Sign up for our daily briefing

Make your busy days simpler with Axios AM/PM. Catch up on what's new and why it matters in just 5 minutes.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Denver news in your inbox

Catch up on the most important stories affecting your hometown with Axios Denver

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Des Moines news in your inbox

Catch up on the most important stories affecting your hometown with Axios Des Moines

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Minneapolis-St. Paul news in your inbox

Catch up on the most important stories affecting your hometown with Axios Twin Cities

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Tampa Bay news in your inbox

Catch up on the most important stories affecting your hometown with Axios Tampa Bay

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Charlotte news in your inbox

Catch up on the most important stories affecting your hometown with Axios Charlotte

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Illustration: Sarah Grillo/Axios

A U.S. military-led cyber strike aimed at hobbling the world’s largest botnet is the latest escalation of the Trump administration's increasingly aggressive cyber policy.

Why it matters: Going more on the offensive in cyberspace can mean more chances to preempt state-backed or criminal cyber operations before they can harm Americans. But it also raises concerns about America's cyber warriors overstepping their authority and trampling on people's privacy.

What's happening: The military's Cyber Command recently disrupted the TrickBot botnet, per the Washington Post and CyberScoop News.

  • U.S. officials were concerned the botnet, which has generally been used in ransomware schemes, would be deployed to snarl up computer systems tied to U.S. elections.
  • Cyber Command reportedly doesn't expect the move to permanently take the network offline, but it hopes its action will be enough to degrade the TrickBot-linked syndicate's capabilities until after the election.

The big picture: In general, the Trump administration has been willing to launch much more aggressive cyber operations than its predecessor, including on botnet takedowns, says a former senior intelligence official.

  • The Obama administration discussed stripping botnet-planted malware out of victims' computers, recalls this official, in an operation that could have also swept up U.S.-based devices.
  • But the operation never happened because officials believed if it went awry, the U.S. government would be deemed responsible for covertly damaging infected computers.
  • "The chance of a negative incident was so small, so small — minute," recalls the official. "But it was enough for them to not do it."

This changed with the Trump administration, whose "risk tolerance is higher," this person says. "They’re willing to take the risk of upsetting other countries."

The intrigue: The blow to TrickBot reflects that growing assertiveness, which has emerged under cyber commander Paul Nakasone and his doctrine of "persistent engagement" — the idea that U.S. cyber spies should deal blows against adversaries instead of merely playing defense.

The catch: As experts have noted, Cyber Command’s actions raise serious questions about the scope of its powers.

  • The Pentagon’s cyber operators have targeted malicious nation-state actors and even terrorists like ISIS, but this is the first documented case of them executing an operation against a cyber criminal group.
  • It's unclear what authority the U.S. military has to do so, particularly absent a demonstrable contemporary connection between the TrickBot syndicate and the Russian government, or any other state actor.

Privacy concerns have also been raised.

  • In addition to padding the TrickBot network’s records with fake data, Cyber Command’s operation involved pushing out a phony update to infected computers, including in the U.S., cutting them off from the cyber criminals' control.
  • That means Cyber Command forcibly altered the functioning of U.S.-based computers, unbeknownst to their users.
  • Of course, this was done for benign reasons. But it still leaves open the question of whether the government, by forcing its way into Americans' computers, violated the Fourth Amendment.

Meanwhile: Private actors are also moving against the group behind TrickBot.

  • In a related action, Microsoft, leading a coalition of private cybersecurity firms, got the go-ahead from a U.S. federal court to start disabling the syndicate's access to servers critical to TrickBot infrastructure, the company announced Monday.
  • Yes, but: Like Cyber Command, the Microsoft-led coalition believes its action won't keep the cybercriminals from eventually rebuilding TrickBot.

Context: There are more than 1 million computers and other Internet of Things devices hijacked by the TrickBot network, which has been active since 2016.

  • In September, TrickBot operators used the network to launch a major ransomware attack against United Healthcare Services, a large U.S.- and U.K.-based health care company.

The bottom line: The Cyber Command and Microsoft-led actions should forestall similar attacks, at least for a little while. The broader debates around appropriate cyber policy will long outlive TrickBot’s period of darkness.

Go deeper

Felix Salmon, author of Capital
Jan 8, 2021 - Politics & Policy

America in danger

Illustration: Eniola Odetunde/Axios

Americans, who are used to being winners, now look around and see a country that can't secure its own seat of government... that struggles to distribute a vaccine... that was cyber-looted by Russia... that was half a year late with a stimulus plan both sides wanted... that can't even orchestrate a peaceful transition of power.

Why it matters: This is weakness, not strength. The democracy that President-elect Biden will take over is tattered, archaic, precarious.

Mike Allen, author of AM
2 hours ago - Politics & Policy

Biden's "overwhelming force" doctrine

President-elect Biden arrives to introduce his science team in Wilmington yesterday. Photo: Kevin Lamarque/Reuters

President-elect Biden has ordered up a shock-and-awe campaign for his first days in office to signal, as dramatically as possible, the radical shift coming to America and global affairs, his advisers tell us. 

The plan, Part 1 ... Biden, as detailed in a "First Ten Days" memo from incoming chief of staff Ron Klain, plans to unleash executive orders, federal powers and speeches to shift to a stark, national plan for "100 million shots" in three months.

Off the Rails

Episode 2: Barbarians at the Oval

Photo illustration: Sarah Grillo/Axios. Photo: Jim Watson/AFP/Getty Images

Beginning on election night 2020 and continuing through his final days in office, Donald Trump unraveled and dragged America with him, to the point that his followers sacked the U.S. Capitol with two weeks left in his term. This Axios series takes you inside the collapse of a president.

Episode 2: Trump stops buying what his professional staff are telling him, and increasingly turns to radical voices telling him what he wants to hear. Read episode 1.

President Trump plunked down in an armchair in the White House residence, still dressed from his golf game — navy fleece, black pants, white MAGA cap. It was Saturday, Nov. 7. The networks had just called the election for Joe Biden.