Cyber Command's TrickBot Disruption Efforts are "Precedent-Setting"
US Cyber Command's efforts to disrupt the TrickBot botnet mark "the first public, obvious operation to stop someone's cyber capability before it could be used against us to cause even greater harm," according to Columbia University cyber conflict researcher Jason Healey. Cyber Command severed communication between infected machines and the botnet's command-and-control servers, and it injected nonsense data into the information TrickBot stole. While the efforts did not cause serious damage to the botnet, the action Cyber Command took "shows the growing reach of US military hackers."
This is a "tip of the iceberg" story. Paul Nakasone, and the extraordinarily capable leadership team he assembled, created a new NSA that is making a quiet but powerful difference on both the defensive and offensive side of cybersecurity. Both directly and through partnerships with DHS and other organizations, this is the NSA and Cyber Command we always hoped would emerge. Garrett Graff published an insightful review of Gen. Nakasone and his accomplishments in Wired on Monday: https://www.wired.com/story/general-paul-nakasone-cyber-command-nsa/: The Man Who Speaks Softly--and Commands a Big Cyber Army
Beyond demonstrating the capability of US Cyber Command, this also reveals the recovery capabilities of the TrickBot botnet which will help with the eventual takedown. TrickBot uses Tor to obfuscate C&C servers as well as EmerDNS to register backup servers for fail-over. While it's not clear if a military response was appropriate, statements by Microsoft (www.nytimes.com/2020/10/12/us/politics/election-hacking-microsoft.html: Microsoft Takes Down a Risk to the Election, and Finds the U.S. Doing the Same) and Cyber Command (https://www.washingtonpost.com/national-security/cyber-command-trickbot-disrupt/2020/10/09/19587aae-0a32-11eb-a166-dc429b380d10_story.html: Cyber Command has sought to disrupt the world's largest botnet, hoping to reduce its potential impact on the election) support the actions to include election security concerns.