Ransomware crisis? We know who to blame
Those who argued that the “flourishing” of the Internet required the U.S. giving up control were in my opinion, hopelessly believing in unicorn and rainbow diplomacy.
I blame President Barack Obama for this debacle.
The Biden administration just issued a warning to all businesses to increase cyber security due to the wave of devastating infrastructure-killing ransomware attacks. The latest one hit the world’s largest meat producer, Australia-based JBS. The company says it is now fully operational, saved by backup servers which were not affected by the attack, BleepingComputer reported.
After the Colonial Pipeline shutdown, companies are going to have to invest heavily in redundant hardware, hardened network systems, and, most importantly, workforce training to avoid further damage. It is going to take time, planning, and of course, money—costs that will be passed on to you and me as consumers. Pipeline operators are now required to work closely with the TSA and CISA, which will review their cyber security footing.
Why Obama? Let us work backwards and dig to get to the root of the problem.
Cyber crime as a service
Ransomware is now commercialized like any other Software-as-a-Service (SaaS) business. Cyber criminals operate like Salesforce.com, SAP, and any other large enterprise, except their business plan is to analyze, target, and sting other organizations with deep pockets, collect the money, launder it, and pay their supply chain.
It’s well-known that Russia shields and enables many of these organizations. In April, Biden’s State Department hit Russia with more sanctions. NBC News quoted the former head of cyber for British intelligence saying that Russia’s role in this activity is “arguably more strategically damaging than state cyber-spying.”
They operate in the open. One example of a Kremlin-linked criminal commercial enterprise is Maksim Yakubets, head of Evil Corp. (I kid you not.)
Maksim Yakubets, 33, is best known as co-leader of a cybergang that cockily calls itself Evil Corp. The Ukraine-born Yakubets lives a flashy lifestyle, He drives a customized Lamborghini supercar with a personalized number plate that translates to ‘Thief,’ according to Britain’s National Crime Agency.
How the Internet works
The Internet isn’t some magic black box that connects websites to browsers. It’s a decades-old collection of communications protocols defined by what’s called RFCs, or “Requests for Comment.” These are maintained by the Internet Engineering Task Force, or IETF. Not all RFCs are active, and some are humorous, like the one for transmitting data via carrier pigeon.
RFC1149 Standard for the transmission of IP datagrams on avian carriers. D. Waitzman. 1 April 1990. (Format: TXT, HTML) (Updated by RFC2549, RFC6214) (Status: EXPERIMENTAL) (DOI: 10.17487/RFC1149)
These published standards form the basis of how everything communicates, which leads to a critical centerpiece that used to be controlled by the U.S. government.
Back in the days when the Internet was developed, it was a project of the Defense Advanced Research Project Agency, known as DARPA. The DOD controlled a great swath of the Internet, and maintained its own servers for dot-mil (.mil) locations. As things evolved into commercial use with the advent of the World Wide Web, many of the functions of allocating address (IP) space, and maintaining the distributed database of domain names (what you type in your browser) fell to private companies like Network Solutions, and the central database was maintained by the Internet Assigned Number Authority (IANA).
IANA operated under the supervision of the National Telecommunications and Information Administration (NTIA), which is part of the Department of Commerce. In 1998, this was semi-privatized into a company called the Internet Corporation for Assigned Names and Numbers (Icann).
In 2014, President Obama decided that Icann needed to come out from under U.S. control, and be owned by the world. On October 1, 2016, it happened. Icann’s actions could no longer be stopped or controlled by the Department of Commerce or anyone in the U.S. government.
This means that Russia and China could now operate what’s called “root servers” that control the master database of what domain points to what address. And if the FSB or Chinese intelligence wanted to “poison” their root servers to alter where their users, or hackers, pointed, to, say, for instance, spoof a large company’s domain to fool its email servers into believing a malicious message was real, well, then there’s not much America could do about it.
If Russia and China wanted to conduct “DNSpionage,” Obama gave them all the keys to the kingdom to do it.
We could have cut them off
If the Icann transfer from U.S. government control had not happened, the U.S. could literally have cut off Russia from the Internet. Just remove their “top level domain” entries dot-ru (.ru) or block their servers from accessing address space, and, poof, no Russia, other than what they could engineer using unblocked space. But then American authorities could easily track them.
Now, Russia can set aside giant swaths of the enormous IPv6 address space, hide it behind sophisticated proxy servers and encrypted tunnels/firewalls, and do really evil stuff. They could hide crypto-currency transactions, shelter cyber criminals, and conduct cyber intelligence operations with state approval, all through completely legal and above-board management changes using Icann.
The Russians loved Bitcoin, because of its untraceable blockchain. If not for Obama’s folly, we could have easily cut off Russian, Bulgarian and other bad actors’ access to the currency, or traced them more easily.
Now, the criminals really have the upper hand.
The Internet was American, but now it’s not. In a Senate hearing, Sen. Ted Cruz, who opposed the Icann handover, asked its CEO Goran Marby if Icann was bound by the U.S. Constitution’s First Amendment. “No,” was the answer.
Those who argued that the “flourishing” of the Internet required the U.S. giving up control were in my opinion, hopelessly believing in unicorn and rainbow diplomacy. They believed that the International Telecommunications Union (ITU), a U.N. organ, could keep Icann from being subverted by Russia and China. They believed in international checks and balances.
They are now proven wrong. The criminals run free, protected by the powerful intelligence organizations who have full access to the entire root server database, to alter it as they wish. It’s not as bad as if Obama, say, gave away all our nuclear codes to the U.N., with Russia and China promising to do likewise, in the belief that doing so would prevent the possibility of nuclear war. But this is close.
Of course the Russians and Chinese took advantage of our trust. And now we reap the consequences. The price of everything will go up, and Russian government-enabled criminals will continue to exact a bounty from our capitalist rumps.
Thank you President Obama and may you never be forgiven.
If you haven’t subscribed to the Racket yet, click the button below to do so while it’s still free. And remember, with the Racket you get MORE than what you pay for!
You can also find The Racket News (@newsracket) on Twitter and Facebook. Join the discussion online with our Racketeers Facebook group.
Follow The Racketeers on Twitter: Jay, Steve, and David.
As always, we appreciate shares. If you see something here that you like, please send it to your friends and tell them that all the cool kids read the Racket!
I'm VERY skeptical that had Obama not had the Dept. of Commerce relinquish its ICANN oversight to an international party that ransomware attacks wouldn't be an issue. For one thing, they were already a problem when the US administered the group[1] and folks writing this crap are VERY good at getting around stuff like centralized DNS control[2].
As simple as life would be if the US ceding ICANN to an international party prevented ransomware, I just don't see that happening in the counterfactual universe.
[1] https://en.wikipedia.org/wiki/Ransomware#History
[2] https://www.darkreading.com/vulnerabilities---threats/botnet-uses-blockchain-to-obfuscate-backup-command-and-control-information/d/d-id/1340240