OPINION: Ransomware and Cyberwar
When a criminal consortium known as DarkSide facilitated a ransomware cyberattack on the Colonial Pipeline Company on May 7, it forced a five-day shutdown of the largest pipeline system for refined oil products in the United States. The system stretches 5,500 miles from Texas to New Jersey and carries 45 percent of all the gasoline, diesel, and jet fuel for the entire East Coast.
Shutting it down produced widespread runs on gasoline and drove fuel prices to their highest levels in more than six years. Thousands of stations ran out of fuel, while images of long lines and people pouring gasoline into garbage bags and plastic coolers went viral on social media. To regain control of the pipeline Colonial CEO Joseph Blount paid DarkSide a ransom of $4.4 million in Bitcoin, highlighting the vulnerability of our critical infrastructure to digital attack and the ongoing pandemic of extortive cyberattacks throughout the world.
Security specialists have long warned such attacks are likely. Malicious internet use began with destructive codes or “worms” that infected computer systems as early as 1988, and over the last 30 years the danger of electronic identity and data theft, energy and power grid shutdowns, espionage, and ransomware attacks have grown exponentially. Attacks on U.S. government agencies, Sony Corporation, Adobe, eBay, Equifax, LinkedIn, and Mariott International, to name just a few examples, have demonstrated time and again that privacy and the internet simply do not go hand in hand even as we accelerate our dependence on interconnected networks of computers and cell phones that simultaneously make our lives easier and more vulnerable.
We seem to have collectively decided to take the benefits of the technology and either ignore or blithely accept the risks. Greater security could have been built into our software and networks from the beginning, but only by delaying development and raising costs. Neither big business nor consumers saw the need. Besides, manufactures had no incentive to make their products more resilient because vulnerable systems were cheaper to make and only created problems for consumers. Now that the need for more protection is apparent, we realize the extraordinary difficulty in upgrading a globally networked infrastructure like the internet. It is too vast, crosses too many national borders, and includes millions of old computers and virtually limitless amounts of old software programs that are almost all vulnerable. The result is a cyber environment where international criminals have virtually unlimited opportunities to make money at very little cost or risk to themselves.
While individuals like you and me worry most about identity theft, phishing e-mails and online scams, the real money is in extortive attacks. These usually involve hackers shutting down a system or stealing private data and then demanding a ransom in exchange for relinquishing control of the system back to the owner. These attacks hit businesses of all types and sizes and cost corporations billions of dollars, and those losses are almost always passed on to consumers. In 2016 extortive attacks cost U.S. companies $75 billion, and since then the number of attacks has skyrocketed. Cyberattacks increased 20 percent in 2020, aided by a pandemic which made the internet more vital than ever before, while the average amount of ransoms rose 225 percent. Demand for ransomware software is so great on the Dark Web (the part of the internet not indexed by search engines, where criminals often congregate) that groups like DarkSide simply create ransomware and provide it to clients who conduct the actual attacks and share a portion of the ransom with them. The practice is known as “Ransomware as a Service (RaaS) and is extraordinarily lucrative. DarkSide made $90 million in a single nine-month period, and hackers forced the German chemical company Brenntag to pay a $4.4 million ransom at the same time Colonial did.
To be sure, governments regularly attempt to counter these threats, both with law enforcement and military cyber operations. Only a week after the Colonial Pipeline shutdown, for example, reports emerged that DarkSide servers had been taken down and their cryptocurrency accounts raided. Some reports suggested the United States was responsible, perhaps acting through the 780th Military Intelligence Brigade (the Praetorians), a US Army unit charged with offensive cyber operations. Others suggested it was the Russians, or perhaps a rival criminal group, or even DarkSide hiding the money and then claiming it was stolen. In any event, DarkSide seems to have realized it went too far in allowing an attack on crucial infrastructure like the Colonial Pipeline. They released a statement apologizing for the attack and promising to avoid government, healthcare, energy, and educational institutions in the future.
I like to think the United States got a little payback for the Colonial shutdown. Maybe we did. Whatever happened, however, the dangers and costs of ransomware attacks are now so manifestly alarming that some sort of action is vital. Yet for the last 30 years, regardless of which political party controlled the White House or Congress, we have done too little and acted too late. We need a national discussion regarding cyber security. What exactly are our vulnerabilities? How much would it cost to remedy them? How much privacy are we willing to risk in the name of connecting everyone to everything? Where is the line between criminal activity and war? At what point would a cyber attack cause so much damage a conventional military response was justified? These and countless other questions demand our attention, and they can only be answered by government because private individuals and corporations can only protect themselves. Government alone is tasked with protecting us all, and publicly considering these issues would be far more worthy of our time and energy than most of what sadly passes for political discussion these days.
We ignore the threat at our peril.
Lance Janda has degrees in history.
Comments