Lawmakers press Biden to give Putin ultimatum on ransomware gangs

The big question is whether Putin can be pressured – or trusted – to contain his country’s cyber criminals.

Biden and his agents did not exhibit in such a veiled manner Warnings in the Kremlin began last month after US officials attributed the attack on the Colonial Pipeline to Russia-based ransomware gang DarkSide. Biden said Moscow has “a certain responsibility to deal with it”. He also said, without going into detail, that he would bring Putin up the issue of cyberattacks.

“You can expect the president to address this very directly and make clear our expectations of the Russian government to address the threat posed by its territory,” a senior administrative official told reporters on Friday.

Lawmakers want Biden to add some steel to those words by making it clear that the US and its NATO allies are ready to lead the fight against these digital pirates. That kind of message could be enough to raise the alarm in Moscow both politically and within the intelligence apparatus, they said.

“There is a lot of interaction between cyber criminals and the government,” said Senator Marco Rubio (R-Fla.), Vice chairman of the intelligence committee.

That’s because Russian intelligence officials sometimes, with the official blessing of the state, go into undeclared work or freelance while engaging in malicious digital activities, US security and law enforcement officials say. The links between the two camps can be deep, said FBI Director Christopher Wray at a House Judiciary hearing Thursday – even with gangs like DarkSide claiming complete independence.

“I cannot discuss the extent of the connection between these cyber criminals and the Russian government in an open hearing,” said Wray. “I will say that the youngest actors – the so-called DarkSide actors involved in the Colonial Pipeline attack – are individuals who, perhaps not by chance, specifically target English-speaking victims.”

Some lawmakers have expressed doubts that such aggressive international hacking is taking place in Moscow without the knowledge of the authoritarian regime.

“In my opinion, nothing happens in Russia without the approval of the government,” said Senator Mike Rounds of South Dakota, the top Republican on the cyber subpanel of the Armed Services Committee.

But many lawmakers drew a bright line, saying the US should avoid beating the Russian government or its state infrastructure.

“We have to be careful with such engagements from nation-state to nation-state,” said Rubio, warning of an escalation that could lead to traditional, real military conflicts.

Instead, they said, you should first pursue the criminal hackers based in Russia – a move that is less likely to result in political setback.

“The first goal is to prosecute the gangs because it avoids many complicated questions about sovereignty and competition with another nation,” said Jack Reed (D-R.I.), Chairman of the Senate Armed Forces Committee.

The Biden administration has not set out any specific steps it would like to take against Russia for its cyber activities, other than promises made in February by National Security Advisor Jake Sullivan that the US response would include action.seen and not seen. “

A US official familiar with the subject said the US options for sanctions against Russia included more sanctions as well as exposing unsavory aspects of Putin’s wealth.

However, Senate Intelligence Chairman Mark Warner (D-Va.) Said Biden could remind Putin at the meeting that the US can and does use its cyber weapons when threatened. “The Russians are very aware of our capabilities” he said.

As an example, Warner pointed to a First offensive digital strike of its kind that the U.S. military’s Cyber ​​Command launched an infamous Russian propaganda factory, the Internet Research Agency, and took it offline during and after midterms of 2018. The operation prevented the troll farm from spreading disinformation when the Americans voted.

Cyber ​​Command started a Similar attack last year on a network of malware-infected computers Operated by Russian-speaking hackers to thwart ransomware attacks and efforts to disrupt the November elections.

Rubio took note of the Justice Department’s announcement last week that it had confiscated much of Colonial’s ransom from a digital wallet used by the DarkSide hackers. He said such operations can make the ransomware underworld worry about what kind of access the federal government has – and send a message that their networks are vulnerable to intrusion and even theft.

But it is difficult to say whether Putin will play along, said the US official. “The films ‘The Sopranos’ and ‘Godfather’ are illuminating in dealing with these people,” said the official, who spoke on condition of anonymity as they were not allowed to speak to the media.

Another possibility That would avoid dealing with Russia entirely: catch cyber criminals if they happen to visit a third country, said the US official.

One example is Alexander Vinnik, who worked at BTC-e, a Russian cryptocurrency exchange. He was arrested in Greece in 2017 during an FBI-backed operation. He is waiting for money laundering and extortion trial in France.

When asked about possible retaliatory measures following the JBS attack, White House spokeswoman Jen Psaki said that “We’re not taking options off the table. “

Another question is which arm of the US government would take the lead in an attack on ransomware companies – a debate that could create a hodgepodge of responses from various agencies, none of which have enough power to deter cybercriminals.

A similar political debate has been raging among lawmakers for months about how the US should react to last year’s massive SolarWinds intrusion, a spy drive in which hackers rented US-based servers for a Russian intelligence agency to kill at least nine federal agencies and about 100 private break through businesses.

One possibility is for Cyber ​​Command to direct all retaliation. But having a military organization at the helm could create legality and sovereignty headaches.

In addition, the head of Cyber ​​Command is not convinced of the idea. Army General Paul Nakasone, who also heads the NSA, said the FBI and DHS should be in the driver’s seat as part of a “whole government” Approach to ransomware.

“This is the area that the administration is currently working towards to understand who will be in charge and how we will deal with it,” he told a subcommittee on armed services of the House of Representatives on Friday.

Rep. Jim Langevin (D-R.I.), Chairman of the Armed Forces Cybersecurity Subcommittee, argued that Cyber ​​Command was busy enough with its existing missions and that crime should be conducted through traditional law enforcement and diplomatic channels.

He said a new joint cyber planning office in the DHS agency for cybersecurity and infrastructure security should be the hub for such efforts. This office, created by last year’s Defense Policy Draft, “could focus on improving defense, dismantling infrastructure, bots and payment tracking, criminal investigations and international coordination,” said Langevin, who is also on the Homeland Security Committee House of Representatives operates.

The key to any strategy, argued Senator Angus King (I-Maine), a member of the Intelligence Committee and co-chair of the Congressional-chartered Cyberspace Solarium Commission, is pushing Russia out with its look-the-different approach to the gangs.

“You cannot allow international criminals to operate within their borders with impunity,” King said. “If we had a gang of international bank robbers in Richmond, Virginia, we’d be chasing them.”

Nahal Toosi contributed to this report.

Leave a Comment