The CIA is watching Russian hackers closely, but can not see them

Why does the USA persistently accuse Russia of hacker attacks? Why does President Putin decide to look into the problem?

The CIA monitors Russian hacker attacks

William Burns, who took office as CIA Director in March, said in an interview with NRP that the struggle of the Russian authorities against hacker groups operating in the country would show that Moscow was serious about cooperating with Washington on cybersecurity.

When asked if the pace of cyberattacks emanating from Russia was slowing down, he replied that it was not yet clear. According to him, there are two forms of hacker attacks:

• the first one is a state-sponsored attack, as in the case of SolarWinds,
• the second one is about ransomware.

He also recalled that Joseph Biden at a meeting with Vladimir Putin in Geneva and in a subsequent telephone conversation with him demanded Russia should stop extortionists.

"I made it very clear to him that the United States expects when a ransomware operation is coming from his soil, even though it is not sponsored by the state, we expect them to act. It went well. I am optimistic," Joe Biden told reporters following his meeting with Putin in Geneva.

William Burns noted that after the Geneva summit, there was one extortion incident, which REvil group was responsible for.

Biden gave Putin six months, during which the CIA would be watching Russia, Burns said.

Commenting on the actions of the ransomware hackers, who attacked the Colonial Pipeline on May 7, Kaspersky Lab cybersecurity expert Dmitry Galov told Interfax that they were not necessarily members of the group called DarkSide (that appear in official statements from US officials). According to Galov, they could use a ransomware of the same name as part of an "affiliate program".

"DarkSide is a typical representative of cybercriminal groups primarily aimed at obtaining financial profit. They would commonly work as Ransomware-as-a-Service, that is, they would develop malware, provide necessary conditions for an attack, including a hosting platform and negotiations. To conduct the attack, the hackers would attract "partners" whom they would offer to use their developments "by subscription" in return for a share of the ransom that they receive," Galov said.

According to him, the goal of the "partners" is to infiltrate the infrastructure of the victim and launch the malware.

The expert said that there are versions of the DarkSide ransomware for Windows and Linux operating systems. Both versions have a secure cryptographic scheme, so decryption without a key from intruders is impossible.

Commenting on Washington's belief about the hackers' country of residence, Galov said that at the moment one could only say for certain that "the group of hackers does not operate in the CIS, and some of its members speak Russian".

As for REvil cybercriminal group, US TV broadcaster CNBC published an article under the headline: Russian-linked cybercriminal group REvil behind meatpacker JBS attack. In the article, a representative of Arete Incident Response cybersecurity company stated that REvil hackers allegedly enjoy the protection of either the Russian intelligence or the Russian government. At the same time, the article provided no evidence to prove that.

Why Putin promised to help Biden

The USA imposed sectoral sanctions against Russia in April that banned companies from buying Russian bonds due to the attack on SolarWinds.

Nevertheless, the Russian president promised Biden help against the extortionists. Russia and the United States are to hold first consultations on cybersecurity with the new American administration next week. The talks will be devoted to the topic of ransomware.

In a comment for Pravda.Ru, Chief Researcher at the Institute of the USA and Canada Vladimir Vasiliev noted that the Americans are very interested in identifying the sources of those cyberattacks, because the attacks exposed vulnerability of American companies to hackers.

All specialists admit that it is almost impossible to determine the geographical location of ransomware hackers, the expert said. Interestingly, new reports that have recently appeared in US media say that the above-mentioned hacker attacks may have come from China, but not Russia.

The Americans do not succeed in calculating with the point of the pen. Therefore, they do hope that consultations with Russia will help fill the gaps in the activities of their intelligence services," said Vladimir Vasiliev. The talks will also give one party an opportunity to see the capabilities of the other.