Newt Gingrich wants to send SEAL Team Six through the doors of whoever authorized the Colonial Pipeline hack. Or maybe a hellfire missile through the sunroof of a hacking godfather’s Lexus. Many Americans would likely agree and advocate similar treatment for robocallers and email spammers, which sounds good until you remember that this would include US forces conducting military action on the soil of Russia or its satellites .
A universal recipe for any type of mishap is resilience. The Jones Act, a stupid, centuries-old law that reserves domestic ship trading for US-manned ships, is against resilience. If gas station owners weren’t bound by anti-gouging laws, they’d probably never run out of gas. They’d raise prices high enough to convince their customers that it isn’t so necessary to fill every canister and top up the Tahoe when it is three-quarters full.
As with the SolarWinds Hack, the public can expect barely to be informed about the Colonial Pipeline hack compared to other major crime and news events. News outlets can only speculate that the hack started with a typical email phishing scam. If so, that would be good to know. If, in the overwhelming number of cases, the vulnerability is now that a human clicks an email link or foolishly entrusts a password, then we’re making progress on system security. We are the weak point.
According to Colonial, the pipeline shutdown was a precautionary measure, suggesting that malware did not infect the industrial controllers. This would explain a couple of things. Hackers likely don’t know much about the companies they’re attacking – they might have no idea what Colonial is doing, or the freeze on staff and customer accounts could lead to gasoline shortages on the East Coast. Don’t dismiss the strange testimony of an alleged hacking group affiliated with Russia that apologizes for the colonial complications and “creates problems for society”.
All of the sophisticated national governments, and many that are not highly developed, continuously work in cyber, gathering information and engaging in cyber operations. Let’s not fool ourselves. The US tends to make Chinese and Russian hacking exploits public, perhaps because our system is more open, but also likely for strategic reasons: hiding such attacks perversely means weakness. Try to imagine a case where Moscow or Beijing owned or disclosed a US cyber intrusion. It’s not because such intrusions don’t happen. Most likely, the US is the biggest and baddest cyber actor out there, and these governments don’t want to advertise their vulnerability to their own citizens.
DarkSide, a Russian company that allegedly has a supplier-customer relationship with ransomware groups, is the alleged author of this week’s apology. One interpretation is that criminal groups operating in this market do not want to be perceived as crossing the line from criminal harassment to threats to national security, thereby exposing their host governments to escalation. After all, Russia’s version of SEAL Team Six is more likely to burst through the door than ours.
When I was working in Hong Kong decades ago, there came a moment when the world came found it necessary stop pretending that piracy in the South China Sea, which was widespread at the time, had not been encouraged by the Chinese government through the use of off-duty military or police personnel. The secret expansion of China’s sovereignty to international waters has recently become a task for China’s “fishing fleet”.
The best way to understand Russia’s behavior is through your favorite mafia show. According to several reports, DarkSide malware uses voice filters to avoid attacks on victims who may be protected by the Russian government. However, cyberattacks on external interests are useful for the Kremlin in enabling the West to deal with them
Wladimir Putin. President Biden spoke carefully on Thursday: the colonial hack was not an operation by the Russian government, but the Russian government was able to do something about it.
The US government’s advice not to pay ransom is ignored and will not be enforced as the US government is yet to offer a better alternative. Colonial reportedly paid $ 5 million. Now his pipeline is laboriously being brought back to life. But the episode’s biggest lesson belongs to Russia’s hacking godfathers: If they didn’t know beforehand, the extreme sensitivity of gasoline prices and availability for US presidents and voters. The reaction they risked was not worth the $ 5 million they raised from Colonial.
In the meantime, I doubt the secrecy surrounding US action in this area and ours Interactions Using cybercriminal groups will be sustainable or scandal free in the long run.
***.
Correction: A scene described in Wednesday’s column occurred in the Dudley Moore movie “10”, not “Arthur”. Sorry for the mistake.
Main Street: Federal Judge Amy Berman Jackson’s ridiculous tirade targets former Attorney General William Barr, underscoring the great liberal frustration that Special Adviser President Trump has failed to overthrow. Images: Getty Images Composite: Mark Kelly
Copyright © 2020 Dow Jones & Company, Inc. All rights reserved. 87990cbe856818d5eddac44c7b1cdeb8
