|Not So Crytpo After All||
8 June 2021
Cogito Ergo Non Serviam
Hackers extorted approximately $4 million, paid as 75 Bitcoins, from Colonial Pipeline the company that operates the biggest oil pipeline in the eastern US. They managed to get ransomware onto the company's computers and that was the price of getting the data back. The FBI announced yesterday that it had recovered 63.7 Bitcoins worth $2.3 million, after a fall in the value of the cryptocurrency. The incident will likely surprise a great many who believe that cryptocurrency is perfectly secure. The truth is cryptocurrencies are nothing more than private fiat currency and are susceptible to the same law enforcement measures that other currencies are.
The attack on Colonial Pipeline was more than just some crooks stealing from a company. The attack shutdown the pipeline creating gasoline shortages and airline chaos. It cost the US economy quite a lot. Restitution would go far beyond the 75 Bitcoins paid out.
The New York Times reported this morning, "Federal investigators tracked the ransom as it moved through a maze of at least 23 different electronic accounts belonging to DarkSide, the hacking group, before landing in one that a federal judge allowed them to break into, according to law enforcement officials and court documents." DarkSide is based in Russia and likely is tied closely to the intelligence community there.
The Washington Post explained, "Court documents released in the Colonial Pipeline case say the FBI got in by using the encryption key linked to the Bitcoin account to which the ransom money was delivered. However, officials have not disclosed how they got that key. One of the reasons criminals like to use Bitcoin and other cryptocurrencies is the anonymity of the entire system, as well as the idea that funds in any given cryptocurrency wallet can be accessed only with a complex digital key."
How the FBI got the key is a matter of speculation, but the fact is that the agency did, indeed, get it. The hackers trusted in Bitcoin's hype far too much. As Tim Culpan wrote on Bloomberg.com, "Every Bitcoin transaction is traceable. They're recorded in a public distributed ledger." The Bitcoin strength is also its weakness.
This particular case, however, is a rarity. Getting the money back when ransomware is involved is rare. There is a ransomware attack every eight minutes according to experts in cybersecurity. Private companies can and should improve their internal controls to prevent such attacks from succeeding. At the same time, however, the US government needs to take the threat more seriously. There need to be counter-attacks in cyberspace; deterrence only works when second strike capabilities are credible. In addition, no criminal organization can function as the hackers do without some kind of protection from a government, even if it is merely benign neglect.
In the case of Russia, there is a fine line between the security services and the hackers. As the adage goes, "Russian organized crime? Who do you think organized them?" China has its own operations and is working to develop a greater ability in internet shenanigans with the People's Liberation Army at the forefront. North Korea has managed to create a presence in cyberspace as well, and the regime there is a criminal enterprise.
The Biden administration and NATO need to figure out just how to develop international defense against cyberattacks whether they are ransomware, denial of service or some other kind of disruption by outsiders. Sanctions are clumsy tools, and diplomacy won't work without a credible capacity to respond. Arrest warrants are fine in western nations, but elsewhere, they have no use. Russia, for instance, will not extradite anyone.
This is probably the biggest challenge of the decade. The FBI won a battle, but it was a small skirmish compared to the war being fought.
© Copyright 2021 by The Kensington Review, Jeff Myhre, PhD, Editor. No part of this publication may be reproduced without written consent. Produced using Ubuntu Linux.