Puttin’ Putin on Notice—We Will Hack Russia Back

If Russia launches cyberattacks on the U.S. or on NATO allies, it risks being hacked back. This warning comes amid rising tensions around Russia’s (ahem) “peacekeeping” in eastern Ukraine.

Deputy Attorney General Lisa O. Monaco (pictured) warned of the change in policy in last week’s Munich meeting. And the UK has promised to use its similar “offensive cyber capability.”

Monaco identified the dismantling of Emotet as a template. In today’s SB Blogwatch, we wish you a merry 2/22/22, too.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: Star Turns.

Monaco: Not Just a Tax Haven

What’s the craic? Jeff Seldin reports—“US, Allies Warn Possible Russian Cyberattacks Could Reverberate Globally ”:

Let cybercriminals do the work
U.S. Homeland Security Department officials said that for the moment, there were no specific or credible threats indicating an attack like NotPetya is about to be unleashed against the United States. But they said they were not taking any chances and were closely collaborating with Ukraine and other allies, just in case.

Some officials remained concerned that Russian President Vladimir Putin would give the order to target countries beyond Ukraine as part of any military action against Ukraine. … U.S. agencies are likewise worried that as tensions escalate, Russia may be tempted to ramp up cyber operations.

Not all cyber experts are convinced Russia will resort to cyberattacks to hurt the West, even if the U.S. and its allies make good on promises to hit Moscow with severe economic sanctions. [But] Russia might be willing to let cybercriminals do the work instead, perhaps releasing a number of ransomware actors it has arrested in recent weeks.

Scary. Simon Sharwood says, “US to attack cyber criminals first, ask questions later”:

Disruptive actions
Deputy attorney general Lisa O. Monaco, in a speech at the Munich Cyber Security Conference … revealed new policies that may see [the DoJ] undertake pre-emptive action against cyber threats. [She said] different tactics are needed “when threat actors seek safe haven in rogue countries or work on behalf of a foreign government.”

The policy will see prosecutors, agents and analysts assess “whether to use disruptive actions against cyber threats.”

What else did Monaco say? Here are her “Remarks as Delivered”:

Unprecedented cooperative effort
As conventional weapons and cyber threats stare down Ukraine, we are reminded that cybersecurity is global security — and we can’t afford to consider one without the other. … Last year at this conference … I warned of a pivot point in the cyber threat—a blended threat of nation-states and criminal gangs forming alliances of convenience and working together to exploit our own infrastructure against us.

We continue to confront cyber criminals who enjoy safe haven in authoritarian countries and who wreak havoc in both the digital and physical worlds. … We should consider the use of all available tools [which include] disruptive capabilities.

Last year for the first time ever, we used a traditional search warrant to execute code and erase digital backdoors, making hundreds of victim computers safe; and in an unprecedented cooperative effort, the FBI and international partners … all worked together and dismantled the Emotet botnet. … This is a challenge that no country can tackle alone.

Which other countries are “tackling” it? The UK certainly is, says Rob Merrick—“UK ready to launch retaliatory cyber-attacks on Russia”:

In a Commons statement, Ben Wallace … the defence secretary … pointed to the “offensive cyber capability” the UK is already developing from a base in the north west of England. … Last March, Mr Wallace unveiled a new … National Cyber Force [which] “will lie at the heart of defence and GCHQ’s offensive cyber capability.”

But why is this not a secret? Don’t quibble with quonset:

Starts the wheels of paranoia turning
By broadcasting your overall intentions, it gives your opponent something to think about. [It’s] something else to try and counter, something else to distract them.

It’s the same reason we keep releasing information about Russia’s plan to invade. By us saying the plans have been delivered to the staging areas, by showing satellite images of the build up troops only a few kilometers from Ukraine’s borders, troops who are now in a combat ready state, by putting out the concerns Russian generals have about the cost in men and materiel that will occur during an invasion, we’re letting Putin know we can peer inside his inner workings.

That’s not something you want to hear and starts the wheels of paranoia turning. If your adversary knows this semi-granular information, what else do they know?

We’ve been here before. Laurens Cerulus, Eric Geller, Maggie Miller and Mark Scott ask, “What’s the West to do?”:

Fight fire with fire
In the brewing conflict over Ukraine, cyberattacks are becoming too big a problem for the West to ignore. The Ukrainian government has twice suffered major attacks in the past weeks.

The incidents happening in cyberspace have not significantly altered the course of diplomacy around Ukraine so far. … The onslaught has the West scrambling for a response. … The question is: Respond how exactly?

Why not fight fire with fire? … The clearest case is the U.S. Cyber Command … which took down the Internet Research Agency based in St. Petersburg in 2018 to prevent it from spreading misinformation about the mid-term election.

But are we guilty of double standards? EGreg sees one rule for Russia and another for ourselves:

USA encourages separatists and regime change all the time, often halfway around the world. Just in the last 20 years, we had invasion and occupation of Iraq, refusal to leave despite unanimous vote by Iraqis, invasion and occupation of Afghanistan, Libya (abandoned it to be a failed state), training rebels in Syria, while fighting a proxy war in Yemen, and so forth.

Russia has encouraged and supported the separatists in Transnistria (Moldova), Ossetia (Georgia), etc., from what would otherwise be aggression by their host countries. Many people there are grateful to Russia, while many in the host countries are very upset.

Anyway, would it even work? Here’s swm’s analysis:

I don’t know that cyber-attacks will have much effect in a place like Russia. They can probably fall back to paper and pencil without too much difficulty.

Meanwhile, smoyer has been reading the runes:

I think they’ve already launched the most financially devastating attack imaginable for U.S. corporations – have you noticed that Slack is down?

And Finally:

Headturning stuff

Hat tip: dunk3d

Previously in And Finally

You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites … so you don’t have to. Hate mail may be directed to @RiCHi or [email protected]. Ask your doctor before reading. Your mileage may vary. E&OE. 30.

Image sauce: DoJ (public domain)

Richi Jennings

Richi Jennings is a foolish independent industry analyst, editor, and content strategist. A former developer and marketer, he’s also written or edited for Computerworld, Microsoft, Cisco, Micro Focus, HashiCorp, Ferris Research, Osterman Research, Orthogonal Thinking, Native Trust, Elgan Media, Petri, Cyren, Agari, Webroot, HP, HPE, NetApp on Forbes and CIO.com. Bizarrely, his ridiculous work has even won awards from the American Society of Business Publication Editors, ABM/Jesse H. Neal, and B2B Magazine.

richi has 516 posts and counting.See all posts by richi