Cyber-espionage and Ransomware Wars

by Kumar David- 2021/06/13

There are two categories of cyber-attacks; attempts by governments and state intelligence agencies to penetrate, disable or gather information from foreign or domestic sources and the second is when organised gangs, or occasionally individuals penetrate computer facilities to collect what may be called a cyber-ransom. The latter is the work of a cyber-mafia. There is not a great deal that can be said about the former since little is reported. Even investigative journalists who penetrate the shroud of state secrecy rarely make an exposé of governmental cyber snooping, or for that matter any state led contravention of people’s rights.

Of course the best way to learn about a government snooping on its own people if from another country. America for example is replete with journalistic comment, security agency (FBI, National Security Agency or NSA and other) releases, and ‘learned’ papers on how China spies on and molests its citizens and exposés of the antics of Putin’s agencies. But the deadly side of domestic state led cyberwar and cyberespionage is a topic about which little is known and those who talk are likely to be liquidated or placed behind bars. For example what is known about Israel’s capabilities and the damage it inflicts on Iran’s nuclear programmes? It is said that Russian cyber penetration of Western intelligence and Chinese fingering of commercial and security networks is superb, but frankly, I am sure that given its higher technology American data gathering is much better.

If the intention is to do huge damage to another countries infrastructure, say crippling electricity supply, disrupting air traffic or gas/oil pipelines, or creating havoc on the roads by screwing up GPS-ware, no one can do it better than a foreign state agency. The downside is that the comeback will be quick and as devastating; it’s is an extreme that a state or a military will resort to only in circumstances such as war. Other than Israeli and U.S. attacks on Iranian nuclear facilities and alleged campaigns of disinformation, election interference, or information gathering, other cyberattacks sponsored by foreign state agencies are rare.

However, it is when cyber is linked with other technologies such as drones, jamming financial transfers or experimental interference with military exercises or foreign communications channels, that that it gets grey and dangerous. Explicit acts like sanctions or trade blockades supported by cyber intervention cannot be termed peacetime cyberwar (forgive the oxymoron) since they are not secretive. Sun Tzu’s (544–496 BC) Art of War written 2,500 years ago is stunning in its conceptual relevance to modern cyberwarfare!

It’s cyber terrorism-for-profit or ransomware that is now grabbing the headlines. Ransomware is malicious software designed to befoul computer systems. Hackers demand a ransom — typically in cryptocurrency — in return for restoring access. Institutions lose millions for every day that access is denied and there is a danger that hackers may spread disruption to other parts of the network. Hackers often gain access to a computer system through the administrative side of a business. Some of the biggest attacks started with an email; an employee is tricked into downloading malware. There have also been cases of hackers using weaknesses or third-party software that a business has purchased. They use any means to gain a foothold in a network.

 

The operator of America’s largest fuel pipeline Colonial Pipeline was attacked at 5:30 a.m. on May 7. It took about an hour to shut down the pipeline and its 260 delivery points across 14 states. Shutdown prevented the infection from migrating to other operational controls. The pipeline system delivers 45% of the gasoline consumed on the East Coast. This operator of the nation’s largest fuel pipeline confirmed it paid $4.4 million to the gang in Bitcoin to restore the locked up corporate network. Who were the hackers? The FBI says that DarkSide, a relatively new gang which it alleges is based in Russia, was responsible. It is unusual for criminals to attack national infrastructure- but it is a growing concern. The hack on Colonial Pipeline is significant but hospitals, airports, banks and food production and supply facilities are all coming under attack.

How can a pipeline be hacked? Can the CEB’s System Control Centre or the Petroleum Corporation be attacked? (They should send the ransom note to Beijing since GoSL is too broke to pay). Many people do not know that the nerve centre of most sophisticated industries are extremely digital. Controls, energy management systems, fuel supply logistics, sensors, thermostats, valves and pumps are controlled by interlocking computer systems.

 

Ransomware

Ryuk is perhaps the most dangerous ransomware in operation. It is spread via malicious or phishing emails, with dangerous links and attachments. According to the FBI, Ryuk’s attacks have already caused more than $60 million in damage worldwide since 2018; more than 100 companies have been attacked. Victims needs to send a message to find out how much they must pay for the decryption key – what cheek!

SamSam ransomware gained prominence in 2018 after infecting the City of Atlanta, Colorado Department of Transport and Port of San Diego. Also in 2018 two Iranian hackers were accused of using SamSam against 200 organizations and companies including hospitals, municipalities and public institutions. $30 million was lost as a result of these attacks. SamSam victims are asked to make a first payment for a first key to unlock a few machines. “With buying the first key you will find that we are honest”, says the ransomware message!

WannaCry executed devastating ransomware attacks and is spread via email scams or phishing. The estimated loss so far is $4 billion. Worldwide, more than 200,000 people and companies such as, FedEx, Telefonica, Nissan and Renault have suffered. WannaCry exploits a vulnerability in the Microsoft Windows operating system. There are dozens more dangerous ransomware outfits in existence, the better known ones go by the names Petya, Trojan and TeslaCrypt. Petya for example infects the boot record of computers that use the Windows system. It blocks the entire operating system and the unblocking ransom is $300 per computer.

What can be done about protection? The best solution is well trained, responsible and alert staff. In addition there are dozens of protection programmes on the market. The ransomware fighting project ‘No More Ransom’ is a worldwide initiative by Europol and several government agencies and cybersecurity companies to fight ransomware. ‘No More Ransom’ helps victims of infections caused by ransomware to recover blocked data without having to pay any ransom.