The cybersecurity industry wakes up this morning with low hopes of seeing any solutions pan out of the Biden-Putin meeting taking place today in Geneva. The two world leaders will be addressing major issues such as the Covid-19 crisis, climate change, arms control and Russian military involvement in Ukraine, in addition to which Joe Biden will be raising with Vladimir Putin concerns about the cyber threats emerging from Russia that are targeting the whole world.
Since his election, Biden has been facing major cyber-security issues originating mainly from Russia. Hackers used SolarWinds’ Orion platform to compromise and spy on the US government, then followed with additional attacks, such as corruption of USAID’s email system and ransomware deployment on major US enterprises. Some of these attacks have been attributed to government “threat actors” and others to private criminal groups, but most of them come from within the Russian borders.
Government cyber-espionage is nothing new and is part of the international geopolitical games, with America being the leader in this field, as Snowden exposed in 2013. This is why the USA and allies are not trying to single out the Russian government’s espionage activities but are expressing deep concern regarding Russia acting as a safe haven for hackers.
There is an unwritten rule in Russia that tolerates hackers on its soil to act “freely” as long as they do not target Russian interests. In some cases, there is evidence that cybercrime organisations are even fostered and supported by the Russian government in order to launch attacks. This practice resembles that of naval privateers, who were authorised by a country's government to attack and steal from boats that sailed under a foreign flag. Biden will no doubt address the topic of modern-day cyber privateers – who are neither state-sponsored hackers, as they do not follow official government orders, nor financially motivated criminals hunted by local law enforcement – with his Russian counterpart. The DarkSide group, who attacked the Colonial Pipeline, and REvil group, who attacked the meat processor JBS, both fall directly in this category.
Cybercrime and ransomware are becoming a major concern for the White House, to the extent that Biden’s administration is considering treating ransomware attacks as a national security threat similar to terrorism. Intelligence agencies would thus get clearance to spy on foreign criminals and potentially authorise offensive cyber operations against hackers inside Russia.
This approach is a major pivot in the way of addressing cyber threats. Up to now, military resources, national intelligence and offensive operations were proscribed; ransomware was considered a criminal matter, perpetuated by criminal organisations and to be prosecuted in criminal courts. This new initiative is therefore not trivial. An offensive response to cybercrime might not even be legal according to USA and international laws.
Since 2017, Geneva has been at the forefront concerning regulations in cyberspace, through initiatives such as the creation of a “Digital Geneva Convention” that would guide what government entities can do towards digital civilian entities. Cybercrime knows no borders and is certainly not limited to the USA. Ransomwares are targeting organisations all around the world with more than 2500 attacks reported on the dark web in 2021 alone. Thus, before each country decides for itself on how to respond to cybercrime, we need to regulate the governments’ options and limits.
In order to control this new plague, law-enforcement agencies need to be given the means and tools to stop the threat actors while enforcing a real zero tolerance for governments that shield cyber-criminal groups.
Diplomatic talks with criminal safe havens are not a new concept. In the past, in order to stop the massive traffic of cocaine between Colombia and the USA, Carter’s administration successfully pressured Colombia to sign the 97-8 Treaty, which allowed extradition of Colombian drug cartel members to the United States.
Though negotiations seem to be a very attractive solution, Russia is very different from Colombia: even after the meetings in Geneva, it remains very unlikely that Biden will find a way to convince or pressure Putin to give up on offering a safe haven to its cyber-criminal gangs.
CEO of the cybersecurity company ZENDATA, Steven Meyer is an expert in cyber security and data protection.