Until recently, everyone was talking about cyberattacks by intelligence agencies.

Russian hackers bored into the systems of the Bundestag, turned off the lights in Ukraine and sabotaged the opening ceremony of the Olympic Games.

North Koreans stole millions of dollars in open-plan offices and paralyzed train displays around the world.

The experts agreed: When states go into cyber war, it becomes dangerous.

That is still true, but something has been added in the past few months.

Morten Freidel

Editor in politics of the Frankfurter Allgemeine Sonntagszeitung

  • Follow I follow

    Attacks of unprecedented intensity have rocked the West. Hospitals and universities in Germany were hit, and an oil pipeline company in America hit so hard that gasoline ran out of gas at times on the east coast.

    Behind these attacks, however, were not state hackers, but ordinary criminals.

    For them it is not about spying on someone or showing muscles in the competition of the great powers, but solely about the money.

    Attacks have a political dimension

    Nevertheless, their attacks have a political dimension: the extent of them alone threatens the critical infrastructure of nation states, oil, electricity and medical supplies. It is also noticeable that most of the criminal hacker groups are based in Russia and that the country itself has so far been miraculously spared from such attacks. So Russian criminals mainly attack targets outside of Russia. Can that be a coincidence, or does the state tolerate or even support such attacks?

    At first glance, the hacker's business model seems banal: They are looking for access to a company network and download all valuable data: technical plans, customer data, personnel files. Then they encrypt everything. A message appears on the victim's screens with the amount of the ransom to be paid and email addresses for queries. If the victim pays, they usually get their data back; if not, they are usually published. But even if the hackers have been doing similar things for years, they have become very skilled. It's like clumsy pickpockets have become highly intelligent con artists.

    Charles Carmakal is the technical director of the American cybersecurity company FireEye. When hackers disabled the colonial pipelines in America in May, he and his team were called in to help. On Wednesday, he spoke to the Homeland Security Committee in the House of Representatives about the case. He describes the professionalization of ransomware hackers in three steps: Just a few years ago, it was mainly lone fighters who downloaded malware from the Internet and infected as many companies as possible with them. Their tools were crude: they encrypted files at random. Whoever wanted it back had to pay for the key in Bitcoin, usually between 500 and 1000 euros.

    That just often didn't work.

    Rarely was there a key to restore the files, or the criminals wouldn't bother handing it over for the money.

    Then hacking groups started taking over the business, that was the second step.

    There were those who encrypted data and those who extracted data from companies in order to blackmail them.

    The hackers targeted their victims.

    The ransom demanded ranged from $ 50,000 to $ 250,000.