At a glance.
- Counterretaliation and other reactions to Washington's response to Moscow over SolarWinds.
- Co-opting criminal hackers as state policy.
More responses to Washington’s Moscow sanctions.
Some, like OODA Loop, think President Biden’s bent towards “avoiding conflict” and “relying on partner collectives instead of assuming a leadership role” could handicap him in the cyber realm, where “decisive, swift” action is required. Others, Yahoo notes, believe the response to Russia sent a strong message and will function as a deterrent.
Wired wonders what precisely that message was, since it seemed to take on assumption yet unpromulgated cyberespionage rules. The Wall Street Journal agrees, saying the move “broke with years of U.S. foreign policy” that barred only election interference, IP theft, and system damage. The Administration has variously presented the Holiday Bear attack’s unusual “scope and scale,” undue burden on the private sector, and potential for staging as differentiating factors from espionage as usual. The point about the possibility of staging is perhaps the most troubling, and accounts for the US Administration's disinclination to view the SolarWinds compromise as just another cyberespionage operation. Collection is one thing, but the sort of access that could have been obtained through the compromised Orion platform involved more than simply collection. It's possible that it could be used to stage a disruptive attack on critical infrastructure that might have serious kinetic effects.
Former cybersecurity official Chris Painter, Representative Langevin (Democrat, Rhode Island 2nd), and national security law professor Bobby Chesney are unconvinced by the new standard. Painter pointed out that most hacks can entail staging, and Chesney described the policy as a “vague matrix of conditions that, if met, could elevate certain ‘malicious cyber activities’ to a level that warranted retaliation.”
Russia’s intelligence agency gave itself a good pat on the back in response to the sanctions (while also dismissing the US attribution as "nonsense") according to the Moscow Times, applauding its “supreme professionalism” and service to the motherland. Moscow also kicked out ten US diplomats, sanctioned eight officials, and threatened local NGOs, as Deutsche Welle reports. Both sides have made clear that they could do worse, but both are invested in avoiding further instability and economic discomfort. For its part, Moscow could get chummy with China, drag its feet in areas of mutual interest, or lash out at Ukraine.
My enemy’s enemy: Moscow’s intelligence service embraces criminal hackers.
The ransomware epidemic, Stuff explains, is fueled by support from countries like Russia and North Korea. Russian intelligence agencies in particular nurture the underground industry that has cost victims tens of billions to date. As long as campaigns don’t injure domestic interests, the chat boards say, “Mother Russia will help you.”
While Pyongyang directly profits from ransomware, Moscow likely appreciates the resultant strategic chaos. Ransomware interrupted the operations of thousands of US hospitals, schools, businesses, and Government agencies in 2020. Some criminal hackers are employed by the state, occasionally mixing official work and side hustles, and a select group is recruited upon arrest, given the option of service or jail.
President Biden’s sanctions need to get personal for President Putin to take notice, according to some experts. An international agreement to isolate ransomware loot-laundering financial institutions might do the trick.