STOPPING CYBERCRIME AND CIVILIAN HARM FROM CYBERWARFARE
Note: If you find my posts too long or too dense to read on occasion, please just read the bolded portions. They present the key points I’m making and the most important information I’m sharing.
This is the final post of my nine-part series on computer hacking and cyberwarfare based on New York Times cybersecurity reporter Nicole Perlroth’s outstanding book, This Is How They Tell Me the World Ends. [1] These posts have summarized the book’s information on the scale of computer hacking, cybercrime, and cyberwarfare; and have shared a number of examples. The previous post provided an overview of steps that can be taken to counter cybercrime at the personal, organizational, and governmental levels. This post discusses steps that are being taken to counter ransomware and to stop cyberwarfare from harming civilians.
The Biden Administration is working to reduce the frequency and profitability of ransomware attacks. It is disrupting the infrastructure ransomware hackers use to collect their ransom. It has put sanctions on cryptocurrency exchanges that are frequently used for ransomware payments and warned U.S. companies not to pay ransomware. In June, it was able to recover over half of the $4.4 million in cryptocurrency that Colonial Pipeline had paid to its ransomware attacker. [2] The U.S. Department of Justice (DOJ) reports that ransomware attacks have cost the U.S. almost $600 million in the first six months of 2021.
In November, the DOJ announced that a Ukrainian hacker had been arrested and charged in connection with a group of ransomware attacks. It also announced the recovery of $6.1 million from ransomware attacks by a Russianwho was charged separately and is listed as wanted by law enforcement. In December, the head of the U.S. Cyber Command and the Director of the National Security Agency announced that the military had taken offensive actions against ransomware attackers who had targeted critical infrastructure. [3] These actions represent the strongest U.S. government response to ransomware attacks to-date and reflect a marshalling of resources across multiple agencies. European law enforcement officials also announced that seven ransomware hackers have been arrested in Europe since February. [4] Recently, a multi-national effort succeeded in shutting down, at least temporarily, a major Russian ransomware entity. In October, the Biden Administration convened over 30 countries to develop plans to combat ransomware attacks around the globe. [5]
Back in April, the Biden Administration announced tough sanctions on Russia for previous cyberattacks and, in June, President Biden warned Russian President Putin that future Russian cyberattacks would be grounds for additional retaliation.
Three former U.S. cyber intelligence agency employees, who had been hired by the United Arab Emirates (UAE) to conduct cyberespionage, pleaded guilty in September to cyber hacking and violating export laws by transferring military cyber technology to a foreign government. The DOJ is deferring criminal prosecutions of them if they pay hundreds of thousands of dollars in fines and abide by the terms of a three-year settlement agreement. They are also prohibited from ever receiving a U.S. security clearance. [6] Numerous former U.S. cyber intelligence employees have been lured to work for private companies and foreign governments to do cybersecurity or cyberespionage. Many do legitimate cybersecurity work but more than a few have done illegal or at least unethical work for their new employers.
In October, Biden’s Commerce Department announced a rule that limits the export and sale of hacking software to authoritarian and repressive governments. This effort is difficult for many reasons, in part because it needs to avoid inhibiting cybersecurity collaboration among countries and among companies located in different countries. Furthermore, some private companies and some other countries don’t share this goal of keeping hacking tools out of the hands of such governments. For example, the Israeli company NSO Group (with suspected but unproven connections to the Israeli government) sells spyware that can be hacked onto an individual’s phone, allowing the hacker to track the person’s location and monitor their communications. Governments and others have used it to track dissidents, activists, lawyers, politicians, and journalists. Saudi Arabia used it to track associates of Jamal Khashoggi, the journalist that it murdered. Most recently, it was identified as being used to spy on Palestinians. [7]
For 25 years, the U.S. and 42 other countries have blocked the sale of weapons and military technology to authoritarian and repressive governments. The Wassenaar Agreement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies, originally signed in 1996, sets voluntary export controls on a list of weaponry. The list of controlled products is updated every December and cyber hacking and surveillance products were added to the list in 2013. However, the U.S. did not adopt controls on these products until now. This new Commerce Department rule will allow the U.S. to coordinate efforts to control the export of hacking tools with the 42 other countries that are part of the Wassenaar Agreement. [8]
Also on the international front, there have been calls for a treaty banning cyberwarfare from targeting civilians and civilian infrastructure, similar to the Geneva Convention for traditional warfare. Brad Smith, Microsoft’s president, called for such a treaty in 2017 after vulnerabilities in Microsoft software had been the vehicle for Russia’s devastating cyberattack on Ukraine’s civilian infrastructure and for North Korea’s worldwide ransomware attacks. Noting that the 1949 Geneva Convention protects civilians during traditional warfare, he called for a new convention to protect civilians from cyberwarfare – from attacks on hospitals, electric power grids, elections, and the intellectual property of private parties. Previously, after the 2010 U.S. attack on Iran’s uranium enrichment facility, European, Russian, and some U.S. officials had also called for such a treaty.
However, the U.S. has not pursued such a treaty, at least in part because it has been the world’s dominant cyber superpower. Nonetheless, U.S. businesses and civilians, as the most Internet-dependent ones in the world, are bearing the brunt of escalating cybercrime and cyberwarfare. Furthermore, the U.S. has continued to engage in its own cyberwarfare, including building its capacity to attack civilian infrastructure such as the Russian electric power grid.
I urge you to contact President Biden and thank him for his efforts to stop ransomware attacks and to keep cyber hacking tools out of the hands of authoritarian and repressive governments. Ask him to continue this work and to do more to protect civilians from cyberwarfare. You can email President Biden at http://www.whitehouse.gov/contact/submit-questions-and-comments or you can call the White House comment line at 202-456-1111 or the switchboard at 202-456-1414.
I also urge you to let your U.S. Representative and Senators know that you support strong steps to reduce ransomware attacks and the potential harm to civilians from cyberwarfare. You can find contact information for your U.S. Representative at http://www.house.gov/representatives/find/ and for your U.S. Senators at http://www.senate.gov/general/contact_information/senators_cfm.cfm.
[1] Perlroth, N. This Is How They Tell Me the World Ends. Bloomsbury Publishing, NY, NY. 2021.
[2] Perlroth, N., 10/25/21, “A rare win for the good guys in cat-and-mouse game of ransomware,” The Boston Globe from the New York Times
[3] Barnes, J. E., 12/6/21, “US military has acted against ransomware groups, NSA chief says,” The Boston Globe from the New York Times
[4] Tucker, E., & Suderman, A., 11/9/21, “US charges 2 suspected ransomware operators,” The Boston Globe from the Associated Press
[5] McLaughlin, J., 10/13/21, “White House brings together 30 nations to combat ransomware,” National Public Radio (https://www.npr.org/2021/10/13/1045248842/white-house-brings-together-30-nations-to-combat-ransomware)
[6] Mazzetti, M., & Goldman, A., 9/15/21, “Former intelligence officers admit crimes,” The Boston Globe from the New York Times
[7] Kingsley, P., & Bergman, R., 11/9/21, “Spyware aimed at activists, group says,” The Boston Globe from the New York Times
[8] Nakashima, E., 10/21/21, “US aims to limit sale of hack tools to dictators,” The Boston Globe from the Washington Post