On July 8, Michael Schmitt, a law professor and former judge advocate in the US Air Force, posted a perplexing tweet about changing his mind on the “status of cyber capabilities as ‘weapons.’” He followed it up with the link to a recent paper he coauthored for the International Law Studies journal of the US Naval War College.
GRU being ingenious. Utilizing an informant in the US to infiltrate the conservative natsec community & plant disinfo on, well, cyber-enabled disinfo ops. Creating a highly blended environment for informational-psychological effects. Reflexive Control redux unlike anything! https://t.co/GPGc7PuXv5
“Almost all disinformation operations are imperfect by design, run not by perfectionists, but pragmatists.”
— Thomas Rid in Active Measures: The Secret History of Disinformation and Political Warfare
As Thomas Rid quips in his book Active Measures, cyber-enabled information operations are more active but less measured. So, it is rare to see the instance of an old-school disinformation operation that seems to have served its purpose quite effectively.
Active Measures, in the general sense of the term, are rarely this successful, so the operation I am going to discuss certainly stands out.
In March 2020, Booz Allen Hamilton released a fascinating dossier analysing the cyber operations of GRU, the Russian military intelligence agency, spanning 15 years. The dossier ran the traditional cyber threat intelligence (CTI) tradecraft through an impressive analytic process, thus credibly gluing the cyber operations of GRU to the doctrinal framework and geopolitical imperatives of the Russian state.
I am having some strange epiphanies as I go knee-deep into SIEM engineering. While the MSSPs have existed in all flavors and sizes, there seems to be a broad consensus that they simply can’t mimic the capabilities of an in-house security operations function – especially when it comes to gaining context, visibility and speed.