How the Biden administration is making gains in an uphill battle against Russian hackers

GettyImages/ FangXiaNuo

Featured eBooks
The State of Trust in Government
Cybersecurity in State and Local Government
Building Data Literacy in the State and Local Workforce
By Scott Jasper,
Lecturer in National Security Affairs, Naval Postgraduate School,
The Conversation
 

Connecting state and local government leaders

By Scott Jasper ,
The Conversation

|

Though government-controlled hackers might persist, and criminal groups might disappear, rebuild and rebrand, the high costs imposed by the Biden administration could hinder their success.

On Jan. 14, 2022, the FSB, Russia’s domestic intelligence service, announced that it had broken up the notorious Russia-based REvil ransomware criminal organization. The FSB said the actions were taken in response to a request from U.S. authorities. The move marks a dramatic shift in Russia’s response to criminal cyberattacks launched against U.S. targets from within Russia, and comes at a time of heightened tensions between the two countries.

U.S. policy and actions in response to cyberattacks connected to Russia have changed distinctly since the Biden administration took office. President Joe Biden has openly confronted Russian President Vladimir Putin on his responsibility regarding international cyberattacks, and the Biden administration has taken unprecedented steps to impose costs on Russian cyber criminals and frustrate their efforts.

Upon taking office, Biden immediately faced difficult challenges from Russian intelligence operatives and criminals in headline-grabbing cyberattacks on private companies and critical infrastructure. As a scholar of Russian cyber operations, I see that the administration has made significant progress in responding to Russian cyber aggression, but I also have clear expectations about what national cyber defense can and can’t do.

Software supply chain compromise

The SolarWinds hack carried out in 2020 was a successful attack on the global software supply chain. The hackers used the access they gained to thousands of computers to spy on nine U.S. federal agencies and about 100 private-sector companies. U.S. security agencies said that a sophisticated hacking group, “likely Russian in origin,” was responsible for the intelligence-gathering effort.

On Feb. 4, 2021, Biden addressed Putin in a statement delivered at the State Department. Biden said that the days of the U.S. rolling over in the face of Russian cyberattacks and interference in U.S. elections “are over.”

Biden vowed to “not hesitate to raise the cost on Russia.” The U.S. government had not previously issued indictments or imposed sanctions for cyber espionage, in part out of concerns that they could result in reciprocal actions by Moscow against NSA and CIA hackers. Nevertheless, the U.S. Treasury Department issued sanctions against the Russian Foreign Intelligence Service, the SVR, on April 15, 2021.

Biden also signed an executive order to modernize federal government cybersecurity. He directed agencies to deploy systems that detect cyber incursions, like the one that spotted SolarWinds activity at Palo Alto Networks. In parallel, his security agencies published tools and techniques used by the SVR and ransomware gangs to help organizations defend against them.

Economic sanctions and technical barriers, however, did not slow SVR efforts to gather intelligence on U.S. foreign policy. In May 2021, Microsoft revealed that hackers associated with Russia exploited the mass-mailing service Constant Contact. By masquerading as the U.S. Agency for International Development, they sent authentic-looking emails with links to more than 150 organizations, which, when clicked, inserted a malicious file that allowed computer access.

Ransomware attacks

Also in May, the shutdown of the Colonial Pipeline by a ransomware attack by the Russian cyber gang DarkSide halted the flow of nearly half the gas and jet fuel to the Eastern Seaboard. Panicked drivers rushed to fill up tanks while prices soared. A month later, consumers scrambled to find meat alternatives after REvil infected beef and pork processer JBS USA with ransomware.

Biden said Russia has “some responsibility to deal with this.” At a summit in Geneva in June, he handed Putin a list of off-limits critical infrastructure that would merit a U.S. response if attacked. It is likely that Russian intelligence services and law enforcement have a tacit understanding with cybercriminals and can shut down their resources.

Though not counting on Putin to exert influence, the White House formed a ransomware task force to go on the offense against the gangs. The first step was using a counterterrorism program to offer rewards of up to US$10 million for information on hackers behind state-sanctioned breaches of critical infrastructure.

In close collaboration with international partners, the Justice Department announced the arrest of a Ukrainian national in Poland, charged with the REvil ransomware attack against Kaseya, an information technology software supplier. The Justice Department also seized $6.1 million in cryptocurrency from another REvil operator. Romanian authorities arrested two others involved in REvil attacks.

U.S. law enforcement seized $2.3 million paid in ransom to DarkSide by Colonial Pipeline by using a private key to unlock bitcoin. And the Treasury Department disrupted the virtual currency exchanges SUEX and Chatex for laundering the proceeds of ransomware. Treasury Department sanctions blocked all of their property in the U.S. and prohibited U.S. citizens from conducting transactions with them.

Additionally, the top U.S. cyberwarrior, Gen. Paul Nakasone, acknowledged for the first time in public that the U.S. military had taken offensive action against ransomware groups. In October, U.S. Cyber Command blocked the REvil website by redirecting traffic, which prevented the group from extorting victims. After REvil realized its server was compromised, it ceased operations.

Limits of US responses

Russia conducts or condones cyberattacks by state and criminal groups that take advantage of gaps in international law and avoid crossing national security lines. In October, the SVR stepped up attempts to break into technology companies to steal sensitive information. U.S. officials considered the operation to be routine spying. The reality that international law does not prohibit espionage per se prevents U.S. responses that could serve as strong deterrents.

Similarly, after cyber gang BlackMatter carried out a ransomwware attack on an Iowa farm cooperative in September, the gang claimed that the cooperative did not count as critical infrastructure. The gang’s claim refers to cyberattack targets that would prompt a national response from the U.S. government.

Despite this ambiguity, the administration has unleashed the military to frustrate the efforts of ransomware groups, while law enforcement agencies have gone after their leaders and their money, and organizations in the U.S. have shored up their information systems defenses.

Though government-controlled hackers might persist, and criminal groups might disappear, rebuild and rebrand, in my view the high costs imposed by the Biden administration could hinder their success. Nevertheless, it’s important to bear in mind that national cyber defense is an extremely challenging problem and it’s unlikely that the U.S. will be able to eliminate the threat.

Scott Jasper, Senior Lecturer in National Security Affairs, Naval Postgraduate School

This article is republished from The Conversation under a Creative Commons license. Read the original article.

NEXT STORY: Public Sector Compliance at Scale

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.