U.S. officials are on high alert about the possibility of destructive Russian malware wreaking havoc on critical infrastructure such as electric utilities, banks, and oil and gas pipelines as part of a tit-for-tat escalation to potential U.S. sanctions.

Yet it’s also possible that Russia will steer clear of hacking U.S. or Western targets, judging that there’s little value in antagonizing the United States in multiple domains at the same time.

Case in point

The Kremlin has been making some rare conciliatory gestures on hacking recently, including the arrest last month of several Russia-based ransomware hackers.

The move underscores the uncertainty around Russia's cyber intentions.

It could be a signal of progress after months of intense U.S. pressure on Russian President Vladimir Putin to crack down on ransomware hackers, who have pummeled U.S. firms and largely been given free rein in Russia.

Or it could be a temporary measure — one that’s easy to reverse in response to U.S. sanctions, as Jenna McLaughlin reports for NPR.

On the ground

Officials have warned an invasion could come within days, but there were promising signs this morning as Russia began pulling back some troops stationed along the Ukraine border.

Over the weekend, the United States evacuated the last diplomatic staff from its Kyiv, Ukraine, embassy and President Biden promised severe economic consequences for any Russian aggression. Meanwhile, U.S. national security and intelligence officials have been gaming out U.S. responses to a spectrum of Russian actions ranging from a full invasion to limited cyberattacks, Ellen Nakashima and Ashley Parker report.

U.S. government officials met Friday to hash out the Russian hacking threats, as CNN’s Sean Lyngaas reports. They left concluding there’s a “specific, credible threat” to Ukrainian infrastructure from cyberattacks but not yet to the United States.

“The goal is to be ready if that changes, and for federal officials to be able to respond with affected companies should any big hacks take place,” Sean notes.

What we know so far

Government cyber officials are taking the threat extremely seriously.

The Cybersecurity and Infrastructure Security Agency issued a nationwide warning Friday that conflict with Russia could lead to cyberattacks.

The alert titled “Shields Up” warned about the “potential for the Russian government to consider escalating its destabilizing actions in ways that may impact others outside of Ukraine” and included more than a dozen actions companies should take to protect their networks against hacking.

Here’s more from CISA Director Jen Easterly:

🛡While there are no specific credible threats to the US homeland at this time, we are mindful of the potential for Russia to consider escalating its destabilizing actions in ways that may affect our critical infrastructure, to include cascading impacts as we saw w/NotPetya. 2/4 — Jen Easterly (@CISAJen) February 12, 2022

Reading history

Russia has a long and documented history of hacking into U.S. government agencies and critical industries. But the Kremlin has stopped short so far of launching attacks that intentionally destroy or disrupt those systems.

The big concern: A Ukraine invasion and the ensuing U.S. pushback may bring relations to the point that major destructive hacks are on the table.

Even if the United States is spared Russian cyberattacks, Ukraine is unlikely to get off so easy. Ukrainian government and industry computers have already been hit with malware that may be linked to Russia.

A Russian invasion would almost certainly be accompanied by cyberattacks aimed at disabling Ukraine’s ability to defend itself by jamming communications or slowing Internet speeds, cyber warfare experts say.

Ukraine has also been a proving ground for some of Russia’s most devastating hacks, including a 2015 cyberattack that disrupted parts of the nation’s electricity grid and the “NotPetya,” phony ransomware bug which ended up escaping outside Ukraine and causing extensive damage in multiple nations.

U.S. diplomats are also taking care to expunge any digital trail from the abandoned Kyiv embassy that might be accessed by Russian hackers.

The evacuation included destroying networking equipment and computers and dismantling the embassy phone system, the Wall Street Journal reported.

That’s standard procedure for the State Department. But sensitive data can sometimes be left behind during an especially rapid or complex diplomatic evacuation such as during the U.S. withdrawal from Afghanistan.

The keys

A Colorado county clerk who endangered election security and embraced conspiracy theories wants the state’s top election job

Tina Peters was “stripped of her election-oversight duties last year after she allowed an outsider to copy voting-machine hard drives,” Felicia Sonmez and Emma Brown write. She later appeared at a conspiracy theory-riddled “Cyber Symposium” hosted by My Pillow CEO Mike Lindell.

Now, Peters said she’s running for Colorado secretary of state to “restore trust” and “put an end to government overreach in our election process.”

In October, a judge forbade Peters from overseeing Mesa County’s elections, finding that she neglected her duties and was “untruthful.” The FBI, state prosecutors and the local district attorney are investigating whether to bring criminal charges in the voting machine breach.

Part of a trend: Peters is one of at least 20 Republicans who have questioned the legitimacy of President Biden’s win in 2020 who are running to be a secretary of state, according to an NPR tally.

A fundraising site used by Canadian truckers protesting covid-19 restrictions was disabled after a possible hack

Despite Ottawa declaring a state of emergency, protesters still gathered on Feb. 12 to demonstrate against coronavirus restrictions. (Zoeann Murphy, Drea Cornejo/The Washington Post)

Visitors to the GiveSendGo site were temporarily redirected to a website that purported to show identifying information about donors to the a “Freedom Convoy” protest led by truckers against coronavirus restrictions, Aaron Gregg reports. The redirect site also included text stating “GiveSendGo is now frozen,” and featured a video from the Disney film “Frozen.”

It's not clear who compromised the site, but the data leaking nonprofit group Distributed Denial of Secrets said it will make the information on “Freedom Convoy” donors available to journalists and researchers.

Context: Fundraising campaigns on GiveSendGo have “raised money for travel expenses, body armor and other financial assistance connected to ‘Stop the Steal’ events, including the Jan. 6 rally in Washington that turned into a bloody attack on the U.S. Capitol,” Aaron writes. Text overlaid on the redirect site accused GiveSendGo of "providing a platform for individuals and organized groups to fund hate groups, promote disinformation and insurrection disguised as ‘protests.’ ”

GiveSendGo seemingly regained control of its site and put up a notice stating the site was offline for maintenance. The company’s founder, Jacob Wells, did not respond to requests for comment. GiveSendGo hasn’t yet confirmed that it was breached, and it’s not clear who was responsible.

The self-styled “Freedom Convoy” is blockading border crossings into Ottawa to protest vaccine requirements for cross-border truckers. Trudeau has invoked Canada’s Emergencies Act in an effort to shut down the protest.

Husband jailed, wife freed on bond in alleged laundering of $3.6 billion in stolen cryptocurrency

Heather Morgan was released on a $3 million bond for home incarceration with electronic bracelet monitoring, but her husband Ilya “Dutch” Lichtenstein will remain in jail.

The couple are accused of trying to launder a portion of $3.6 billion, which was part of the largest ever cryptocurrency hack, though they're not accused of the hack itself.

Chief U.S. District Judge Beryl A. Howell of Washington called the evidence against the pair “so weighty as to be overwhelming," Spencer S. Hsu reports. He cited searches of their apartment and office that found $40,000 in cash, dozens of electronic devices and bitcoin wallets, hollowed-out books and a bag marked “Burner Phone." He also noted “They also have skill sets to access and evade detection,” including around $200,000 in gold coins.

The pair has a history of trying to mislead law enforcement, prosecutors claim. “When federal agents searched the couple’s Manhattan apartment in January, Morgan used the opportunity of retrieving their pet cat from underneath a bed to grab her cellphone from a nightstand and repeatedly hit the lock button, prompting law enforcement to wrest it away from her,” Spencer writes.

Chat room

Cybersecurity professionals are at odds about a Super Bowl ad for the cryptocurrency trading platform Coinbase, which featured a QR code for viewers to scan.

Many were aghast at the thought of millions of viewers scanning the code — something cyber experts warn against because it may link to a malicious website.

Calli Schroeder, the Global Privacy Counsel at the Electronic Privacy Information Center:

I am once again reminding you that scanning random QR codes is upsettingly close to plugging a random flash drive you found into your laptop.



Do not do the thing. — Techni-Calli (@Iwillleavenow) February 14, 2022

Mandiant’s Gabby Roncone:

my bf scanning the QR code: 😋

me: pic.twitter.com/ppAgTjlX6q — Gabby Roncone (@gabby_roncone) February 14, 2022

Others thought their peers were overreacting and the cyber risk was actually pretty low.

Bob Lord, former chief security officer for the Democratic National Committee:

"Don't scan a QR code!" is "don't advice", which doesn't work. Instead, tell them what to do, like "Use the built-in QR code reader".

Also, we see plenty of attacks in the wild, but not involving QR codes. So it fails the prioritization and 80/20 rules. Check out the doc! — Bob Lord (@boblord) February 14, 2022

Microsoft’s Ann Johnson:

We need to educate users so they can evaluate risks and make educated decisions. We shouldn’t scare them or shame them if they make an error. We also shouldn’t ignore their concerns after. The industry needs to build systems that keep users safe even if they make an error. — Ann Johnson (@ajohnsocyber) February 14, 2022

Government scan

Texas sued Facebook parent Meta over facial recognition

Texas Attorney General Ken Paxton’s lawsuit seeks hundreds of billions of dollars in civil penalties from the company over alleged violations of Texas privacy laws, the Wall Street Journal’s John D. McKinnon reports. Facebook last year announced that it was ending its use of facial recognition software and deleting face data on more than a billion people. The site previously used facial recognition to automatically tag people in photos by name.

Meta told the Journal that Paxton’s claims “are without merit and we will defend ourselves vigorously.”

Texas’s privacy law is similar to a law in Illinois that forbids the collection of biometric data without users’ consent. Facebook settled a class-action suit over alleged violations of that law for $550 million.

Cyber insecurity

Global cyberspace

EU watchdog calls for banning NSO spyware

The European Data Protection Supervisor warned NSO’s Pegasus spyware could lead to an "unprecedented level of intrusiveness, able to interfere with the most intimate aspects of our daily lives,” Reuters reports.

“A ban on the development and the deployment of spyware with the capability of Pegasus in the EU would be the most effective option to protect our fundamental rights and freedoms,” the independent data protection authority said.

It’s not clear if any European Union nations are current clients of the controversial spyware company. At least one, Hungary, has acknowledged buying the spyware in the past. An investigation by the Post and media partners found governments routinely used Pegasus spyware to track journalists, human rights activists and political opponents.

National security watch

Industry report

On the move

Michael S. Rogers Maureen K. Ohlhausen; former U.S. ambassador to the Organization for Economic Cooperation and Development Karen Kornbluh; former FCC official Edward “Smitty” Smith and former White House deputy chief technology officer for Internet policy Daniel J. Weitzner. Retired U.S. Cyber Command chief Adm. joined Trusted Future’s board of advisers along with former FTC commissioner; former U.S. ambassador to the Organization for Economic Cooperation and Development; former FCC officialand former White House deputy chief technology officer for Internet policy

