Attacks against supply chain, energy, water, fuel, and food, many of which are believed to have been orchestrated by Russian nationals, have underscored the need for the international community to try to find practical ways to reduce the volume of this activity.
The Biden Administration decided to convene a 30-country meeting to discuss this growing cybercrime problem. Conspicuously, Russia was left off the list of participants in the meeting, an interesting omission considering Russian cyber criminals’ perpetuation of ransomware campaigns that have netted millions of dollars in extortion fees.
In late September 2021, the U.S. Department of Treasury (DoT) levied sanctions against the Russian cryptocurrency exchange Suex for the laundering of transactions from at least eight ransomware groups. This latest move to “follow the money” is designed to hinder ransomware operations that rely on cryptocurrency to receive payments from victims.
Per the Department of Treasury (DoT), Suex maintained approximately 25 digital addresses that received more than $481 million in Bitcoin alone (this does not include other cryptocurrencies), Approximately $160 million in transfers were associated with various ransomware operators, as well as darknet markets, other criminal scams, and “high risk” exchanges.
The U.S. Department of Justice (DoJ) recently fined three former National Security Agency (NSA) hackers who worked as service contractors for a United Arab Emirates (UAE) cybersecurity company named DarkMatter. These three individuals were not the only former ex-U.S. Intelligence officers working for the company. DarkMatter employed more than a dozen former NSA hackers who would use the skills and techniques learned from the NSA to help the UAE target and compromise the phones and computers of its enemies. These “enemies” included human rights activists, journalists, and political rivals. At the core of this issue is the fact that these ex-intelligence operatives used cutting-edge cyber-espionage tools learned from their time in the U.S. Intelligence Community on behalf of a foreign intelligence service.
It is increasingly evident that China believes the timing is right for it to aggressively push its national interests. One area that often gets overlooked when looking at China’s expansionism is its interests in the Arctic. China’s interest in the area is not a secret, as it has promoted itself as a legitimate “Arctic State” as early as its 2011 Twelfth Five-Year Plan, and in its 2018 Arctic Policy.
Ransomware gangs continue to evolve their tactics to stay one step ahead of network defenders and those tracking their developments. Increased reporting that ransomware gangs – particularly Russian groups – are collaborating with one another is another example of this type of evolution. The joining of forces enables these groups to share advice, targeting information tactics, and a data leak program, all of which contribute to executing more sophisticated attacks. What’s more, these partnerships are proving successful and yielding substantial financial gains.
Checkers, Chess and 围棋 (Wéiqí – aka Go): When It Comes to Games in Cyberspace, China May Be the Master
Checkers is the ultimate game of tactical engagement where two competitors push their forces forward in the attempt to conquer his foe by capturing all of his pieces. Chess is a more strategic option. Whereas checkers perhaps best exemplifies a single engagement of a battle, chess represents the entire battle, requiring a strategic vision that is executed by moving pieces of different capabilities against an equal opposition force. Multi-dimensional thinking is required as pieces are moved in joint operations, the goal of which is to trap the opponent’s king. These two games are well known and socialized in the United States, and like it or not, both have been likened to military conflict especially as they embody the principles of warfare, involving a struggle of wills, movement, engagement, and protection.
However, there is a third game that also bears attention. Played by the Chinese, Go (also known as Wei Ch’i or Wei Qi) is an abstract game in which the goal is for one of the competitors to surround more territory than his opponent.
Since authoring the seminal Cyberwar is Coming! in 1993, Dr. John Arquilla has been on the forefront of thinking about the digital domain and the conflicts that now occurring on a daily basis. His expertise on the subject of “netwar” and “swarming” tactics have been revolutionary, serving as a military consultant and now teaching courses on national security and defense analysis. In Cyberwar is Coming!, Dr. Arquilla understood that the digital world and the information world were inherently tied together, a relationship that would only intertwine and strengthen the more advanced and the technology became. Indeed, the multiple and diverse influence operations that transpired during the 2016 U.S. presidential elections proved testament to his thoughts, showing how cyber-enabled information campaigns could “disrupt, damage, or modify what a target population ‘knows’ or thinks it knows about itself and the world around it.” These remarks were very prescient indeed, considering they were written more than 20 years before the U.S. victimization of such campaigns by Russian and other foreign interests.
The recent exposure of NSO, the Israeli company that developed the Pegasus mobile phone spyware, has again brought to the forefront private companies that develop and sell their technology to “only” governments and licensed law enforcement entities for the purposes of spying and surveilling targets of interest. While ostensibly Pegasus can be used against criminal and terrorist elements, recent revelations show how such technology can be bent to the will of its operators. In this instance, the spyware was sold to authoritarian regimes to target human rights activists, journalists, religious figures, academics, and attorneys, among others, with approximately 50,000 individuals being targeted by the spyware since 2016, according to a data leak. Per one report, Pegasus malware targeted as many as 14 heads of state, as well, implying a cyber espionage angle to the malware’s use. An expose on NSO that manufactured Pegasus revealed that the company cited “cyberwarfare” as its business model. There seems little doubt as to the intent of Pegasus and how it has been marketed to potential clients.
In a late July 2020 speech at the Office of the Director of National Intelligence (DNI), President Biden stated that “if we end up in a war, a real shooting war with a major power, it’s going to be as a consequence of a cyber breach.” This definitive pronouncement comes at a time when the United States has suffered a series of cyber-attacks at the hands of Russian cyber criminals suspected of operating under the tacit approval of the Russian government.
Recently, Pakistan hackers allegedly targeted government and energy organizations in India, although some compromised entities were also located in Afghanistan. The attackers used a newly-developed remote access Trojan dubbed “ReverseRAT” that featured diverse functionality to include sophisticated evasion techniques to avoid detection and obfuscate attacker presence on compromised machines.