How the Biden administration is making gains in an uphill battle against Russian hackers


(The Conversation is an independent and not-for-profit source for news, analysis, and commentary from academic experts.)

(THE TALK) On January 14, 2022, the FSB, Russia’s domestic intelligence agency, announced that it had dismantled the notorious Russia-based criminal REvil ransomware organization. The FSB said the measures were taken in response to a request from US authorities. The move marks a dramatic shift in Russia’s response to criminal cyberattacks launched from Russia against US targets, and comes at a time of heightened tensions between the two countries.

U.S. policies and actions in response to Russia-related cyberattacks have changed significantly since the Biden administration took office. President Joe Biden has openly confronted Russian President Vladimir Putin about his responsibility for international cyberattacks, and the Biden administration has taken unprecedented steps to impose costs on Russian cybercriminals and thwart their efforts.

Upon taking office, Biden immediately faced difficult challenges from Russian intelligence agents and criminals in high-profile cyberattacks on private businesses and critical infrastructure. As an expert on Russian cyber operations, I see that the government has made significant strides in responding to Russian cyber aggression, but I also have clear expectations about what the national cyber defense can and cannot do.

Compromise of the software supply chain

The 2020 SolarWinds hack was a successful attack on the global software supply chain. The hackers used access to thousands of computers to spy on nine US federal agencies and about 100 private companies. US security agencies said a sophisticated hacking group “probably of Russian origin” was responsible for gathering the information.

On February 4, 2021, Biden addressed Putin in a statement issued at the State Department. Biden said the days of the US rolling over the face of Russian cyberattacks and US election meddling are “gone.”

Biden vowed “not to hesitate to raise the cost to Russia.” The US government had not previously filed charges or imposed sanctions for cyberespionage, partly out of concern that it could lead to countermeasures by Moscow against NSA and CIA hackers. Nevertheless, on April 15, 2021, the US Treasury Department imposed sanctions on the Russian foreign intelligence agency SVR.

Biden also signed an executive order modernizing the federal government’s cybersecurity. He directed authorities to deploy systems that detect cyberattacks, like the one that detected SolarWinds activities at Palo Alto Networks. In parallel, its security agencies released tools and techniques used by SVR and ransomware gangs to help organizations defend against them.

However, economic sanctions and technical obstacles did not slow the SVR’s efforts to gather intelligence on US foreign policy. In May 2021, Microsoft announced that Russia-related hackers had exploited the Constant Contact bulk mail service. Posing as a US agency for international development, they sent authentic-looking emails to more than 150 organizations with links that, when clicked, inserted a malicious file that allowed computer access.

ransomware attacks

Also in May, the shutdown of the Colonial Pipeline by a ransomware attack by Russian cyber gang DarkSide halted the flow of almost half the gas and jet fuel to the East Coast. Panicked drivers rushed to fill up tanks while prices soared. A month later, consumers were looking for meat alternatives after REvil infected beef and pork processor JBS USA with ransomware.

Biden said Russia has “some responsibility to deal with it.” At a summit in Geneva in June, he presented Putin with a list of blocked critical infrastructure that would merit a US response if attacked. It is likely that Russian intelligence and law enforcement agencies may have collusion with cybercriminals and shut down their resources.

Despite not counting on Putin’s influence, the White House formed a ransomware task force to crack down on the gangs. The first step was to use a counter-terrorism program to offer rewards of up to $10 million for information on hackers behind government-sanctioned critical infrastructure breaches.

Working closely with international partners, the Ministry of Justice announced the arrest in Poland of a Ukrainian national accused of the REvil ransomware attack on Kaseya, an information technology software vendor. The Justice Department also seized $6.1 million in cryptocurrency from another REvil operator. Romanian authorities arrested two other people involved in REvil attacks.

US law enforcement seized $2.3 million paid by Colonial Pipeline to DarkSide using a private key to unlock Bitcoin. And the Treasury disrupted virtual currency exchanges SUEX and Chatex for laundering ransomware proceeds. Treasury Department sanctions blocked all of their property in the US and prohibited US citizens from transacting with them.

In addition, the leading US cyberwarrior, General Paul Nakasone, publicly acknowledged for the first time that the US military has been aggressive in targeting ransomware groups. In October, the US Cyber ​​Command blocked the REvil website by redirecting traffic, preventing the group from blackmailing victims. After realizing that its server was compromised, REvil shut down operations.

Limits of US responses

Russia conducts or condones cyberattacks by state and criminal groups that exploit loopholes in international law and avoid crossing national security lines. In October, the SVR stepped up attempts to break into technology companies to steal confidential information. US officials viewed the operation as routine espionage. The reality that international law does not prohibit espionage per se prevents US responses that could serve as a powerful deterrent.

Similarly, after cybergang BlackMatter carried out a ransomware attack on an Iowa farm co-op in September, it claimed that the co-op was not considered critical infrastructure. The gang’s claim relates to cyberattack targets that would trigger a national response from the US government.

Despite this ambiguity, the government has unleashed the military to thwart the efforts of ransomware groups, while law enforcement agencies are after their leaders and their money, and organizations across the US have beefed up their information systems defenses.

Although state-controlled hackers persist and criminal groups could disappear, be rebuilt and renamed, I believe the high costs imposed by the Biden administration could hinder their success. Still, it’s important to keep in mind that national cyber defenses are an extremely challenging issue and the US is unlikely to be able to eliminate the threat.

[Get The Conversation’s most important politics headlines, in our Politics Weekly newsletter.]

This article was republished by The Conversation under a Creative Commons license. Read the original article here:


Comments are closed.