The U.S.-Russia cyber relationship just got even more complicated
The never-easy U.S.-Russia cyber relationship has grown immensely more fraught the past few days with the arrests of more than a dozen Russia-based ransomware operators coinciding with a Russian cyber surge in Ukraine.
The arrests, which included at least one person involved in the Colonial Pipeline attack, were a rare piece of good news for the Biden administration. It was the first evidence of any progress reining in the criminal gangs that have terrorized U.S. businesses and prompted threats of retaliation from President Biden in June, as Robyn Dixon and Ellen Nakashima report.
But they came with a big caveat. Such cooperation will likely cease if the United States follows through on imposing punishing sanctions that officials have previewed if Russia invades Ukraine.
Dmitri Alperovitch, executive chairman of Silverado Policy Accelerator, called it an act of “ransomware diplomacy.”
“Ransomware gangs give [the Kremlin] incredible leverage,” he told me. “These arrests send a signal that we can help you get these gangs under control very easily, but we’re not going to do that if you impose severe consequences on our economy.”
Most analysts believe Russia-based criminal ransomware gangs aren’t directly tied to the Kremlin but operate with its tacit approval.
The move underscores how U.S.-Russia cyber tension is immutably tied to the broader relationship between the nations, which is at one of its lowest points since the end of the Cold War.
The Biden administration has no intention of going easy on a Ukraine invasion in exchange for progress on ransomware, a senior administration official told reporters. That means Russian threats in cyberspace are unlikely to diminish anytime soon.
Meanwhile, an invasion is looking increasingly likely with the discovery by Microsoft of a trove of destructive malware embedded on Ukrainian government and industry computer systems that could render them inoperable during an attack.
The groundwork for potential cyberattacks was revealed as the Biden administration warned Russian operatives have been deployed in eastern Ukraine to commit acts of sabotage that could serve as pretext for an invasion, Paul Sonne, Missy Ryan, and John Hudson report.
“In the same way they’ve prepositioned tanks around Ukraine, they preposition hacks on Ukrainian networks. If a fight comes, they can trigger all of these things,” James Lewis, a top cyber analyst at the Center for Strategic and International Studies, told me.
The malware was designed to look like ransomware, but will actually wipe computers of their contents and render them useless if it’s activated, Ellen reported.
Microsoft didn’t identify Russia as the culprit, but Ukrainian officials told Reuters they suspected intelligence agencies from Russia and its ally Belarus.
The move is in line with previous Russian cyberattacks against Ukraine, including during its 2014 annexation of Crimea. Here’s a deep dive from Andy Greenberg at Wired.
Ransomware was near the top of the U.S.-Russia agenda in June of last year when Biden demanded action on the issue from Russian President Vladimir Putin in Geneva. It was driven there by high-profile attacks against Colonial, the meat processor JBS and the IT firm Kaseya, which caused millions of dollars in damage and threatened U.S. gas and meat supplies.
It’s fallen in importance, however, as the possibility of a Ukraine invasion has grown increasingly likely — and because there haven’t been any Colonial-level headline-grabbing ransomware attacks in recent months to focus American anxiety.
“Ransomware has been subsumed by the larger Ukraine problem, so what happens in Ukraine will drive what the Russians do on ransomware,” Lewis told me.
- If Russia invades Ukraine, and the United States and allies respond with sanctions, that could prompt Putin to unleash ransomware gangs to go after whatever they want in retaliation.
- Putin might also continue reining them in, however, out of concern about even greater U.S. pushback and because ransomware is a far lower priority for the Kremlin compared with control over neighboring nations, Lewis said.
“This is all part of a larger game, so one thing they’ll want to do after any invasion is to lower the temperature elsewhere,” he said. “They may not put the brakes on ransomware entirely, but they’ll probably keep a rule about not doing anything high profile against Americans.”
The keys
Researchers identified two women’s rights activists as targets of NSO Group’s Pegasus spyware
Bahraini human rights activist Ebtisam al-Saegh and Jordanian lawyer Hala Ahed Deeb have been “living in a state of daily anxiety and fear” after finding out that they were hacked, according to nongovernmental organizations Front Line Defenders and Access Now. Front Line Defenders found traces of Pegasus on the activists' devices, and their findings were validated by the Citizen Lab and Amnesty International’s Security Lab.
The devices were infected by Pegasus in 2019 and 2021, the Guardian’s Stephanie Kirchgaessner reports. It's not clear which of NSO's government clients was responsible for planting the spyware.
An NSO spokesperson declined to comment on the allegations. The spokesman said targeting activists was a misuse of NSO products.
Meanwhile, Polish lawmakers have begun a probe into Pegasus′ targeting of opposition politicians. Citizen Lab’s John Scott-Railton told a Polish senate commission that he expects there to be more Polish Pegasus victims beyond the three opposition figures identified so far, Reuters reports. Those three cases have prompted the “biggest and deepest crisis of democracy after 1989,” when Poland transitioned from communism to democracy, opposition leader Donald Tusk said.
A longtime intelligence official will lead the U.S. intelligence community’s effort to combat election interference
Jeffrey Wichman is taking over as the Office of the Director of National Intelligence’s election threats executive this week, the New York Times’s Julian E. Barnes reports. Wichman previously worked as a CIA senior cyber analyst and most recently worked as director of analysis at the CIA’s counterintelligence mission center.
“Wichman’s appointment came after the Office of the Director of National Intelligence was forced to delay plans to create a foreign malign influence center that would oversee efforts from abroad to influence elections and American politics more generally,” Barnes reports. “Creation of that center has been slowed by disagreements on Capitol Hill over the size of the effort and its funding.” Wichman’s team will be absorbed by the larger group once those disputes are resolved, Barnes reports.
Wichman’s predecessor, Shelby Pierson, began working in that role in 2019. Former president Donald Trump grew angry at top intelligence officials after he heard that Pierson told House Intelligence Committee members that Russia wanted to see Trump reelected in 2020.
The U.K. is set to launch a PR campaign criticizing end-to-end encryption
The campaign, which is expected to launch in the coming days, will focus on the argument that end-to-end encryption will hamper efforts to crack down on child exploitation, Rolling Stone’s James Ball reports. If communications are encrypted from “end-to-end,” that means they’re indecipherable to everyone except the sender and recipient — including police with a valid warrant.
The U.K. Home Office — which oversees police matters — hired advertising firm M&C Saatchi to plan the campaign, Ball reports. Though it’s not clear which of the plans have been finalized, one plan was to personally appeal to Facebook founder and chief executive Mark Zuckerberg, whose platforms are rolling out default end-to-end encryption on its messaging services by the end of next year.
“Successive Home Secretaries of different political parties have taken strong anti-encryption stances, claiming the technology — which is essential for online privacy and security — will diminish the effectiveness of UK bulk surveillance capabilities, make fighting organized crime more difficult, and hamper the ability to stop terror attacks,” Ball writes. The “FBI has made similar arguments in recent years — claims which have been widely debunked by technologists and civil libertarians on both sides of the Atlantic,” he writes.
A Home Office spokesperson confirmed in a statement to the outlet that it has “engaged” advertising firm M&C Saatchi “to bring together the many organisations who share our concerns about the impact end-to-end encryption would have on our ability to keep children safe.” M&C Saatchi did not respond to Rolling Stone’s request for comment.
