FBI director Christopher Wray testified before the House Judiciary Committee that companies should not pay ransom to get their computer systems working again. Easy for him to say.
Thousands of US companies, large and medium sized, have been hacked and held up for ransom while the internet criminals shut down their operations. It’s literally life and death for these businesses that have been attacked. Quite simply, if you have spent decades — even lifetimes — building up an enterprise, you are not going to let its value go to zero because you can’t deliver to customers. You have no choice but to buy the encryption software from the criminal so you can get back into operations.
Wray’s high-minded statement from the FBI smacked of implausibility.
Why didn’t he instead tell us what the FBI is doing to eliminate this war on the US economy? The Feds did recover the bit coin ransom payment made by Colonial Pipeline, the Georgia-based carrier of refined oil for the east coast, but has shown little else in the way of a defense against the international hackers who are largely based in Russia and former Soviet countries.
The ransomware industry is growing voraciously because these are “perfect crimes.” The hacker criminals almost never end up behind bars. They have the de facto protection of Russian president Vladimir Putin who looks the other way.
The agenda for Wednesday’s Biden-Putin meeting will cover many issues, but the ransomware war has not been raised as an issue for their talks. It should be, because it is economic warfare that is crippling critical parts of the US infrastructure. The most egregious attacks to date have been to the east coast electrical grid system and to one of our largest meat producers.
Law firms in Wisconsin and other states have been swamped with recovery efforts for a wide spectrum of thousands of businesses. Insurance companies just shrug their shoulders when asked about recourse. Some are reluctant to write new computer protection policies. In short, there is a whole new industry that operates outside the rules.
Individual companies have almost no defenses other than to harden up their computer security systems. Most companies have already done that to the extent possible.
Over dinner a week ago, two astute friends commented that the attacks will continue because they are carried out with impunity. They raised the question of whether the United States government should retaliate by knocking out equivalent huge assets in the Russian infrastructure.
Retaliatory attacks would have to be done covertly along the lines of how Russia is conducting its information technology warfare. If the attacks were carried out overtly, it would spell outright war in cyberspace. Putin would have to respond.
No one wants major warfare, but it may come to that if Biden and Putin can’t figure out a way to mutually bring the criminals to heel.
It’s possible that Putin and/or the Russian government are getting a cut of the ransom payments. If so, the United States and other prosperous nations will have to inflict economic damage on Russia that more than offsets the criminal gains.
There is a moral dimension to the escalating cyber warfare. The hackers are now shutting down hospitals in the United States. There is no consideration whatsoever for the patients who suffer during the computer shutdowns.
Heretofore, conventions on conducting war almost always keep humanitarian facilities as off limits to attacks.
Putin and Biden have a mutual interest in controlling the international hackers who are running wild and damaging the international economy. Everyone but the hackers are losers in this new and nasty brand of criminal warfare.
An international set of policing talks has to be convened ASAP. That would be a positive outcome from the Biden-Putin meeting.