Garrett M. Graff
As ever, the NSA often applied the brakes. The Snowden leaks had exposed many of its secret programs and capabilities, forcing the agency to painstakingly rebuild its exploits and infrastructure around the world. Now, Cyber Command risked revealing its surviving programs and new infrastructure. There were frequent debates about the trade-offs of using, and therefore jeopardizing, particular assets or exploits.
More broadly, Cardon recalls, there was the old, ingrained philosophical clash between military operators geared toward the battlefield and intelligence professionals, who operate in the shadows and whose instinct is to protect their hiding places and secret backdoors. With ARES, that clash seemed to come to a head. “They would say, ‘If you do it like that, they’ll know it’s you!’” Cardon says. “I’d just look at them and say, ‘Who cares? When I’m using artillery, attack aviation, jets—you think they don’t know that it’s the United States of America?’”
Throughout, the pressure from the top was unrelenting. Rogers “wanted to pull out all the stops to pass this test,” a senior official recalls. Even while the effort was weeks old, Pentagon officials began complaining in the press about the slowness of the progress. The crew was working 14-hour days, seven days a week.
Finally, ARES had done the reconnaissance and laid its groundwork, penetrating ISIS’ networks and communication channels, laying malware and backdoors to ensure later access. The president had been briefed. The plan was dubbed Operation Glowing Symphony, and it would attempt to combat ISIS online by exploiting a careless weakness. The ARES team had discovered that despite ISIS’ sophisticated, multifaceted global media campaign, the terror group was just as lazy as most internet users. Nearly everything it did connected through just 10 online accounts.
On November 8, 2016—Election Day in the US—D-Day arrived. Methodically, ARES unleashed a digital assault targeting the terror group’s ability to conduct internal communications and reach potential recruits. “We launched everything,” Donald recalls.
Almost immediately, they ran into an unexpected roadblock: They were trying to break into one of the targeted accounts when up popped a simple security question: “What is the name of your pet?” A sense of dread permeated the operations floor, until an analyst piped up from the back. The answer, he said, was 1–2-5–7. “I’ve been looking at this guy for a year—he does it for everything,” the analyst explained. And sure enough, the code worked. Glowing Symphony was underway.
The team moved one by one to block ISIS from its own accounts, deleting files, resetting controls, and disabling the group’s online operations. “Within the first 60 minutes of go, I knew we were having success,” Nakasone told NPR’s Dina Temple-Raston in a rare interview last year. “We would see the targets start to come down. It’s hard to describe, but you can just sense it from being in the atmosphere that the operators, they know they’re doing really well.”
For hours that first day, operators crossed off their targets from a large sheet hung on the wall as each was taken offline. But that was just the start. In later phases, the ARES team moved to undermine ISIS’ confidence in its own systems—and members. The team slowed down the group’s uploads, deleted key files, and otherwise spread what appeared to be IT gremlins throughout their networks with the goal of injecting friction and frustration into ISIS’ heretofore smooth global march. The task force also moved to locate candidates for what it called “lethal fire.” Taken together, ARES proved successful—ISIS’ operations slowed as piece after piece of the terror group’s media empire was shuttered, from its online magazine to its official news app.
The attack became a critical proof of concept that the US could go on the offensive in cyberspace. “Operation Glowing Symphony was what broke the dam,” Buckner says. “It gave an actual operational example that people could understand.”