickbot by private companies including Microsoft, ESET, Symantec, and Lumen Technologies—have had little effect on Trickbot's long-term operations. Security researchers say the botnet, which hackers have used to plant ransomware in countless victim networks including hospitals and medical research facilities, has already recovered.
But even despite its limited results, Cyber Command's Trickbot targeting shows the growing reach of US military hackers, say cyberpolicy observers and former officials. And it repres ..