Because crime takes place in the virtual world of a country
Law enforcement struggles to bring cybercriminals to justice in America
Putin has not responded to Washington's accusations so far.
archival
Joe Biden devised a plan to respond to ransomware attacks.
archival
The Russian-linked Revel Group carried out the cyber attack on Cassia.
AFP
picture
When a crime occurs, it makes sense for investigators to come and identify the culprit, the police arrest him and then go on trial. This is how we think about handling the crime, but as is the case now with some ransomware victims, this process can become more complicated when The criminal is in another continent and the crime occurs in virtual reality.
Significant impact
In recent months, a series of ransomware attacks have compromised critical infrastructure and disrupted daily life across the United States and globally, with one massive attack a few days ago potentially affecting software company Cassia, in the United States. More than 1000 companies around the world.
Internet researchers say the attack was carried out by the Revel Group, which has suspected links to Russia, and also hit meat manufacturer GPS Foods last month, Apple supplier Quanta Computer in April, and Apple Inc. Acer Electronics, in March.
This hacking is not limited to Revel alone, as it is believed that hackers with links to Russia were behind the attacks on Solar Wind and Colonial Pipeline. VPN Plus Secure” is hacked by hackers operating from China.
Ransomware gangs have managed to obtain millions of dollars in ransoms in recent months, and the Revel gang is now demanding $70 million for its disclosure of the decryption tool, after its attack on Cassia, and the US authorities generally discourage companies from paying the ransom. , on the grounds that doing so encourages cybercriminals to continue their criminal activities.
However, bringing them to justice is a more complex process, involving a network of local, federal and even international authorities, and the process can take years, with no guarantee of success, during which time, the number of ransomware attacks will continue to increase, and prominent hacker groups often accelerate Like Revel in admitting responsibility for the attacks, the process of tracing the actual individuals behind those groups, and their whereabouts, can be very difficult.
Cybersecurity experts recommend that affected organizations contact local law enforcement, the FBI, and often other federal agencies, such as the Department of Homeland Security and the US Computer Emergency Preparedness Team, early in the process as well.
The worst year for cyberattacks
In April, the US Department of Justice launched an anti-ransomware task force, after one memo described it as the worst year ever for these types of cyberattacks, with the goal of uniting efforts across the federal government to track down and disrupt ransomware attackers.
“The hacker groups are part of organized criminal gangs, often operating remotely and in a decentralized manner,” says Pino Arora, co-founder and CEO of cybersecurity firm Sibel. “These actors often deploy intermediaries to communicate with each other.”
Private companies, which are often victims of ransomware attacks, may not be able to tell “who actually attacked them” due to the complex nature of the attackers, according to Fidelis Cybersecurity CEO and former Defense Department researcher Anoop Ghosh. “Unlike a physical attack,” he says. Since you can identify the attacker, it is very difficult in cyberspace to identify the source of the attack with certainty.”
Cross-border chases
If the ransomware attackers are located in a different country, as is often the case, that requires US officials to pursue international cooperation and diplomacy to limit actions that may further slow and complicate the prosecution process, says Flatiron School's head of cybersecurity, Brett Vand “The main challenges in bringing international hacker groups to justice are extradition claims that involve more bureaucracy than our international counterparts,” he adds, “and this means having fewer resources on the ground to investigate, gather information and support cross-border prosecution.”
And if that's not enough, some countries are also using diplomatic bargaining to gain access to cybercriminals, according to cybersecurity firm Exact IT Solution's CEO, Brian Hornung.
“Russia sees cyber attacks as a way to sow discord and strike democracy in the United States,” Hornung says, referring to Russia's stated willingness to extradite criminals only if the United States reciprocates.
The administration of US President Joe Biden is ramping up its efforts to finalize a government-wide strategy on how to respond to ransomware attacks, as the National Security Council has been coordinating an action plan in recent days, according to officials and experts involved in the discussions. Finally, Jane Psaki, another meeting on this subject is expected next week between US and Russian officials.
Biden confronted Russian President Vladimir Putin about the consequences of the ransomware attacks during their summit in Geneva, and Biden said that "if this was done with the knowledge or assistance of Russia, I told Putin that we will respond to it."
Extradition
After the attackers or hacker groups have been located and prosecuted abroad — often with the help of law enforcement agencies such as Interpol and Europol — the next challenge is to get them back into the American justice system. The United States has extradition treaties with more than 100 countries, but there are dozens of Of the countries that have not signed these agreements with America, including Russia and China, and in these cases, the American authorities often wait until the intruders travel to an ally country in order to arrest and extradite them, as they did with the Russian hackers Alexei Burkov (from Israel) in 2019 and Yevgeny Nikulin (from the Czech Republic) in 2018.
Burkov pleaded guilty to several charges against him and was sentenced to nine years in prison last June for operating websites that sell stolen data. Nikulin was sentenced to more than seven years in prison, a few months later, for hacking companies like LinkedIn and Dropbox.
Such renditions can often take years. Borkov and Nikulin, for example, were sentenced more than five years after their initial crimes, and in Burkov's case the rendition alone took nearly four years.
Bringing those involved in ransomware attacks to justice is a complex process that involves a network of local, federal and even international authorities.
The Biden administration is ramping up its efforts to finalize a government-wide strategy on how to respond to ransomware attacks.
• In recent months, a series of ransomware attacks have compromised critical infrastructure and disrupted daily life across the United States and globally.
• Ransomware gangs have managed to obtain millions of dollars in ransom in recent months, and the "Revel" gang is now demanding $70 million in exchange for disclosing the decryption tool, after its attack on the "Cassia" company.
Follow our latest local and sports news and the latest political and economic developments via Google news