US military hackers have conducted offensive operations in support of Ukraine, the head of US Cyber Command has told Sky News.
In an exclusive interview, General Paul Nakasone also explained how “hunt forward” operations were allowing the United States to search out foreign hackers and identify their tools before they were used against America.
Speaking in Tallinn, Estonia, the general, who is also director of the National Security Agency (NSA), told Sky News that he is concerned “every single day” about the risk of a Russian cyber attack targeting the US and said that the hunt forward activities were an effective way of protecting both America as well as allies.
General Nakasone confirmed for the first time that the US was conducting offensive hacking operations in support of Ukraine in response to the Russian invasion.
He told Sky News: “We’ve conducted a series of operations across the full spectrum; offensive, defensive, [and] information operations.”
The four star general did not detail the activities, but explained how they were lawful, conducted with complete civilian oversight of the military and through policy decided at the Department of Defence.
“My job is to provide a series of options to the secretary of defence and the president, and so that’s what I do,” he said. He declined to describe those options.
But he noted how in contrast to Russia, which conducts information operations by beginning with a lie, the US aims to strategically tell the truth.
“A classic example is in 2020, when we saw a series of different proxies, in this case troll farms that were starting to develop in Africa,” he said.
Cyber Command and the NSA shared this information with the FBI and also with CNN, providing “a flashlight that suddenly exposes this type of malicious behaviour”.
This strategic disclosure has been developing since 2018, General Nakasone added, and has informed the Western response to the invasion of Ukraine.
“We had an opportunity to start talking about what particularly the Russians were trying to do in our midterm elections. We saw it again in 2020, as we talked about what the Russians and Iranians were going to do, but this was on a smaller scale.
“The ability for us to share that information, being able to ensure it’s accurate and it’s timely and it’s actionable on a broader scale has been very, very powerful in this crisis,” he said.
Ukraine’s intriguing resilience
General Nakasone disagreed with commentators who suggested that the cyber aspects of the Russian assault on Ukraine had been overblown and praised the Kyiv government and defenders for their resilience.
“If you asked the Ukrainians, they wouldn’t say it’s been overblown. If you take a look at the destructive attacks and disruptive attacks that they’ve encountered – you wrote about it in terms of the attack on [satellite company] Viasat – this is something that has been ongoing,” he added.
The general continued: “And we’ve seen this with regards to the attack on their satellite systems, wiper attacks that have been ongoing, disruptive attacks against their government processes.
“This is kind of the piece that I think sometimes is missed by the public. It isn’t like they haven’t been very busy, they have been incredibly busy. And I think, you know, their resilience is perhaps the story that is most intriguing to all of us.”
Concern about Russian attacks targeting America
Asked how high the risk was of Russian attacks targeting the US, General Nakasone said: “We remain vigilant every single day. Every single day. I think about it all the time.”
“This is why we’re working with a series of partners to ensure we prevent that, not only against the United States but against our allies as well,” he added.
General Nakasone had delivered a keynote speech at CyCon, an international conference on cyber conflict, hosted by NATO’s Cooperative Cyber Defence Centre of Excellence in Tallinn, and praised the partnerships between democratic states as a key strategic benefit.
Hunt forward – a strategy developed under General Nakasone’s leadership – is a key aspect of the Cyber Command’s partnerships. It is “so powerful… because of the fact that we see our adversaries and we expose their tools”.
US, UK and EU officially blame Russia for cyber attack
Cyber Command specialists have been deployed abroad to 16 other nations where they can seek intelligence from the allies’ computer networks – always on a consensual, invitation basis, General Nakasone said.
Crucial to how hunt forward works is Cyber Command sharing the intelligence they find with the host nation.
“If you’re an adversary, and you’ve just spent a lot of money on a tool, and you’re hoping to utilise it readily in a number of different intrusions, suddenly it’s outed and it’s now been signatured across a broad range of networks, and suddenly you’ve lost your ability to do that,” the general said.
In one such hunt forward deployment, US military hackers had been present in Ukraine very close to the date of the invasion.
“We went in December 2021 at the invitation of the Kyiv government to come and hunt with them. We stayed there for a period of almost 90 days,” the general said.
A spokesperson confirmed this team withdrew in February, alongside other Department of Defence personnel, before the invasion.
Sky News will publish a full feature from our exclusive interview in the coming days.