Treating Cyber-Criminals like Terrorists


June 8, 2021

Ransomware took over the news yet again last week when meatpacking giant JBS was hit with an attack that shut down its plants, which process more than one-fifth of the United States’ beef supply. This attack, so soon after the Colonial Pipeline breach, put the issue of foreign hacking back on the front page, yet again, and comes amid revelations that the Department of Homeland Security (DHS) has had concerns about ransomware attacks on U.S. campaigns and elections.

Matt Masterson, who led election security work at DHS during the 2020 elections, talked about his fears of potential ransomware attacks in remarks at USC’s Election Cybersecurity Regional Workshop last month, saying:

“To be candid, I was convinced we were going to see ransomware attacks across the United States…With that many counties, townships, cities running elections, that many systems working to support them — no matter how much monitoring, no matter how much cyber hygiene work had been done, no matter how much information sharing and tabletop exercises, which we had done across the country with thousands of jurisdictions — we knew that there were some systems out there that were vulnerable…

“In the end we didn’t see that, thank God…we had a secure election that went without cyber incident and in the end was incredibly well run by the state and local election officials. But the reality is those systems — those old and outdated, unsupported operating systems or email servers or whatever — are still out there.” (Watch his full remarks here.)

And just last weekend, Energy Secretary Jennifer Granholm underscored the severity of the threat to other infrastructure in an interview with CNN’s Jake Tapper, warning that our adversaries have the capability to shut down the U.S. electric grid and that attacks on all aspects of the energy sector are constantly occurring.

In response to this latest spate of attacks, the Biden administration is working through policy options to both punish those responsible and to prevent more from happening in the future. President Biden will raise the issue with Russian President Vladimir Putin at their meeting in Geneva, Switzerland, on June 16th because so many hackers are based in Russia and operate with the blessing, encouragement, or direction of the Russian government. For example, the White House and the FBI said publicly that the JBS attackers were based in Russia.

The administration is also reportedly considering utilizing the kinds of tactics that have been successful against terrorist organizations to crack down on cyber-criminals. According to NBC News, these tactics could include increasingly using intelligence community assets to spy on foreign criminals or conducting offensive cyber operations against hackers located inside Russia.

There are certainly tools the United States Government has used over the past 20 years in its fight against international terrorism that could be quite helpful in the cyber-criminal realm. They frequently operate across national borders, oftentimes sheltered and supported by sympathetic governments who use them as shadowy arms of their policy agendas, in much the same way that many terrorist organizations do. So while part of the strategy should involve pressuring those governments to cut back their support, we have seen in the counterterrorism experience that this tactic often has limited success (see: Pakistan).

A more useful focus would be to target cyber-criminal financial networks and work to choke off the resources these organizations need to function, recruit, and organize, in much the same way the U.S. has done fairly successfully with terrorist groups like al-Qaeda.

In this vein, the Department of Justice announced yesterday that it had found and recovered a majority of the millions in ransom that Colonial Pipeline paid last month to regain control of its systems. In this announcement, Deputy Attorney General Lisa Monaco said: “By going after the entire ecosystem that fuels ransomware and digital extortion attacks, including criminal proceeds in the form of digital currency, we will continue to use all of our tools and all of our resources to increase the cost and the consequences of ransomware attacks and other cyber-enabled attacks.”

This spike in ransomware attacks comes as we get reports that Iran is stepping up its social media activity designed to sow discord in the United States over hot button issues and to spread antisemitic tropes.

Time Magazine reported yesterday that this social media activity, tracked to troll farms run by the Iranian government, has been tied to significant U.S. policy decisions such as President Biden’s announcement of the U.S. troop withdrawal from Afghanistan, the guilty verdict of Derek Chauvin in the murder of George Floyd, and the recent war between Israel and Hamas. Iran has meddled in American politics on the internet for some time, including during the 2020 presidential election. But their activity since the election appears to be increasing, a concerning trend.

In response to this and other foreign interference, Director of National Intelligence Avril Haines is leading the creation of a new office that will track the abuse of social media accounts by both foreign government and non-state actors like terrorist networks. The Department of Homeland Security has also stood up a working group to delve into new ways to counter foreign disinformation.

The DNI and DHS structures were, after all, formed after the 9/11 attacks to provide a whole-of-government approach to fighting terrorists using the various tools of American power and ingenuity. Today, it’s cyber threats like ransomware and troll farms creating disruptive and false content aimed at Americans that demand the same kind of coordinated, holistic effort. We’ll see if these bureaucracies are able to successfully pivot to fight the next war, but it is a good sign that many of the leaders in charge of these efforts and their experts are veterans of previous fights that required similar tools.

Marie Harf
International Elections Analyst, USC Election Cybersecurity Initiative

Marie Harf is a strategist who has focused her career on promoting American foreign policy to domestic audiences. She has held senior positions at the State Department and the Central Intelligence Agency, worked on political campaigns for President Barack Obama and Congressman Seth Moulton, and served as a cable news commentator. Marie has also been an Instructor at the University of Pennsylvania and a Fellow at Georgetown University’s Institute of Politics and Public Service.