American officials have long said publicly that Russia, China and other nations have probed and left hidden malware on parts of U.S critical infrastructure, “preparing the battlefield,” in military parlance, for cyber attacks that could turn out the lights or turn off the internet across major cities.
It’s been widely assumed that the U.S. has done the same thing to its adversaries. The documents reviewed by NBC News — along with remarks by a senior U.S. intelligence official — confirm that, in the case of Russia.
U.S. officials continue to express concern that Russia will use its cyber capabilities to try to disrupt next week’s presidential election. U.S. intelligence officials do not expect Russia to attack critical infrastructure — which many believe would be an act of war — but they do anticipate so-called cyber mischief, including the possible release of fake documents and the proliferation of bogus social media accounts designed to spread misinformation.
On Friday the hacker known as “Guccifer 2.0” — which U.S. officials say is a front for Russian intelligence — tweeted a threat to monitor the U.S. elections “from inside the system.”
As NBC News reported Thursday, the U.S. government is marshaling resources to combat the threat in a way that is without precedent for a presidential election.
The cyber weapons would only be deployed in the unlikely event the U.S. was attacked in a significant way, officials say.
U.S. military officials often say in general terms that the U.S. possesses the world’s most advanced cyber capabilities, but they will not discuss details of highly classified cyber weapons.
James Lewis, a cyber expert at the Center for Strategic and International Studies, says that U.S. hacks into the computer infrastructure of adversary nations such as China, Russia, Iran and North Korea — something he says he presumes has gone on for years — is akin to the kind of military scouting that is as old as human conflict.
“This is just the cyber version of that,” he said.
In 2014, National Security Agency chief Adm. Mike Rogers told Congress that U.S. adversaries are performing electronic “reconnaissance” on a regular basis so that they can be in a position to disrupt the industrial control systems that run everything from chemical facilities to water treatment plants.
“All of that leads me to believe it is only a matter of when, not if, we are going to see something dramatic,” he said at the time.
Rogers didn’t discuss the U.S.’s own penetration of adversary networks. But the hacking undertaken by the NSA, which regularly penetrates foreign networks to gather intelligence, is very similar to the hacking needed to plant precursors for cyber weapons, said Gary Brown, a retired colonel and former legal adviser to U.S. Cyber Command, the military’s digital war fighting arm.
“You’d gain access to a network, you’d establish your presence on the network and then you’re poised to do what you would like to do with the network,” he told NBC News. “Most of the time you might use that to collect information, but that same access could be used for more aggressive activities too.”
Brown and others have noted that the Obama administration has been extremely reluctant to take action in cyberspace, even in the face of what it says is a series of Russian hacks and leaks designed to manipulate the U.S. presidential election.
Administration officials did, however, deliver a back channel warning to Russian against any attempt to influence next week’s vote, officials told NBC News.
The senior U.S. intelligence official said that, if Russia initiated a significant cyber attack against critical infrastructure, the U.S. could take action to shut down some Russian systems — a sort of active defense.
Retired Adm. James Stavridis, who served as NATO commander of Europe, told NBC News’ Cynthia McFadden that the U.S. is well equipped to respond to any cyber attack.
“I think there’s three things we should do if we see a significant cyber-attack,” he said. “The first obviously is defending against it. The second is reveal: We should be publicizing what has happened so that any of this kind of cyber trickery can be unmasked. And thirdly, we should respond. Our response should be proportional.”
The U.S. use of cyber attacks in the military context — or for covert action — is not without precedent.
During the 2003 Iraq invasion, U.S spies penetrated Iraqi networks and sent tailored messages to Iraqi generals, urging them to surrender, and temporarily cut electronic power in Baghdad.
In 2009 and 2010, the U.S., working with Israel, is believed to have helped deploy what became known as Stuxnet, a cyber weapon designed to destroy Iranian nuclear centrifuges.
Today, U.S. Cyber Command is engaged in cyber operations against the Islamic State, including using social media to expose the location of militants and sending spoof orders to sow confusion, current and former officials tell NBC News.
One problem, officials say, is that the doctrine around cyber conflict — what is espionage, what is theft, what is war — is not well developed.
“Cyber war is undefined,” Brown said. “There are norms of behavior that we try to encourage, but people violate those.”