On Feb. 4, 2021, Biden addressed Putin in a statement delivered at the State Department. Biden said that the days of the U.S. rolling over in the face of Russian cyberattacks and interference in U.S. elections “are over.”
Republished with permission from The Conversation, by Scott Jasper, Naval Postgraduate School
On Jan. 14, 2022, the FSB, Russia’s domestic intelligence service, announced that it had broken up the notorious Russia-based REvil ransomware criminal organization. The FSB said the actions were taken in response to a request from U.S. authorities. The move marks a dramatic shift in Russia’s response to criminal cyberattacks launched against U.S. targets from within Russia, and comes at a time of heightened tensions between the two countries.
U.S. policy and actions in response to cyberattacks connected to Russia have changed distinctly since the Biden administration took office. President Joe Biden has openly confronted Russian President Vladimir Putin on his responsibility regarding international cyberattacks, and the Biden administration has taken unprecedented steps to impose costs on Russian cyber criminals and frustrate their efforts.
Upon taking office, Biden immediately faced difficult challenges from Russian intelligence operatives and criminals in headline-grabbing cyberattacks on private companies and critical infrastructure. As a scholar of Russian cyber operations, I see that the administration has made significant progress in responding to Russian cyber aggression, but I also have clear expectations about what national cyber defense can and can’t do.
Software Supply Chain Compromise
The SolarWinds hack carried out in 2020 was a successful attack on the global software supply chain. The hackers used the access they gained to thousands of computers to spy on nine U.S. federal agencies and about 100 private-sector companies. U.S. security agencies said that a sophisticated hacking group, “likely Russian in origin,” was responsible for the intelligence-gathering effort.
On Feb. 4, 2021, Biden addressed Putin in a statement delivered at the State Department. Biden said that the days of the U.S. rolling over in the face of Russian cyberattacks and interference in U.S. elections “are over.”
Biden vowed to “not hesitate to raise the cost on Russia.” The U.S. government had not previously issued indictments or imposed sanctions for cyber espionage, in part out of concerns that they could result in reciprocal actions by Moscow against NSA and CIA hackers. Nevertheless, the U.S. Treasury Department issued sanctions against the Russian Foreign Intelligence Service, the SVR, on April 15, 2021.
Biden also signed an executive order to modernize federal government cybersecurity. He directed agencies to deploy systems that detect cyber incursions, like the one that spotted SolarWinds activity at Palo Alto Networks. In parallel, his security agencies published tools and techniques used by the SVR and ransomware gangs to help organizations defend against them.
Economic sanctions and technical barriers, however, did not slow SVR efforts to gather intelligence on U.S. foreign policy. In May 2021, Microsoft revealed that hackers associated with Russia exploited the mass-mailing service Constant Contact. By masquerading as the U.S. Agency for International Development, they sent authentic-looking emails with links to more than 150 organizations, which, when clicked, inserted a malicious file that allowed computer access.
Ransomware Attacks
Also in May, the shutdown of the Colonial Pipeline by a ransomware attack by the Russian cyber gang DarkSide halted the flow of nearly half the gas and jet fuel to the Eastern Seaboard. Panicked drivers rushed to fill up tanks while prices soared. A month later, consumers scrambled to find meat alternatives after REvil infected beef and pork processer JBS USA with ransomware.
Biden said Russia has “some responsibility to deal with this.” At a summit in Geneva in June, he handed Putin a list of off-limits critical infrastructure that would merit a U.S. response if attacked. It is likely that Russian intelligence services and law enforcement have a tacit understanding with cybercriminals and can shut down their resources.
Though not counting on Putin to exert influence, the White House formed a ransomware task force to go on the offense against the gangs. The first step was using a counterterrorism program to offer rewards of up to US$10 million for information on hackers behind state-sanctioned breaches of critical infrastructure.
In close collaboration with international partners, the Justice Department announced the arrest of a Ukrainian national in Poland, charged with the REvil ransomware attack against Kaseya, an information technology software supplier. The Justice Department also seized $6.1 million in cryptocurrency from another REvil operator. Romanian authorities arrested two others involved in REvil attacks.
U.S. law enforcement seized $2.3 million paid in ransom to DarkSide by Colonial Pipeline by using a private key to unlock bitcoin. And the Treasury Department disrupted the virtual currency exchanges SUEX and Chatex for laundering the proceeds of ransomware. Treasury Department sanctions blocked all of their property in the U.S. and prohibited U.S. citizens from conducting transactions with them.
Gen. Paul Nakasone, Director of the National Security Agency, testifying before the House Intelligence Committee on April 15, 2021. Al Drago/Pool via AP
Additionally, the top U.S. cyberwarrior, Gen. Paul Nakasone, acknowledged for the first time in public that the U.S. military had taken offensive action against ransomware groups. In October, U.S. Cyber Command blocked the REvil website by redirecting traffic, which prevented the group from extorting victims. After REvil realized its server was compromised, it ceased operations.
Limits of U.S. Responses
Russia conducts or condones cyberattacks by state and criminal groups that take advantage of gaps in international law and avoid crossing national security lines. In October, the SVR stepped up attempts to break into technology companies to steal sensitive information. U.S. officials considered the operation to be routine spying. The reality that international law does not prohibit espionage per se prevents U.S. responses that could serve as strong deterrents.
Similarly, after cyber gang BlackMatter carried out a ransomwware attack on an Iowa farm cooperative in September, the gang claimed that the cooperative did not count as critical infrastructure. The gang’s claim refers to cyberattack targets that would prompt a national response from the U.S. government.
Despite this ambiguity, the administration has unleashed the military to frustrate the efforts of ransomware groups, while law enforcement agencies have gone after their leaders and their money, and organizations in the U.S. have shored up their information systems defenses.
Though government-controlled hackers might persist, and criminal groups might disappear, rebuild and rebrand, in my view the high costs imposed by the Biden administration could hinder their success. Nevertheless, it’s important to bear in mind that national cyber defense is an extremely challenging problem and it’s unlikely that the U.S. will be able to eliminate the threat.
Scott Jasper, Senior Lecturer in National Security Affairs, Naval Postgraduate School
The Conversation is a nonprofit, independent news organization dedicated to unlocking the knowledge of experts for the public good. We publish trustworthy and informative articles written by academic experts for the general public and edited by our team of journalists.
Help Support Factkeepers!
{"id":null,"mode":"form","open_style":"in_place","currency_code":"USD","currency_symbol":"$","currency_type":"decimal","blank_flag_url":"https:\/\/factkeepers.com\/wp-content\/plugins\/tip-jar-wp\/\/assets\/images\/flags\/blank.gif","flag_sprite_url":"https:\/\/factkeepers.com\/wp-content\/plugins\/tip-jar-wp\/\/assets\/images\/flags\/flags.png","default_amount":500,"top_media_type":"none","featured_image_url":false,"featured_embed":"","header_media":null,"file_download_attachment_data":null,"recurring_options_enabled":true,"recurring_options":{"never":{"selected":true,"after_output":"One time only"},"weekly":{"selected":false,"after_output":"Every week"},"monthly":{"selected":false,"after_output":"Every month"},"yearly":{"selected":false,"after_output":"Every year"}},"strings":{"current_user_email":"","current_user_name":"","link_text":"Leave a tip","complete_payment_button_error_text":"Check info and try again","payment_verb":"Pay","payment_request_label":"Factkeepers.com","form_has_an_error":"Please check and fix the errors above","general_server_error":"Something isn't working right at the moment. Please try again.","form_title":"Help Support Factkeepers","form_subtitle":null,"currency_search_text":"Country or Currency here","other_payment_option":"Other payment option","manage_payments_button_text":"Manage your payments","thank_you_message":"Thank you for being a supporter!","payment_confirmation_title":"Factkeepers.com","receipt_title":"Your Receipt","print_receipt":"Print Receipt","email_receipt":"Email Receipt","email_receipt_sending":"Sending receipt...","email_receipt_success":"Email receipt successfully sent","email_receipt_failed":"Email receipt failed to send. Please try again.","receipt_payee":"Paid to","receipt_statement_descriptor":"This will show up on your statement as","receipt_date":"Date","receipt_transaction_id":"Transaction ID","receipt_transaction_amount":"Amount","refund_payer":"Refund from","login":"Log in to manage your payments","manage_payments":"Manage Payments","transactions_title":"Your Transactions","transaction_title":"Transaction Receipt","transaction_period":"Plan Period","arrangements_title":"Your Plans","arrangement_title":"Manage Plan","arrangement_details":"Plan Details","arrangement_id_title":"Plan ID","arrangement_payment_method_title":"Payment Method","arrangement_amount_title":"Plan Amount","arrangement_renewal_title":"Next renewal date","arrangement_action_cancel":"Cancel Plan","arrangement_action_cant_cancel":"Cancelling is currently not available.","arrangement_action_cancel_double":"Are you sure you'd like to cancel?","arrangement_cancelling":"Cancelling Plan...","arrangement_cancelled":"Plan Cancelled","arrangement_failed_to_cancel":"Failed to cancel plan","back_to_plans":"\u2190 Back to Plans","update_payment_method_verb":"Update","sca_auth_description":"Your have a pending renewal payment which requires authorization.","sca_auth_verb":"Authorize renewal payment","sca_authing_verb":"Authorizing payment","sca_authed_verb":"Payment successfully authorized!","sca_auth_failed":"Unable to authorize! Please try again.","login_button_text":"Log in","login_form_has_an_error":"Please check and fix the errors above","uppercase_search":"Search","lowercase_search":"search","uppercase_page":"Page","lowercase_page":"page","uppercase_items":"Items","lowercase_items":"items","uppercase_per":"Per","lowercase_per":"per","uppercase_of":"Of","lowercase_of":"of","back":"Back to plans","zip_code_placeholder":"Zip\/Postal Code","download_file_button_text":"Download File","input_field_instructions":{"tip_amount":{"placeholder_text":"How much would you like to donate? You can change this amount to anything you would like.","initial":{"instruction_type":"normal","instruction_message":"How much would you like to donate? You can change this amount to anything you would like."},"empty":{"instruction_type":"error","instruction_message":"How much would you like to donate? You can change this amount to anything you would like."},"invalid_curency":{"instruction_type":"error","instruction_message":"How much would you like to donate? You can change this amount to anything you would like."}},"recurring":{"placeholder_text":"Recurring","initial":{"instruction_type":"normal","instruction_message":"How often would you like to donate this?"},"success":{"instruction_type":"success","instruction_message":"How often would you like to donate this?"},"empty":{"instruction_type":"error","instruction_message":"How often would you like to donate this?"}},"name":{"placeholder_text":"Name on Credit Card","initial":{"instruction_type":"normal","instruction_message":"Enter the name on your card."},"success":{"instruction_type":"success","instruction_message":"Enter the name on your card."},"empty":{"instruction_type":"error","instruction_message":"Please enter the name on your card."}},"privacy_policy":{"terms_title":"Terms and conditions","terms_body":null,"terms_show_text":"View Terms","terms_hide_text":"Hide Terms","initial":{"instruction_type":"normal","instruction_message":"I agree to the terms."},"unchecked":{"instruction_type":"error","instruction_message":"Please agree to the terms."},"checked":{"instruction_type":"success","instruction_message":"I agree to the terms."}},"email":{"placeholder_text":"Your email address","initial":{"instruction_type":"normal","instruction_message":"Enter your email address"},"success":{"instruction_type":"success","instruction_message":"Enter your email address"},"blank":{"instruction_type":"error","instruction_message":"Enter your email address"},"not_an_email_address":{"instruction_type":"error","instruction_message":"Make sure you have entered a valid email address"}},"note_with_tip":{"placeholder_text":"Your note here...","initial":{"instruction_type":"normal","instruction_message":"Attach a note to your tip (optional)"},"empty":{"instruction_type":"normal","instruction_message":"Attach a note to your tip (optional)"},"not_empty_initial":{"instruction_type":"normal","instruction_message":"Attach a note to your tip (optional)"},"saving":{"instruction_type":"normal","instruction_message":"Saving note..."},"success":{"instruction_type":"success","instruction_message":"Note successfully saved!"},"error":{"instruction_type":"error","instruction_message":"Unable to save note note at this time. Please try again."}},"email_for_login_code":{"placeholder_text":"Your email address","initial":{"instruction_type":"normal","instruction_message":"Enter your email to log in."},"success":{"instruction_type":"success","instruction_message":"Enter your email to log in."},"blank":{"instruction_type":"error","instruction_message":"Enter your email to log in."},"empty":{"instruction_type":"error","instruction_message":"Enter your email to log in."}},"login_code":{"initial":{"instruction_type":"normal","instruction_message":"Check your email and enter the login code."},"success":{"instruction_type":"success","instruction_message":"Check your email and enter the login code."},"blank":{"instruction_type":"error","instruction_message":"Check your email and enter the login code."},"empty":{"instruction_type":"error","instruction_message":"Check your email and enter the login code."}},"stripe_all_in_one":{"initial":{"instruction_type":"normal","instruction_message":"Enter your credit card details here."},"empty":{"instruction_type":"error","instruction_message":"Enter your credit card details here."},"success":{"instruction_type":"normal","instruction_message":"Enter your credit card details here."},"invalid_number":{"instruction_type":"error","instruction_message":"The card number is not a valid credit card number."},"invalid_expiry_month":{"instruction_type":"error","instruction_message":"The card's expiration month is invalid."},"invalid_expiry_year":{"instruction_type":"error","instruction_message":"The card's expiration year is invalid."},"invalid_cvc":{"instruction_type":"error","instruction_message":"The card's security code is invalid."},"incorrect_number":{"instruction_type":"error","instruction_message":"The card number is incorrect."},"incomplete_number":{"instruction_type":"error","instruction_message":"The card number is incomplete."},"incomplete_cvc":{"instruction_type":"error","instruction_message":"The card's security code is incomplete."},"incomplete_expiry":{"instruction_type":"error","instruction_message":"The card's expiration date is incomplete."},"incomplete_zip":{"instruction_type":"error","instruction_message":"The card's zip code is incomplete."},"expired_card":{"instruction_type":"error","instruction_message":"The card has expired."},"incorrect_cvc":{"instruction_type":"error","instruction_message":"The card's security code is incorrect."},"incorrect_zip":{"instruction_type":"error","instruction_message":"The card's zip code failed validation."},"invalid_expiry_year_past":{"instruction_type":"error","instruction_message":"The card's expiration year is in the past"},"card_declined":{"instruction_type":"error","instruction_message":"The card was declined."},"missing":{"instruction_type":"error","instruction_message":"There is no card on a customer that is being charged."},"processing_error":{"instruction_type":"error","instruction_message":"An error occurred while processing the card."},"invalid_request_error":{"instruction_type":"error","instruction_message":"Unable to process this payment, please try again or use alternative method."},"invalid_sofort_country":{"instruction_type":"error","instruction_message":"The billing country is not accepted by SOFORT. Please try another country."}}}},"fetched_oembed_html":false}
{"date_format":"F j, Y","time_format":"g:i a","wordpress_permalink_only":"https:\/\/factkeepers.com\/the-biden-administration-is-actually-making-gains-in-the-battle-against-russian-hackers\/","all_default_visual_states":"inherit","modal_visual_state":false,"user_is_logged_in":false,"stripe_api_key":"pk_live_40P3DgGDAHEP1QtJ0nOU4nms5JYHI8GbQ05dYiB1S8OPP5oMSIpOCCeeIawOyeW6bWDkDMWdUeggbhxOQTSA6aedu00ROAbhXBd","stripe_account_country_code":"US","setup_link":"https:\/\/factkeepers.com\/wp-admin\/admin.php?page=tip-jar-wp&mpwpadmin1=welcome&mpwpadmin_lightbox=do_wizard_health_check","close_button_url":"https:\/\/factkeepers.com\/wp-content\/plugins\/tip-jar-wp\/\/assets\/images\/closebtn.png"}
