In April, a group of hackers suspected of being linked to the Chinese government overcame cyber defenses at the Metropolitan Transit Authority in New York. The MTA carries millions of passengers every day. It is the largest transit network in North America.
The Colonial Pipeline controls 45 percent of the fuel supply in the eastern United States. In May, a ransomware attack based on a single compromised password broke into Colonial Pipeline’s computer networks and shut down the largest fuel pipeline in the United States. In its 57-year history, Colonial has never had to shut down its entire gasoline pipeline system. Panicked consumers struggled to fill their tanks, which exacerbated supply problems.
JBS, the world’s largest meat processing company, was exposed to its own ransomware attack in early June. Several plants in the USA had to be temporarily closed. Hackers sheltered in Russia have been linked to the attack.
These may be the latest and greatest examples of cyberattacks on critical US supply chains and infrastructure, but there are dozens of others. From the District of Columbia Police Department to the agency that controls the water supply in a city in Florida, cyberattacks have struck large swathes of American society in recent months. Nobody seems immune. The Justice Department even went so far as to declare 2020 the “worst year ever” for blackmail-related cyberattacks. The DOJ has also created a task force specifically focused on ransomware.
Internal instructions sent to U.S. law offices across the country on June 3 indicated that ransomware field investigations should be coordinated with the new Washington Task Force. A senior Justice Department official told Reuters that the agency would give investigations into ransomware cyberattacks a priority similar to terrorism investigations. FBI Director Christopher Wray reiterated those comments on June 4th when he warned that fighting cyberattacks on American governments and business corporations would be similar to fighting terrorism after September 11th.
It seems that this new ransomware prioritization is already bearing fruit. In their attack on Colonial Pipeline in May, the hacking group DarkSide requested a ransom of $ 4.4 million, which Colonial Pipeline paid to restore operations. On June 8, the Justice Department announced that it had seized approximately $ 2.3 million worth of bitcoins paid to the Colonial Pipeline hackers. Although the value of the confiscated bitcoins is less than the full amount paid to the hackers, more than half of the ransom was collected.
While it’s unclear how the two events are related, shortly after U.S. law enforcement officers seized the bitcoins that were used to pay part of the ransom from the Colonial Pipeline, the price of the digital asset plummeted seven percent. Bitcoin’s price aside, the value of almost every real, tangible asset that relies on computer networks would be effectively protected if further great successes in digital law enforcement followed.
Ransomware hackers and other types of digital thieves, especially those operating overseas, are a difficult nut to crack for American authorities. But just because a real hijacking has higher production values than a cyber break-in does not mean that the latter is less threatening. Hackers may not immediately put lives at risk like a man waving a gun. However, when their goals include transportation systems, critical food and energy infrastructures, and even law enforcement as they have done for the past few months, real life will be impacted. Unchecked, hackers can operate from almost anywhere, and the proliferation of ransomware attacks has shown that digital crime is on the rise, while its analog counterpart in the US continues to decline
Maybe the hackers went too far after all. Since the US authorities confiscated their ill-gotten profits and threatened to persecute them as aggressively as terrorists, even the hacker group DarkSide issued a rare mea culpa. Hopefully, the DOJ’s promise to more aggressively prosecute criminal hacker groups will help provide protection for businesses and other businesses in the 21st century.
Jonathan Wolf is a civil litigation attorney and author of Your debt free JD (Affiliate link). He has taught legal writing, written for a variety of publications, and made it both his business and his pleasure to be financially and scientifically literate. Any views he expresses are likely pure gold, but are entirely his own and should not be attributed to any organization with which he is affiliated. He wouldn’t want to share the loan anyway. He can be reached at [email protected].