Cyberwarfare and cybercrime are proliferating. As traditional warfare and organized crime are transforming and moving into cyber-space, the lack of preparedness of the international community to deal with these issues has become apparent. The darknet is always two steps ahead.
By Shane O’Callaghan 27.7.2021
On 3 July, the Miami-based tech provider Kaseya reported a massive ransomware attack. There are a number of theories regarding who was behind it, but many reports point to the purportedly Russia-based cybercriminal group named REvil, which demanded 70 million dollars in bitcoin to decrypt the affected devices.
The attack affected over 1,000 businesses and forced the Swedish supermarket chain “Coop” to temporarily close over 800 stores. Cyberwarfare and cybercrime are no longer novel concepts, but the scale, sophistication and frequency of attacks have increased in recent years. While states are attempting to improve their capabilities for dealing with these threats, the treaties that govern warfare and transnational crime must be updated to reflect this trend.
The likely involvement of REvil prompted a Biden-Putin phone call on 9 July in which the US President told Putin that he expects Russia to take action against the responsible parties and that there would be consequences if they neglected to do so. It is still unclear what he means by “consequences,” but Biden also said, “The United States will take any necessary action to defend its people and its critical infrastructure.” Following the attack and the subsequent phone call, REvil was reported to have inexplicably gone offline. In a Der Spiegel article from 14 July, investigating why REvil has suddenly gone offline, Russian and/or US intervention are named, thus it is possible that Putin, Biden or both decided to take action against the group as a result of this call.
Almost all reports on cyberattacks point to the same conclusion: states are increasingly substituting traditional military attacks for cyberattacks, and the same can be said about organized crime. In many cases, the two are intertwined, with states allowing hackers to operate within their borders and attack the governments and businesses of other countries.
The Center for Strategic International Studies has compiled a list of what they label as “significant cyber incidents” since 2006. Alarmingly, this list stretches on for over 60 pages. One component of the list is government-sanctioned attacks. This includes the massive SolarWinds hack affecting multiple US government agencies, as well as NATO, the UK and the European Parliament. Most reports name Russia as the culprit, but the US recently also accused China of exploiting the SolarWinds hack to conduct another cyberattack of its own. In the past, attacks have also been carried out by a number of other countries, including Iran and North Korea. Likewise, the United States and its allies, such as Israel, have not shied away from carrying out offensive cyber attacks on other countries and non-state actors.
This list also highlights the growing problem of ransomware attacks perpetrated by cybercriminals. According to the US Cybersecurity and Infrastructure Security Agency (CISA), “Ransomware is an ever-evolving form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption.”
In May, less than two months before the Kaseya ransomware attack, there were also significant attacks on the largest fuel pipeline in the United States, the world’s largest meat producer and Ireland’s National Health Service. Ireland refused to pay the ransom, but the meat producer JBS and Colonial Pipeline paid the hackers’ demands of 11 million and five million dollars respectively. All three of these attacks were widely attributed to Russia-based cybercriminals, including the same one that later attacked Kaseya, but it is still not entirely certain who the responsible parties were.
Unfortunately, this list of “significant” attacks only represents a small portion of the problem. A Cyberthreat Defense Report conducted by Cyber Edge Group found that 86 percent of organizations suffered a successful cyberattack in 2020, 69 percent suffered a ransomware attack and 57 percent of ransomware victims paid the ransom. New Zealand-based security firm Emisoft reported that the ransoms paid in 2020 totaled a stunning 18 billion dollars.
While the trend towards more cyberwarfare and cybercrime is clear, so is the lack of international cooperation aimed at preventing it. Unlike conventional warfare and crime, there are very few international laws governing cyberwarfare and cybercrime.
In 1949, the Geneva Conventions defined what is acceptable in warfare. These conventions, the subsequent additions to them and other international laws developed later helped outlaw some of the most brutal aspects of armed conflict. They banned tactics like torture, targeting civilians, children and the sick or wounded, deprivation of food or water and much more.
The United Nations Office on Drugs and Crime (UNODC) was established in 1997, and the UN adopted the United Nations Convention against Transnational Organized Crime (UNTOC) in 2003. This institution, in cooperation with others, has worked to combat crime around the world. While the UNTOC is being used to address cybercrime, it was not specifically created to do so and thus is not sufficiently effective. One of the only international agreements on cybercrime is the Council of Europe’s Budapest Convention on Cybercrime. However, only 66 of the world’s 195 countries are parties to this agreement.
At a summit on 16 June in Geneva, United States President Joe Biden and Russian President Vladimir Putin discussed the issue of cyberattacks. Biden expressed his position at this meeting, reportedly suggesting that critical infrastructure should be off-limits and providing 16 sectors that he felt should fall under this category–though he did not tell reporters which sectors were discussed. Biden said he made it clear that the US can respond and will do so if necessary. Biden and Putin have agreed to increase cooperation on cybersecurity issues. According to the Kremlin, “This cooperation should be carried out using specialized channels for data exchange between authorized government agencies, within the framework of bilateral legal mechanisms, as well as in compliance with the provisions of international law.”
While it is promising to see the US and Russia opening a dialogue about cybersecurity, this is a global problem and must be solved multilaterally. The conversation must be expanded to include the rest of the international community, especially important actors like the EU, the UK, China, Iran, North Korea and Israel.
With the frequency and capability of cyberattacks getting out of control, the international community needs to seriously consider creating something akin to Geneva Conventions of cyberwarfare and increasing cooperation on combating cybercrime.
President Biden’s suggestion of critical infrastructure being off-limits could serve as a starting point for negotiating an international agreement. The rules of cyberwarfare could even be based on the rules of conventional warfare. For example, targeting another country’s power grid, water and food supply, hospitals and other necessities should be prohibited.
Likewise, the world must take cooperative action to fight cybercrime. One big step could be creating an international organization dedicated to combating cybercrime. Since cybercriminals are mostly being paid in cryptocurrency, it may also be time for governments to find a way to regulate cryptocurrencies. Additionally, governments that harbor cybercriminals and choose not to punish them could be placed into the same category as those that harbor terrorist groups.
Though not as visible as bombs exploding in a city, cyberwarfare and cybercrime have the potential to be just as destructive and destabilizing, if not more. Negotiating agreements and creating institutions is difficult and time-consuming, but allowing cyberwarfare and cybercrime to continue to escalate unchecked is not an option. If such necessary institutions and agreements are not created to meet this challenge, countries may have to watch as criminals, terrorists and malevolent leaders switch from simply stealing their digital information to shutting off their power or poisoning the water they drink.