At a glance.
- US indicts six GRU officers for conspiracy surrounding NotPetya, other cyberattacks.
- EU looks at Big Tech regulation.
- US states preserve their own investigations of Google.
- Cyber conflict strategies.
Naming and shaming (and indicting) Russia's GRU.
Earlier this afternoon the US Justice Department announced the unsealing of an indictment against six Russian GRU officers belonging to unit 74455, the group commonly known as "Sandworm." In 2018 the US indicted members of the GRU for offenses related to meddling in the 2016 US elections. This present indictment has to do with a conspiracy that began with the disruption of Ukraine's power grid, expanded to the destructive NotPetya attacks that particularly disrupted the transportation and healthcare sectors worldwide, and with subsequent activities directed against French elections and the Winter Olympics hosted by South Korea.
In its press conference announcing the most recent indictments Justice calls the conspirators’ actions on the part of the Russian government “irresponsible,” more like the activities of “a petulant child” than those one would expect from a responsible government interested in observing international norms. The indictment, Justice says, “lays bare Russia’s activities to disrupt the internal politics of other countries.”
The indictments were issued by a Federal grand jury in Pittsburgh, where the US Attorney for the Western District of Pennsylvania and the FBI’s Pittsburgh Field Office led the investigation. Cisco’s Talos Group, Facebook, Twitter, and Google were thanked, as are Five Eyes partners, for their cooperation in the investigation.
To the obvious (and good) question, why is the US charging foreign nationals for actions committed against third-party foreign nations (like Ukraine, France, South Korea, etc.) the Justice Department gave the obvious (and good) answer: the six GRU officers are charged with conspiracy, and overt acts committed elsewhere form part of the conspiracy.
Latest salvo in EU Big Tech battle.
CNBC says Paris and Amsterdam have prepared a joint call for the EU to regulate Big Tech’s “economic footprint” and secure access to company data and functionality. The endgame, according to French Minister of State for Digital Transition and Electronic Communication Cédric O, is “to tackle market foreclosure and ensure freedom of choice for consumers.” Without naming any company names, he said the EU must “be able to ‘break them open.’” Twenty-seven EU nations and the European Parliament would need to authorize the measure.
US states to continue Google investigation independent of federal action.
The Washington Post reports that Arizona, Colorado, Nebraska, Utah, Tennessee, North Carolina, Iowa, and New York state attorneys general intend to continue their own probe of the tech giant instead of immediately joining the Department of Justice’s looming antitrust lawsuit, though the situation is fluid. True to form, Texas is leading a separate investigation. The move preserves the states’ legal autonomy from controversial federal decisions and election year instability. Sources who spoke with the Post on the condition of anonymity project that a dozen states will eventually join the Justice Department’s suit. Google is predicted to “fight ferociously” in a landmark battle over the government and search engine’s respective powers.
Combating disinformation and ethnic cleansing.
With respect to disinformation, the current whack-a-mole measures in the information war insufficiently answer the escalating threat to national security and the “liberal international order.” Author Doowan Lee recommends a threefold approach: rooting out automated and state-sponsored distribution channels, publicizing content’s sourcing, and nurturing public-private collaborations. Lee concludes, “China and Russia have weaponized the information environment for too long…[the US] has the dual advantages of technological innovation and an unparalleled national security apparatus. It’s time to use them.”
In the piece on repression in Zinjiang, author Limor Simhony proposes hacking as a means of combating Beijing’s cultural genocide since sanctions and censures have failed. Mass surveillance in Xinjiang has created a “virtual cage” and led to the internment of over a million Uyghurs and Kazakhs. The same technology opens an inroad for disruptive and intelligence-gathering cyberattacks, however. The right play, which would have to overcome microsegmentation and deep packet inspection, could shut down cameras and communications, destroy data, and deter future human rights violations. Simhony says Washington should team up with London, Paris, Berlin, Ottawa, and Canberra to overpower Beijing’s defenses, and that they should do so in ways that preserve plausible deniability in order to keep the conflict at the lower end of the spectrum.