Vladimir Putin and Joe Biden in Geneva
Alexander Zemlianichenko / AP
Joe Biden and Vladimir Putin agree on at least one thing when it comes to cybersecurity, at least that's what the US president said after a meeting with his Russian counterpart in Geneva. “How would you feel if ransomware hit the pipelines of your oil fields would attack? ”he asked Putin.
The Russian President's answer was: "It matters".
Just as it mattered to Biden when the Colonial Pipeline company was hacked in May and the main oil pipeline supplying the US east coast had to be shut down for days.
But the supposed unity does not go very far.
On the contrary, it is sometimes difficult to tell when Biden and Putin are talking about the same topic and when they are not.
That starts with Biden's demand to define certain areas as taboo for attacks: »I was talking about the suggestion that certain critical infrastructures should not be attacked, period.
Neither with cyber attacks (“attack by cyber”) nor in any other way. ”Biden had meant 16 sectors, including chemistry, energy supply, food and agriculture, health, nuclear reactors, transport, water and waste processing.
So far, so clear.
But what exactly did Biden mean by "attack by cyber"?
His pipeline example suggests that he is interested in ransomware: encryption Trojans that criminals have been using for months and years to cripple and blackmail companies all over the world, but also authorities, educational institutions and utilities.
After all, the US and Russia are talking about ransomware
The US has been accusing Russia for a long time: The Russian government allows ransomware groups that operate from Russia as long as their victims are not Russians and as long as they are available to the state or the secret services for hacking contract work if necessary .
This can actually be observed in parts.
IT security companies recognize from their customers' telemetry data, among other things, that such attacks are very rare within Russia.
Sometimes the encryption Trojan's code even includes the command not to take action if something in the infected computer indicates that it is in Russia.
The US and Russia have now agreed that they want to at least talk to each other about the ransomware complex. After all. However, the details are currently unclear: Does the US require the arrest and extradition of suspects whom it has recently identified more frequently? Or would you be satisfied with a more informal tip from the Russian government to criminals in your own country? For now one can only speculate about this. Whether the agreement reached in Geneva to talk to one another can reassure US companies and operators of critical infrastructures as long as there are still several successful ransomware attacks per week is a different matter anyway.
The debate is made considerably more complicated by another type of “attack by cyber”, and by the fact that cyber apples are compared with cyber pears. Both governments and many media outlets do this when they - intentionally or not - blur the cases in which opportunistic, financially motivated criminals are at work and in which cases a state is really behind a hack.
What became known as the “SolarWinds hack” at the beginning of the year was, according to all that is known so far, a state “attack by cyber” that could have killed around 18,000 SolarWinds customers because they had a compromised update SolarWinds software installed.
The fact that the perpetrators did not even use the possible access through the back door, but instead concentrated on a few goals, was lost in the public discussion.
What remained was the impression of a massive attack primarily on US companies.
It was most likely a very targeted espionage operation.
This is completely different from a ransomware case, but this nuance is removed by simply calling everything "cyberattack".
Putin takes advantage of that. When, as is so often the case, he counters US allegations of ransomware attacks by groups allegedly operating from Russia by pointing out that the US itself would attack Russian computers and networks itself - for which he never gives concrete examples - then he also mixes espionage and Crime. "Whataboutism" is what they call it: distracting people with a completely different topic. For a more accurate comparison, he lacks active ransomware perpetrators who are based in the USA and are looking for victims in Russia.
After the meeting in Geneva, the first thing to say is: Neither the US government nor the Kremlin will probably ever say it out loud, but that (cyber) espionage is taking place and tools are used that are similar to those of very capable criminals and vice versa and won't shake it.
Second, don't expect the ransomware talks to be too obvious either.
It is highly unlikely that Russia will suddenly extradite the suspects identified by the US.
Should the number of ransomware attacks on US facilities suddenly decrease, it would be a confirmation of the direct influence of the Russian government on the criminal gangs suspected by the US.
Putin will hardly do the US president this favor either.