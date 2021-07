ransomware

The rising frequency ofattacks against private companies involved in everything from banking to gasoline supply and beef production may feel like an over-hyped national security threat, but a growing number of experts are warning that the attacks represent a newtrend that America’s adversaries are poised to exploit not for money but for serious geopolitical gain.Analysts predict that as the scope and sophistication of the incidents grows over the coming months and years, states such as Russia, China , Iran, North Korea and others are all likely to accelerate the use of the tactic to exact foreign policy concessions either directly from Washington , or from U.S. allies around the world.“I think it’s a matter of time before key adversaries like Iran and North Korea are leveragingfor political gain,” said Jenny Jun, a nonresident fellow at the Atlantic Council’s Cyber Statecraft Initiative.It is important to understand the basic mechanics of a typicalattack: A group of hackers bore into a company’s computer system, find sensitive data such as client bank account numbers, then lock that data up with an encryption key — or password — that makes it impossible for the company to access the data. The hackers then demand that the company pay a fee in exchange for the encryption key to unlock the data.Ms. Jun maintains that the same processes present hostile forces — both state and non-state actors — with a new and affordable way to wreak havoc, particularly if the companies being targeted are involved in major critical infrastructure or other politically sensitive industries such defense production and high-level banking.While recent months have seen hacking groups like “DarkSide” and “REvil” useto get U.S. companies to pay tens of millions of dollars for encryption keys to free up the companies’ data, Ms. Jun predicts foreign governments with influence over such hacking groups will soon be demanding something other than money.Foreign adversaries could instead seek things like sanctions relief, prisoner releases and subtle policy shifts by U.S. allies designed to undermine American interests on the global stage, Ms. Jun said in an interview with The Washington Times.“It could be a demand that a country concede its control over a particular piece of territory,” she said, adding that a foreign adversary could also useagainst an international bank to demand that the bank — or the country where it is located — stop cooperating with U.S. sanctions.Iran already has a track record of engaging in such tactics outside the cyber realm, she said, noting how Tehran succeeded in pressuring South Korea to release nearly $7 billion in frozen Iranian assets early this year by seizing control of a South Korean-flagged oil tanker.Ms. Jun called it a “no-brainer” that Iran — which has billions of dollars in funds frozen in overseas banks because of U.S. and Western economic sanctions — will eventually turn toattacks to achieve similar ends. “You can imagine a country having their facilities taken hostage throughand then the Iranians saying, ‘We’ll release the encryption key if you release our money,’” she said. “It doesn’t have to be against the U.S., it could target U.S. partners.”The future ofis coming quickly.“In the coming years, the cyber domain may be the most important ‘battlefield,’” said David Maxwell, a former U.S. Special Forces officer who focuses on North Korea at the Foundation for Defense of Democracies. “For North Korea , it is just too tempting of an environment in which to operate. The benefits are high and so far the costs are extremely low.”While North Korea is not yet known to have engaged in state-sponsoredattacks, Mr. Maxwell says Pyongyang appears to be engaging in a range of hacking activities that are designed to conduct “reconnaissance” on South Korean, U.S. and other networks for potential future action that could be aimed at achieving specific geopolitical gains.“They could be ‘preparing the battlefield,’ so to speak,” he told The Times. “Someday we could see major attacks on infrastructure that might be able to do an extremely high amount of damage,” damage that could, in turn benefit the regime’s “blackmail diplomacy.”Stewart Baker, a former National Security Agency general counsel and Homeland Security Department policy chief now practicing technology law at the private firm& Johnson, said in an interview that “it is not implausible” that foreign adversaries will seek subtle way to launchattacks for political ends.“You’re not necessarily going to get geopolitical influence by locking up a piece of data and publicly demanding a policy change,” Mr. Baker said. “But could you do it quietly? Perhaps.”And is it possible to imagine scenarios in which a private-sectorincident could turn into a public policy football? “Yes,” Mr. Baker said, pointing to the Colonial Pipeline attack by Russia-based hackers that briefly halted the flow of gasoline across the southeastern United States in May.The attack could have taken on a major geopolitical twist, Mr. Baker said, if it had been much more sophisticated and succeeded in tying upindustrial control systems for weeks on end, taking over the the computer system that actually makes the pipeline open and close. Colonial officials acknowledged paying off thethieves in order to restore supplies after about a week.Had the larger, longer shutdown occurred, Mr. Baker said, Russian President Vladimir Putin could well have come forward and told U.S. officials that Moscow had the capability to track and capture the Russian-based hackers and would do so on the l condition that, say, Washington agree to prevent American social media companies such as Twitter andfrom giving Russian dissidents a forum to criticize Kremlin policies.U.S. cyber officials have thus far focused on the prospect that geopolitical developments, such as U.S.or sanctions against a particular country, will trigger increases in cyber incidents against the United States — not that cyber orattacks themselves couldbecome geopolitical weapons in the hands of foreign adversaries.The Department of Homeland Security’sand Infrastructure Security Agency () circulated an “insights” document in January 2020 warning that “increased geopolitical tensions and threats of aggression may result in cyber and physical attacks against the homeland and also destructive hybrid attacks by proxies against U.S. targets and interests abroad.”The document homed in specifically on the prospect of “disruptive and destructive cyber operations against strategic targets, including finance, energy and telecommunications organizations, and an increased interest in industrial control systems and operational technology” by foreign hackers.It also warned of the ongoing threat of “cyber-enabled espionage and intellectual property theft targeting a variety of industries.”Mr. Baker told The Times that China has long-engaged in such cyber-enabled espionage targeting American companies that contract with the Pentagon to work on U.S. defense and weapons development.