Washington (AFP)
The United States is actively responding to cyber attacks that target it but generally operates in the greatest secrecy, at the risk of appearing weakened in the face of increasingly daring intrusions from Russian or Chinese hackers.
This is why a recent tweet from the US Army 780th Brigade was noticed: This unit of cyber fighters retweeted the announcement by cybersecurity firm Recorded Future that the hackers' servers in Darkside had been taken down.
No one knows who took control of Darkside, a Russia-based organization behind the cyberattack on the U.S. oil pipeline operator Colonial Pipeline.
But this tweet from the military sent a message to hackers in an attempt to deter other similar attacks, even though analysts say deterrence does not exist in cyberspace.
“Deterrence is threatening. There can be an aspect of punishment. But who is being punished?” Said Jon Lindsay, cybersecurity expert at the University of Toronto.
"Everything is very, very dark" and it is almost impossible to identify the author of an attack with certainty, he told AFP.
The first time the general public heard of an American cyberattack was in 2010, when the Stuxnet virus - never claimed but largely attributed to Israel and the United States - crippled the fleet of centrifuges used by Tehran for the enrichment of uranium.
But since then, multiple American institutions and companies have fallen victim to Chinese hackers who stole databases and trade secrets, Russian hackers who interfered in the elections, North Korean hackers who stole bitcoins, and so on. than hackers who extorted millions of dollars from corporations, local communities or hospitals.
In the face of these attacks, the Pentagon has remained silent, giving the impression that it was doing nothing to respond.
- Sense of impunity -
This is false, recently assured General Paul Nakasone, who heads both the military intelligence agency, the NSA, and the US military command for cyberspace (Cybercom).
"When we see elements operating from overseas, we try to impose the highest possible cost on them, whether by publicly unmasking them or by sharing our information with a series of allies, or when we have it. authorization, by carrying out operations against them, "he told a congressional committee.
# photo1
But he declined to give examples of counterattacks.
"The prevailing feeling is that there is no deterrence, that a Chinese group or a Russian group can attack us with impunity", regretted the elected Michigan Elissa Slotkin, former analyst of the CIA.
"We will have to find how not to limit ourselves to acting in the shadows but to communicate to the American people that we do not remain vulnerable," she added.
Over the past two years, the US military has communicated a little more about its activities in cyberspace, albeit sparingly.
- Double-edged weapon -
In June 2019, unnamed U.S. officials claimed that a White House-ordered cyberattack disabled Iranian missile launch systems.
In January 2020, Cybercom revealed that it had "successfully" disrupted the online propaganda of the Islamic State (IS) group during a hacking operation carried out from 2016.
The main reason for the Pentagon's caution is the difficulty for a government to attribute with certainty an attack to another government or to a criminal group, Elizabeth Bodine-Baron of the Rand think tank told AFP.
Exposing Pentagon operations could have a deterrent effect, but it's a double-edged sword, she warns.
Some say that "if we never give examples of what we have entered or what we have done, no one is going to believe us," she says.
But if we are certain of the identity of the perpetrator of an attack, naming him publicly "might reveal certain things about our own abilities."
In addition, according to Jon Lindsay, the strategy in cyberspace has changed since Stuxnet.
At that time, "a cyber attack was considered a weapon of mass destruction", capable of punishing or threatening an adversary, explains the expert.
"It was a high-level covert operation, under presidential control," carried out for strategic purposes.
Today, cyberspace is a theater of combat like any other, which is no longer subject to strict control by the executive, where the watchword is "permanent combat", he adds.
Secret warfare in cyberspace is more akin to sophisticated and subtle espionage.
© 2021 AFP