There’s a growing concern over cyber attacks, be they hacking-based or malicious code, which the threat of such is becoming all too real for the likes of the U.S. power grids and water.
And reports suggest that the country is not up to snuff to properly address the threat of these potential attacks.
— Rich Tehrani (@rtehrani) June 12, 2021
There was a study published in 2004 by the Global Information Assurance Certification titled “Information Warfare: Cyber Warfare is the Future Warfare.”
While a notion like that may have been brushed off in 2004, considering being published merely three years after 9/11, it’s now becoming a reality.
And cybersecurity experts feel as though the United States is not prepared for a cyber warfare if an adversary decided to launch an impromptu attack.
Andrea Carcano, co-founder of control system security company Nozomi Networks, stated the following about the vulnerabilities present within the U.S. infrastructure:
“If we have a new world war tomorrow and have to worry about protecting infrastructure against a cyberattack from Russia or China, then no, I don’t think we’re where we’d like to be.”
The concept of hackers working for profit and espionage have always been a threat to the United States’ information systems – so this isn’t exactly a new enemy. However, the targets of attacks have changed, as seen with the Colonial Pipeline fuel system recently.
When it came to the likes of ransomware attacks, it was once just a fear associated with the likes of banks, colleges, and even the occasional local government.
But we’re now in an era where the likes of energy companies, utility companies, and even meat packing plants are becoming targets. And frankly, it makes sense since there’s collateral damage to be felt by so many with these targets.
Cyberattack on JBS SA, the world's largest meat producer, has forced the shutdown of some of the largest slaughterhouses globally, and there are signs that the closures are spreading.
Highly concentrated methods of food production are highly problematic. https://t.co/iqhyJi12Ec
— Farm Forward (@FarmForward) June 2, 2021
When it came to the U.S Government, it was under the Clinton administration that steps were taken to address cybersecurity. Back in February of 2000, President Bill Clinton stated:
“We know that we have to keep cyberspace open and free. We have to make, at the same time, computer networks more secure and resilient, and we have to do more to protect privacy and civil liberties. And we’re here to work together.”
Following that announcement, the government began allocating funds by the millions to ensure the nation’s computer systems were secured as cybersecurity concerns grew.
But, the key issue at hand is much of the most critical infrastructure back then and today isn’t in control of the government, but the private sector.
While there has been regulation handed down to the private sector in realms such as power and finance, reportedly industries like the oil and gas sector have been slower to adopt increased cybersecurity efforts since they paused production and created financial burdens.
What’s worse, is that there are reports of problems being ignored, such as the 2018 debacle regarding hired hackers to locate vulnerabilities within the L.A. water and power systems.
Keep in mind, these weren’t criminals trying to hack the systems, but hired help to expose areas of opportunity.
These hackers were reportedly able to infiltrate the secure network.
After the planned breach, the city of Los Angeles’ security team advised the hired hackers to assume that the area they’d compromised was fixed after the breach, but it wasn’t.
Los Angeles Utility Accused of Cybersecurity Coverup https://t.co/XatbKeg65e
— Patrick C Miller (@PatrickCMiller) March 10, 2020
While continuing their work through most of 2019, these hackers found 33 compromised paths, specifically 10 vulnerabilities found during the hackers efforts and 23 problems left unresolved since 2008.
When the hackers that were hired produced the report detailing the gross vulnerabilities, Mayor Eric Garcetti had reportedly fired the hackers that were hired from Ardent Technology Solutions.
Legal documents filed in March 2020 allege that Mayor Garcetti fired the group as a “retaliatory measure” for issuing such a damning report on the city’s cybersecurity.
A concerning matter to say the least.
Do you want to join our private family of first responders and supporters? Get unprecedented access to some of the most powerful stories that the media refuses to show you. Proceeds get reinvested into having active, retired and wounded officers, their families and supporters tell more of these stories. Click to check it out.
Law Enforcement Today recently shared an editorial that further expands on these very concerning issues around cybersecurity.
Here’s that previous editorial.
This editorial is brought to you by a former Chief of Police and current staff writer for Law Enforcement Today.
WASHINGTON, DC- Feckless Energy Secretary Jennifer Granholm, who last month laughed off the cyberattack that shut down the Colonial Pipeline by saying people with electric cars didn’t have to worry about it, is now claiming that the U.S. is subject to having its power grid disabled by foreign actors.
While Joe Biden says “white supremacy” is the greatest threat facing the American people, you have China and Russia rattling sabers, including Russian assets being responsible for the ransomware attack on Colonial. Now this warning from Granholm.
“I think that there are very malign actors who are trying,” she said, according to ABC News. “Even as we speak, there are thousands of attacks on all aspects of the energy sector and the private sector generally.”
With all of this going on, you have Democrats in Congress more concerned about solidifying their power in perpetuity, attacking law enforcement officers, and putting a revolving door at the border. Priorities, apparently.
Granholm addressed the recent Colonial attack and while not mentioning that company by name, discouraged energy companies from paying any type of ransom.
“The bottom line is, people, whether you’re private sector, public sector, whatever, you shouldn’t be paying ransomware attacks, because it only encourages the bad guys,” she said.
She of course offered no solutions, nor did she say what, if anything the federal government was doing to prevent such attacks. As always, Granholm mentioned legislation…but not against those who actually commit the crime.
What she did favor is a law that would prohibit companies from paying such a ransom, adding, “I don’t know whether Congress or the president is at that point.”
Granholm was asked if bad actors currently have the capability of shutting down the U.S. power grid, to which she responded, “Yes, they do.”
Former Secretary of State Condoleeza Rice, appearing on CBS’ Face the Nation, said the U.S. as well as other countries should speak to countries such as Russia, which is where the ransomware attack at least on Colonial was believed to have originated, about how the countries could cooperate on a law enforcement and intelligence perspective to shut such attacks down.
This, Rice said would “test the reality of how much the Russian government is or is not involved” in these cyberattacks.
As always, one needs to pay attention to what the other hand is doing while the government attempts to distract you with the “shiny” object in the other. Granholm’s comments could be nothing more than trying to get Americans ginned up about a possible attack on the electric grid in order to offer a distraction as to what else they have going on.
Meanwhile, the Justice Department and the FBI announced Monday they had been able to seize 63.7 bitcoins (worth about $2.3 million at the time) from a Bitcoin wallet which is believed to be tied into the cybercriminals who instituted the ransomware attack on Colonial, the Washington Examiner reported.
The Russia-based group, called DarkSide operates off such attacks as a business model. The fact the money was recovered in less than a month came as a surprise to many, shocked that it was recovered at all.
While details of the recovery effort are mostly unclear, the Examiner noted that one puzzling question is how the FIB was able to obtain the “private key” used to unlock and pull assets from DarkSide in the first place. Such keys are similar to passwords and are typically closely guarded especially where it concerns such large sums of money.
After the seizure was announced, cryptocurrency markets took a beating, with Bitcoin falling off below 10% Tuesday. Bitcoin had largely been seen as a way to shield money from government regulators and the fact the FBI was able to get into the system shook many crypto investors, the Examiner said.
There are several theories as to how the feds were able to get the information, with April Falcon Doss, executive director of the Institute for Technology, Law and Policy at Georgetown Law School saying some were more plausible than others.
For example, Doss, who worked for over ten years at the National Security Agency said the most likely theory is that the individual or group who had possession of the crypto funds was using what is referred to as a “hot wallet,” or in other words one that was connected to the internet.
She also noted that one of those involved in the attack may merely have used poor judgment on security and passed the private key through channels the FBI was able to conduct surveillance on.
“More sophisticated cybercriminals are not going to leave funds on an exchange with a hot wallet,” she said.
She said, however that if someone in the group of cybercriminals were “less sophisticated,” they could have erred and put the money in the so-called hot wallet during a series of transactions.
In an affidavit, the FB I said it used something called a “blockchain explorer” to examine the public Bitcoin ledger in order to track down where payments went and how the Bitcoin was moved among various addresses across several transactions. The FBI then was able to trace the funds that ended up in a singular address on May 27, where it stopped moving.
The cybercriminals moved the money around to various addresses in an attempt to cover their tracks in a move similar to money laundering, Bloomberg said. The blockchain explorer helped the FBI track the money along the way.
Another theory is that since DarkSide was already known to law enforcement prior to the cyberattack, the FBI could have possibly had some members already under surveillance.
Finally, another and probably less likely scenario is that someone involved in the ransomware attack or in DarkSide tipped off the FBI.
“All the buzz is around how the FBI did this, and not surprisingly, the FBI is keeping mum because whatever investigative tools and techniques they used, they certainly will want to be able to use those in future cases,” Doss said.
She also noted that the best way to determine how the FBI was able to retrieve Colonial’s money will come over the next several months if similar incidents lead to FBI success.
“Then we’ll start having a better idea whether this was sort of a lucky accident or something that they can replicate in other ransomware incidents,” she said.
The DOJ recently announced they have formed a task force, Ransomware and Digital Extortion Task Force to crack down on such groups and affiliates. Sarah Kreps, director of the Cornell Tech Policy Lab told the Washington Examiner she thinks the formation is a “meaningful step” in preventing future attacks.
Kreps said the fact the FBI was able to seize the ransom paid by Colonial Pipeline might give other bad actors pause in engaging in future ransomware attacks. She noted the quick recovery might help in the fight against such attacks, since in many cases the hacker has advantage over the victim and the quick recovery shows that victims of such attacks may not necessarily be defenseless.
Want to make sure you never miss a story from Law Enforcement Today? With so much “stuff” happening in the world on social media, it’s easy for things to get lost.