In Geneva last month, US President Joe Biden tried to set some ground rules for his Russian counterpart, Vladimir Putin. He said cyber-attacks on critical infrastructure were “off limits”.
“I looked at him and said: how would you feel if ransomware took on the pipelines from your oil fields? He said it would matter,” Mr Biden said.
He went on to say that if Russia violated these “basic norms” the US would retaliate. The events of the last few days will test that claim.
On Monday, Bloomberg reported that Synnex, a third-party provider used by the Republican National Committee (RNC), had been breached last week. In a statement, the RNC Chief of Staff Richard Walters said he did not believe the hackers had infiltrated its systems.
Th reach was also reported by the Washington Post, which said that while the extent of the attempted breach remained unclear, the committee said none of its data had been accessed.
According to the Post, “Early indications were that the culprit was Russia’s SVR intelligence agency, according to investigators in the case. The SVR is the group that initially hacked the Democratic National Committee six years ago and more recently conducted the SolarWinds attack that penetrated more than a half-dozen government agencies and many of the largest US corporations.”
The newspaper reported that the RNC attack was the second of apparent Russian origin to become public in the past few weeks and it was unclear whether the two were related.
“On Sunday (July 4), a Russian-based cybercriminal organisation known as REvil claimed responsibility for a cyberattack over the long holiday weekend that has spread to 800 to 1,500 businesses around the world. It was one of the largest attacks in history in which hackers shut down systems until a ransom is paid, security researchers said
The “supply chain” hack (where a company that provides IT functions to many other companies is hacked) followed another largescale attack that was revealed on Friday.
This time ransomware was used to infiltrate IT company Kaseya and its clients. Early estimates suggests that hundreds of businesses had their data scrambled in the hack. The attacks were different in style, but shared one crucial similarity. They were both linked to Russia.
REvil, a prolific, Russia-linked cybercrime syndicate, took credit for the attack revealed on Friday. The hackers demanded $70 million to restore the affected businesses’ data.
The attempted hack on the RNC was reportedly undertaken by a group known as Cozy Bear. If that name sounds familiar, it’s because they were accused of breaching the Democratic National Committee in 2016.
They’ve also been linked to the huge SolarWinds hack that infiltrated a slew of government agencies – revealed in December. On Tuesday Joe Biden told reporters that the Kaseya attack “appears to have caused minimal damage to US businesses, but we’re still gathering information.”
“I feel good about our ability to be able to respond,” he says. Some analysts differentiate between the two attacks.
Dmitri Alperovitch, a cyber security expert and chairman of the Silverado Policy Accelerator, believes the attack aimed at the RNC is conventional spying.
“This looks very much like traditional espionage, which we’re never going to stop. Nor is it in our interest to stop it, because we want to conduct espionage against Russia and China.”
However, Alperovitch believes that REvil’s attack on Kaseya – an attack that has hurt many businesses in America – is a different story.
“It’s disruptive in nature. Small businesses all over the country are struggling right now. We can’t tolerate that”, he says.
If Joe Biden wants to retaliate, he has a number of options. Sanctions are the traditional way that the US has looked to hurt Russia. However, there are other options President Biden could go for. Firstly, he could look to target REvil themselves.
Last year the Washington Post reported that US Cyber Command launched a campaign to disrupt Trickbot, described as the world’s largest botnet, to mitigate its potential interference in the presidential election.
“Ultimately, what works is taking these actors off the battlefield. And you can only accomplish that through law enforcement action. In this particular case through Russian law enforcement action”, says Alperovitch.
This would be the president’s preferred option – to convince Mr Putin that it is in his interest to close down ransomware groups. However, Mr Biden may feel the time for words has come and gone.
By laying down the law in Geneva so clearly, Joe Biden may now feel he has to act. Certainly, just like the US military, the US president has a cyber operation that can more than hold its own in a fight. The question now is to what extent Mr Biden chooses to use it.
- A Tell / BBC report