Welcome to The Cybersecurity 202! We're mourning the loss of comedian Norm MacDonald, who urged fame and recognition for all 12 men who walked on the moon — including the final one, Harrison Schmitt.

Below: DOJ charged three former U.S. officials for helping the United Arab Emirates' offensive hacking work — and hacktivists are wreaking havoc in Belarus.

Putin isn't cracking down on ransomware gangs

It's been nearly three months since President Biden demanded Russian leader Vladimir Putin take action against ransomware gangs operating in Russian territory. 

Yet officials say there's no evidence the Kremlin is reining in these groups. 

Those gangs are still “operating in the permissive environment that they've created there,” FBI Deputy Director Paul Abbate said during the annual Intelligence and National Security Summit. U.S. requests for Russian help extraditing ransomware hackers have produced no results, he said. 

That means two big things for U.S. officials: 

  • In the short term, the nation is likely to face more damaging attacks, in which hackers lock up victims' computers and demand a ransom to unlock them. Think attacks targeting schools, hospitals and economically vital industries, such as the May attack on Colonial Pipeline.
  • In the longer term, the United States must find a way to combat those attacks without Russian cooperation. That will include improving U.S. companies' defenses so ransomware hackers can't do as much damage. It may also involve retaliating against Russian targets until they decide ransomware isn't worth the effort.

“I'd like to change the decision calculus of the good guys and gals in this space such that they take a meaningful role in their own defense,” National Cyber Director Chris Inglis said at the same conference. “I'd also like to change the decision calculus of those … that have been responsible for things like ransomware.”

There have been fewer high-profile attacks in recent months, Inglis noted — nothing on the scale of Colonial or a Fourth of July weekend attack against the software provider Kaseya that forced hundreds of its customers offline for days. 

But there's no evidence that it's because Putin asked the hackers to back off. 

No shocker

The lack of Russian cooperation is concerning but hardly surprising

Analysts have noted that ransomware attacks have been basically steady since the U.S. and Russian leaders' summit in Geneva. 

Biden's faceoff with Putin over ransomware was always a long shot. It was premised largely on the hope that Putin would be interested in placating the new president – and at least more willing to rein in Russian cybercriminals than to halt Kremlin-backed hacking activity that directly benefits his regime. 

Ransomware gangs operate inside Russian territory with the Kremlin's tacit approval, but aren't directed by the government, U.S. officials and analysts say. They speculate that Putin tolerates the gangs partly because they steer clear of Russian targets and are willing to aid government-backed hacking when called upon.

Growing threats

But the other options facing U.S. policymakers are highly difficult

The government has pushed industry to improve its cyber defenses for years. But any improvements have failed to keep pace with the growing hacking threat. 

The White House mandated a slate of cyber protections for pipelines in the wake of Colonial. It's working on voluntary standards for other critical industries, but it's not clear whether industries will adopt those standards or if they'll be sufficient to keep hackers at bay. 

Punching back comes with its own problems

It would be complicated to launch retaliatory cyberattacks against ransomware gangs that don't also harm Internet infrastructure owned by innocent bystanders. 

During the INSA conference, Inglis advocated for the United States to fire the equivalent of highly targeted “cyber bullets” when possible that remove adversaries from the Internet but cause limited collateral damage. But he also acknowledged the limits of that approach. 

“That's only going to get rid of the clear and present immediate danger,” he said. “That's not going to affect the leadership that allows this to happen.”

U.S. Cyber Command has begun a “surge” of efforts to combat ransomware and other cyberattacks and “impose costs when necessary,” Cybercom Chief Gen. Paul Nakasone told the Associated Press

“Even six months ago, we probably would have said, ‘Ransomware, that’s criminal activity,’ ” he said. “But if it has an impact on a nation, like we’ve seen, then it becomes a national security issue. If it’s a national security issue, then certainly we’re going to surge toward it.”

The keys

The Justice Department charged three Americans with illegally hacking for the UAE

The three former U.S. intelligence and military officials have agreed to pay $1.7 million, cooperate with the government and never work for the United Arab Emirates again in a deferred prosecution agreement, Spencer Hsu reports. The Justice Department hailed the agreement as a “first-of-its-kind resolution” of such cybersecurity investigations. 

The men were charged with conspiring to violate export control and computer fraud laws. All three worked on “Project Raven,” a UAE hacking program that targeted Americans, as Reuters' Christopher Bing and Joel Schectman reported in a sprawling 2019 investigation. 

Prosecutors agreed to potentially dismiss the charges because it’s a novel case intended to be a warning to others, according to a Justice Department official who spoke on the condition of anonymity because they were not authorized to speak publicly. 

“This is a clear message to anybody, including former U.S. government employees, who had considered using cyberspace to leverage export-controlled information for the benefit of a foreign government or a foreign commercial company — there is risk, and there will be consequences,” FBI Cyber Division Assistant Director Bryan Vorndran said in a statement.

Meet the hacktivists wreaking havoc on Belarus’s government

Around 15 self-taught hacktivists say they have taken more than six terabytes of data from the government with the help of disaffected Belarusian security forces, Dalton Bennett and Robyn Dixon report. The hack appears to be one of the largest, most organized such attacks by an opposition group against a government, analysts say. 

The Cyber Partisans gave The Washington Post samples of stolen government wiretaps, including a list of around 10,000 recorded calls. The Post hasn’t independently verified the identities of participants in the calls. But Belarusian officials haven’t publicly challenged the veracity of the hacktivists’ posts. The country’s interior ministry declined to comment.

“I’ve never seen anything like it,” said Gabriella Coleman, an expert on hacking and activism at McGill University in Montreal. “What we’re seeing in Belarus is far more organized, better executed, has a lot more depth and breadth and impact. In that sense, it’s unique.”

County officials in Wisconsin mistook an email from an election investigator as phishing or spam

The email was supposed to be from former Wisconsin Supreme Court Justice Michael Gableman, but it was labeled as being from “john delta” and sent from a gmail account. It was marked as spam by at least seven counties and 11 others never received it, the Associated Press’ Scott Bauer reports

It’s the latest source of confusion in Wisconsin, where Gableman is leading a Republican-ordered review of the 2020 election. The email included an attachment telling clerks to preserve “any and all records and evidence” related to the 2020 election and share the message with more than 1,800 clerks municipal clerks.

The email formatting, inconsistent senders and suspicious PDF attachments raised concerns, according to some clerks. At least six county clerks say they won’t forward the emails to municipalities in their counties. 

“Our IT department has advised deleting any and all suspicious emails and/or attachments. Since this email falls into that category, I did not open it and will not be forwarding it on to any of our municipal clerks," Green Lake County clerk Liz Otto, told the AP. 

Since being assigned the job by Republican lawmakers, Gableman has traveled to Arizona to learn about a partisan review taking place in Maricopa County. He also attended a cybersecurity symposium held by MyPillow CEO Mike Lindell. Gableman said the trip to Arizona was to learn about the allegations and how to investigate them.

Arizona officials must release records from the partisan audit in Maricopa County

The state Supreme Court blocked an effort by the state Senate to shield those records from public view, the Associated Press reported. The Senate has yet to receive any report from that audit. It was delayed last month when leaders of the firm conducting the review, Cyber Ninjas, were diagnosed with covid-19.

Hill happenings

A House committee advanced $865 million in funding for CISA

The House Homeland Security Committee approved the funding as part of a massive spending package proposed by Democrats. The largest chunk of new Cybersecurity and Infrastructure Security Agency funding, $400 million, would go toward implementing a cybersecurity executive order signed by President Biden this year. 

National security watch

Cyber insecurity

Daybook

  • Stanford University’s Program on Democracy and the Internet hosts a webinar on E.U. technology and cybersecurity proposals on Thursday at noon.
  • Rep. Jim Langevin (D-R.I.), Southern Company CEO Tom Fanning and others discuss cyber threats to critical infrastructure at a Carnegie Endowment for International Peace event on Friday at 12:30 p.m.
  • Former Undersecretary of State Keith Krach and former U.S. Agency for International Development deputy administrator Bonnie Glick speak at a Center for Tech Diplomacy at Purdue event on semiconductors and supply chains on Sept. 21 at 9:10 a.m.
  • Homeland Security Secretary Alejandro Mayorkas, FBI Director Christopher A. Wray and National Counterterrorism Center Director Christine Abizaid testify at a Senate Homeland Security and Governmental Affairs Committee on homeland security threats on Sept. 21 at 9:30 a.m.

Secure log off

We're here 'cause the lights on. Thanks for reading. See you tomorrow.