Real-time image of cyber attacks on Wednesday, July 21 at 4 p.m. Kaspersky
As the United States celebrated its independence on the weekend of July 4, a group of
hackers
Russians carried out one of the largest and most coordinated cyberattacks in recent years. The hackers, grouped under the acronym REvil (Ransomware Evil), exploited a flaw in an information technology program used by some 40,000 companies worldwide. That was the gateway to taking control of the systems of 1,500 businesses and institutions as diverse as eleven schools in New Zealand or a chain of supermarkets in Sweden. The criminals demanded 70 million dollars to send the decryptor that allowed to recover the information. This has been one of the latest signs of the democratization of cyber extortion operations, a repeated weapon in the geopolitical game.
30% of cyberattacks in the US are
ransomware
, which is an express hijacking of data for which a ransom is requested. These attacks have doubled between 2019 and 2020, a period that coincides with the campaign and departure of Donald Trump, who came to the presidency aided by disinformation operations promoted by Russian pirates. Barack Obama was the first to deal with the problem after
hackers
They will penetrate the systems of the State Department, the White House and the email of your Chief of Staff. His government prepared a response plan that included agents on the ground in several countries, but they did not act fully due to the fear that the Russians would fight back by affecting the electricity grid, details the captain of the Navy Scott Jasper in
Russian Cyber Operations: Coding the Boundaries of Conflict
. They opted for a package of sanctions that, over the years and the disinterest of the Trump Administration, would prove insufficient.
The administration of President Joe Biden feels the air of cyber warfare. Criminal groups have tested their reaction with a series of attacks from abroad and by rebel groups that are sometimes backed by the intelligence services of rival powers. The attacks are no longer only targeting large companies but have massively affected neighborhood businesses. Of the 65,000 attacks recorded last year by the cybersecurity agency Recorded Future, 75% affected small businesses. The Justice Department says that criminals pocketed $ 350 million in ransoms in 2020, a 300% increase compared to 2019. How should the US respond to this challenge that goes beyond the limits of international law?
A hacker in a room of the German Federal Intelligence Service (BND) in Berlin on February 25.picture alliance / dpa / picture alliance via Getty I
If you want to support the development of news like this, subscribe to EL PAÍS
Subscribe
Every hour seven people realize that their computer has been taken. An email or text block between the code details the instructions for retrieving the data. A stopwatch on the screen marks the time to get the money, which is usually agreed between 10% and 40% of the value of the kidnapped product, which is paid in the vast majority of cases in bitcoins to make its tracking more difficult. "This has not been as serious as it can be," says Trey Herr, an analyst at the Atlantic Council. “It's one thing for a pipeline to close for a few days and another for groups like Boko Haram, the so-called Islamic State, to arm themselves with funds raised through
ransomware
. And the drug cartels ”, he adds.
Those in charge of these attacks have sharpened their objectives. Attacks on healthcare or educational institutions are decreasing and targeting more profitable industries that hit governments the most, according to a 2021 Verizon data breach report. The wholesale and retail trade has seen a 159% increase in
ransomware
cases in one year
; the transportation industry, more than 300%.
Two major campaigns have shaken Americans in 2021. In May, the world's largest meatpacker, JBS, paid 301 bitcoins ($ 11 million) to prevent the leakage of sensitive information. The FBI held REvil responsible for the attack. Colonial Pipeline, a gas pipeline that distributes diesel and gasoline to the east of the country, had previously been a victim. The company paid $ 4.4 million. 2.3 million were recovered thanks to the Department of Justice. Biden subsequently issued a cybersecurity decree requiring higher standards for
software
programs.
commercial, such as those sold by Microsoft, whose email service was attacked in March, and for the one used by the federal government, which has been classified as critical. Cybersecurity was one of the points that, in mid-June, the American and Russian president discussed at the summit they held in Geneva in an attempt to unfreeze their relations. The United States is seeing the arrival of an activity that has been causing extensive damage in Europe for 15 years with intensity. Russia has perfected these attacks as a tool of influence.
The best-known example is that of Ukraine in 2017. An attack with the NotPetya virus, a modification of the most popular
ransomware
code
, left 12,500 computers black for seven minutes, affecting both ATMs and terminals that measure radioactivity in Chernobyl. It also affected the electricity grid. Maersk, the world's largest container company, lost $ 300 million. The pharmaceutical Merck, 870 million. Ukraine blamed Moscow, a claim validated by the CIA, which was able to trace the origin to Russian military intelligence. They recognized the tool, which was stolen from the National Security Agency and leaked online months before the attack, leaving the US without its powerful defense code against cyberattacks.
Russian President Vladimir Putin delivering a speech at the Russian Army Theater, November 2, 2018.ALEXEI DRUZHININ / Sputnik via AFP
It is only a
matter of time you spend something much more serious ,
"says Nina Jankowicz, an
analyst at the Wilson Center and author of
How To Lose The Information War: Russia Fake News and the Future of Conflict
(How to
lose the information war: Russia , fake news and the future of the conflict).
The specialist points out that the current offensive climate presents an advantage for Moscow.
“It enters into Putin's asymmetric war strategy, which may have Biden on the phone or in Switzerland have high-level negotiations with US representatives.
If the attacks weren't happening, I might not have this level of attention, ”he says.
Biden's arrival in the White House has facilitated a return to traditional geopolitical blocs. The Geneva summit showed that the American is capable of shaking hands with his adversaries and drawing a red line before the Kremlin. “Biden considers Russia a distraction. The great threat to American influence on the world stage is China. You don't want to be distracted by the Russians if you think you can find some kind of arrangement that can bring some peace to Europe, ensure Ukraine's sovereignty, and stop meddling in our elections and those of our European allies. That was his offer, ”adds Jancowicz, who believes that the ball is on a Russian court. On July 13, a month after the meeting in Switzerland, REvil disintegrated. It is not known whether it was the work of the Russian or US intelligence services.Or if the criminals divided the loot and disappeared. The mystery grows.
China has shown signs of playing with the same manual as Moscow, which has not stood out for the control of its
hackers
, many related to his intelligence service. This week, the US for the first time blamed Beijing for being behind a cyber attack, the one in March against Microsoft. The message had an important loudspeaker: it was made together with NATO and the EU, which had previously shown reluctance to point to China, an important trading partner. “A coalition is being built that can provide a political response to this conflict. It has been attributed to a particular actor, but the big question is what the answer will be, ”asks Safa Shahwan, deputy director of the Atlantic Council's Cybercrime Initiative. The US administration's indictment was not accompanied by any retaliation for China, but the creation of a bloc of allies may be a step prior to imposing punishments."Sanctions only work when applied with a coalition," adds Shahwan. The policy of
name and shame
will be insufficient in a growing environment of cyberhostility.
The answer that the US must give is the subject of deep debate.
Analysts such as Jancowicz believe that it is time for Washington to review the sanctions system and refine the objectives, including senior Kremlin officials, as well as their families and children, who often study abroad or have homes in Miami or London.
Other voices have asked the same for members of the leadership of the Chinese Communist Party.
The Chinese Government's National Security intelligence office in Hong Kong after its inauguration on July 8, 2020.ANTHONY WALLACE / AFP
More information
China rejects accusations of cyberattacks, lashes out at the United States
In 2017, Senator John McCain told Ukrainian television that the Russian cyberattack on Democratic servers should be considered "an act of war."
A year later, the Trump Administration expanded for the first time the possibility of the use of nuclear weapons in response to “major non-nuclear strategic attacks” that affected the population or national infrastructures or those of their allies.
The Biden administration is reviewing nuclear policy.
For now, a diplomatic solution with the help of allies seems to suffice.
An unlikely exit in the Trump era.
Subscribe here
to the weekly Ideas newsletter.
/cloudfront-eu-central-1.images.arcpublishing.com/prisa/2C5HI6YHNFHDLJSBNWHOIAS2AE.jpeg)
