with Tonya Riley


Cyber Command had to overcome intense hurdles within the U.S. government to launch the first hacking operation it ever acknowledged: Sabotaging the Islamic State's online propaganda. 

That's according to a trove of declassified but heavily redacted government documents released this morning, which George Washington University’s National Security Archive obtained through a Freedom of Information Act request. They paint the most vivid portrait to date of the complex challenges facing U.S. military hackers as they develop rules for a new domain of warfare. 

They detail objections from other government agencies that worried the hacks, which began in 2016, could damage intelligence operations as well as interagency squabbling over whether to notify other nations when Cybercom hacked ISIS computer files stored within their borders.

The documents also likely hold lessons for today as Cybercom hackers seek to counter Russian disinformation in the run-up to the 2020 election — a project Cybercom Chief Gen. Paul Nakasone says is being directly informed by counter-ISIS hacking operations. 

“This was U.S. Cybercom’s first cyberwar,” Michael Martelle, a National Security Archive cybersecurity fellow who led the effort to obtain the documents, told me. “This was the largest-scale operation and the most complex… We can draw a straight line from the counter-ISIL cyber mission to how U.S. Cybercom and the NSA are looking to counter Russia today.”

One big takeaway from the six documents, which include internal assessments of the effort known as Operation Glowing Symphony after 30 and 120 days, is that Cybercom’s ability to penetrate enemy computer networks has outpaced its ability to manage the immensely complex and bureaucratic process. 

Cybercom dedicated a significant amount of time making sure its hacking fit neatly into broader U.S. government and military goals, Martelle told me. For example, the documents show Cybercom struggling with how to hit targets quickly while still ensuring its hacking operations aren’t unnecessarily jeopardizing the work of U.S. spy agencies gathering intelligence about ISIS and not unnecessarily stepping on allies’ toes. 

“This is the first kind of coordination at [this] scale,” Martelle said. “You can read about how they're looking forward to these processes being matured [but] they knew that their processes were immature and untested at this point.” 

And a heavily redacted portion of the documents seems to suggest another U.S. adversary — such as Russia or Iran — might have been camping out on ISIS computer networks to spy on U.S. operations there and steal U.S. hacking tools or gain intelligence that might be useful in fighting U.S. forces in cyberspace. 

“I think the takeaway here is…it wasn't just the U.S. coalition versus ISIS here,” Martelle told me. “Lots of other people were interested in what was going on.” 

Some of the documents cover information that’s already public. My colleague Ellen Nakashima reported back in 2017, for example, about agency infighting over whether to alert allies about the digital strikes against ISIS. 

This is the first time, however, that the public has seen Cybercom’s own candid assessments about the strikes, which it said effectively delayed and degraded ISIS propaganda efforts by “impos[ing] time and resource costs." 

Martelle sees Cybercom's move to fulfill the FOIA request — when the government is often reticent to share information about its secretive cyberwarfare — as significant. He reads it as a sign that Cybercom, which is only about a decade old, wants to engage in a broader public discussion about the role hacking should play in future military conflicts. 

“The fact that they're responsive to this Freedom of Information Act request and declassifying this stuff is truly notable…This is a pretty huge moment in U.S. cyber history,” he said. “I do get the sense that this is a conscious decision. They’re willing to be a little more open, willing to empower the policy research community.”


PINGED: A slight majority of Americans believe President Trump has personally encouraged election interference by U.S. adversaries, a new poll from NPR, PBS NewsHour and Marist finds. That finding from 51 percent of Americans reflects an overall skepticism that the 2020 election will be secure against hackers just weeks before the nation's first primaries and caucuses, NPR's Brett Neely reports.

The poll also found that 41 percent of Americans believe the United States is not very prepared or not prepared at all to keep the November election safe. Four in 10 people expressed concern that foreign powers would tamper with votes to change election results, despite no evidence that Russia changed any votes in 2016. 

Lee Miringoff, director of the Marist College Institute for Public Opinion, which conducted the poll, called the results “a troublesome sign about this keystone of our democracy.”

There's also a strong partisan divide in how voters see election security: Two-thirds of Democrats think the country isn't prepared to secure the 2020 election, while 85 percent of Republicans think it is prepared.

Americans are also highly concerned about disinformation on social media. A staggering 82 percent of surveyed Americans said they expect to read misleading information about the election on social media, with a similar percentage expecting foreign countries to be behind spreading disinformation. Three-quarters of respondents are not confident tech companies will prevent misuse of their platforms during the election, a 9-point increase from a 2018 survey.

PATCHED: The European Union will not explicitly ban any companies in its guidelines for supplying 5G network equipment coming later this month in a significant victory for the controversial Chinese telecom Huawei, Helene Foquet and Natalia Drozdiak at Bloomberg News report

The recommendations come as China has threatened the E.U. with trade consequences if it blocks Huawei while the United States has threatened to revoke intelligence sharing from European allies if it doesn't. European Digital Commissioner Thierry Breton told reporters yesterday the guidelines will be “naturally strict and vigilant.” 

The E.U. can’t force member nations to abide by its 5G recommendations, but most nations have generally followed them. 

Huawei chief Ren Zhengfei, meanwhile, said his company is prepared for any further U.S. "attacks," during an appearance at the World Economic Forum in Davos, Switzerland Tuesday but said he believes the U.S.-Huawei spat won’t produce a complete bifurcation of Chinese and Western technology. 

"Whether [the] world will be split in two systems, I don’t think so," Ren said, according to Axios. "Science is about truth. There is only one truth. It is unique."

In Germany, Chancellor Angela Merkel has asked lawmakers to delay a decision on Huawei until after a March E.U. summit, Andreas Rinke at Reuters reports. So far Poland is the only E.U. member to ban Huawei from its 5G networks at the urging of U.S. officials who claim the company could assist Chinese spying. Huawei has steadfastly denied playing any role in Chinese espionage.

PWNED: Scammers are capitalizing on a spate of reports about hacked Internet-connected cameras to extort victims by claiming they have illicit recordings of them, Kate Fazzini at CNBC reports. The number of “sextortion” scams mentioning Google Nest and Amazon Ring topped 1,600 between Jan. 2 and Jan. 3, researchers at Mimecast found. (Amazon CEO Jeff Bezos owns The Washington Post.)

The scam is related to a broader category of digital crime called sextortion in which criminals try to convince victims they have illicit photos or videos of them and demand a ransom in exchange for not releasing the material. In the majority of cases, the hackers are bluffing, and don't actually have embarrassing materials though, in some cases, they do. In this version, criminals send victims generic-looking surveillance footage to convince them they have access to their cameras — even though they don’t. 


— Democratic Party officials in Iowa are training staffers to combat disinformation operations ahead of next month's caucus, my colleague Isaac Stanley-Becker reports. Caucuses are less vulnerable to traditional hacking than regular elections because there are no voting machines to hack. But they can be highly vulnerable to rumors and disinformation.

In 2016, Russian operatives preyed on that vulnerability by using social media to spread rumors that Hillary Clinton had committed voter fraud, according to a federal indictment of multiple Russians filed in 2018. Now, Iowans want to prevent a repeat in 2020. 

Both Democratic and Republican Party leaders in Iowa brought in Harvard's Defending Digital Democracy Project to conduct a simulation of caucus night in November. They also developed plans to address hypothetical scenarios, such as malicious tweets advertising the wrong caucus time or reports that apps that convey caucus results had malfunctioned. The contingency plans involved bringing in the Department of Homeland Security and contacting executives at Twitter. 

Iowa Democrats also worry President Trump may amplify erroneous rumors online and contribute to doubts about the caucus results, they tell Isaac.

“Disinformation is something new we saw last election cycle, but people didn’t know it was happening at the time,” said Troy Price, the chairman of the Iowa Democratic Party. “Here, we know it’s going on, and we’ve had time to prepare for it.”

— More cybersecurity news from the public sector:


— Cybersecurity news from the private sector:


— Cybersecurity news from abroad:


Coming up:

  • The Senate Commerce Committee will host a hearing on “the 5G Workforce and Obstacles to Broadband Deployment” at 10 a.m. on Wednesday.
  • RSA Conference 2020 is scheduled for February 24-28 in San Francisco.


In queso emergency: