It seems that hardly a day goes by without another report of a ransomware attack. Schools, hospitals, oil pipelines, meat-packing plants. I can’t distinguish whether these attacks are actually occurring more frequently or they’re just being reported more frequently. I found two interesting things in this piece by Ken Dilanian at NBC News. First, that the attacks have received the attention of the White House:
The Biden administration is moving to treat ransomware attacks as a national security threat, using intelligence agencies to spy on foreign criminals and contemplating offensive cyber operations against hackers inside Russia, U.S. officials and other sources familiar with the matter said.
Although using the military to take action against criminals wouldn’t be without precedent, it’s controversial in legal circles, and any American cyber action against targets in Russia would risk retaliation. But officials say criminal ransomware attacks from abroad, once a nuisance, have become a major source of economic damage, as the disruption of gasoline and meat supplies in recent weeks has illustrated.
“Right now, they are hair on fire,” a former government official said of the Biden administration.
Are such attacks likely to have political repercussions? I presume that the possibility is gaining traction on the East Coast. I haven’t heard much about that possibility around here.
The other is speculation about the use of Cyber Command in response to the ransomware attacks:
The White House said Biden will tell Russian President Vladimir Putin at their summit June 16 that Russia must stop harboring criminal hackers. But Lewis and other experts don’t expect Putin to cave in to U.S. demands.
If he doesn’t, Biden will have some decisions to make, current and former officials said, including whether to order offensive action by U.S. Cyber Command, the military hackers based at Fort Meade, Maryland, who wield cyber weapons that can take down networks and turn computers into bricks.
The military would be careful to operate in a gray area, just short of the international law definition of an act of war, said Gary Brown, a former Pentagon cyberwarrior who is a professor of cyber law at the National Defense University. That’s exactly what Russia has been doing to the U.S. over the last decade, he said, with a campaign of disinformation, election interference and hacking.
Among the things Cyber Command could do, he said, would be to disrupt the hackers’ ability to access their own networks and tools, “infect their networks with modified tools that have our own little special gifts attached to them” and harass some of the key players.
Indictments by the Justice Department also serve a purpose, he said, by blocking the hackers from most travel and access to the U.S. financial system.
I have multiple problems with all of this. Imagine this scenario. The hackers are using Russian government networks but without the actual support of the Russian government. Cyber Com takes down the network. That would in fact be an act of war and might even be seen as preparation for a nuclear attack. That’s just about the last thing we should want. It seems to me that the risk far exceeds the benefits. Additionally, how can you prevent collateral damage?
Second, why do they think that any of the proposed measures would actually deter the hackers?
I’ve proposed my own set of counter-measures which don’t involve the U. S. military but which I will admit are pretty draconian. I think they could work.
If I am not mistaken, the CIA’s toolkit was stolen several years ago. Creating a virus to destroy Iran’s centrifuges “seemed like a good idea, at the time.”
The Internet of Things has always been a bad idea.
I couldn’t agree more. I always try to go for the dumbest autos and appliances available but it’s getting darned hard. I’m still convinced that the sudden unintended acceleration reported in some autos was the result of a software problem.
It is painful to suggest it; but a technical solution is to separate the “internet” into two separate networks. One is treated like sovereign waters or airspace; only people who are US entities or entities of allied nations while located in the US or aliied nations can access. The other is the internet today — treated like international waters where anyone can access and anything goes.
And we keep the two networks separate, and penalize anyone who connects the two networks.
I’m not sure that solves anything, CuriousOnlooker. If companies and governments are unable or unwilling to control access to the present one-network strategy, how will they be able to willing to control appropriate access to the two-network strategy?