Alan W. Dowd is a Senior Fellow with the American Security Council Foundation, where he writes on the full range of topics relating to national defense, foreign policy and international security. Dowd’s commentaries and essays have appeared in Policy Review, Parameters, Military Officer, The American Legion Magazine, The Journal of Diplomacy and International Relations, The Claremont Review of Books, World Politics Review, The Wall Street Journal Europe, The Jerusalem Post, The Financial Times Deutschland, The Washington Times, The Baltimore Sun, The Washington Examiner, The Detroit News, The Sacramento Bee, The Vancouver Sun, The National Post, The Landing Zone, Current, The World & I, The American Enterprise, Fraser Forum, American Outlook, The American and the online editions of Weekly Standard, National Review and American Interest. Beyond his work in opinion journalism, Dowd has served as an adjunct professor and university lecturer; congressional aide; and administrator, researcher and writer at leading think tanks, including the Hudson Institute, Sagamore Institute and Fraser Institute. An award-winning writer, Dowd has been interviewed by Fox News Channel, Cox News Service, The Washington Times, The National Post, the Australian Broadcasting Corporation and numerous radio programs across North America. In addition, his work has been quoted by and/or reprinted in The Guardian, CBS News, BBC News and the Council on Foreign Relations. Dowd holds degrees from Butler University and Indiana University. Follow him at twitter.com/alanwdowd.

ASCF News

Scott Tilley is a Senior Fellow at the American Security Council Foundation, where he writes the “Technical Power” column, focusing on the societal and national security implications of advanced technology in cybersecurity, space, and foreign relations.

He is an emeritus professor at the Florida Institute of Technology. Previously, he was with the University of California, Riverside, Carnegie Mellon University’s Software Engineering Institute, and IBM. His research and teaching were in the areas of computer science, software & systems engineering, educational technology, the design of communication, and business information systems.

He is president and founder of the Center for Technology & Society, president and co-founder of Big Data Florida, past president of INCOSE Space Coast, and a Space Coast Writers’ Guild Fellow.

He has authored over 150 academic papers and has published 28 books (technical and non-technical), most recently Systems Analysis & Design (Cengage, 2020), SPACE (Anthology Alliance, 2019), and Technical Justice (CTS Press, 2019). He wrote the “Technology Today” column for FLORIDA TODAY from 2010 to 2018.

He is a popular public speaker, having delivered numerous keynote presentations and “Tech Talks” for a general audience. Recent examples include the role of big data in the space program, a four-part series on machine learning, and a four-part series on fake news.

He holds a Ph.D. in computer science from the University of Victoria (1995).

Contact him at stilley@cts.today.

Spotlight on America: U.S. Retrieves Millions in Ransom Paid to Colonial Pipeline Hackers

Tuesday, June 8, 2021

Categories: ASCF News Cyber Security

Comments: 0

Source: https://www.wsj.com/articles/u-s-retrieves-millions-paid-to-colonial-pipeline-hackers-11623094399

Fuel tanks at a Colonial Pipeline station in Washington. PHOTO: DREW ANGERER/GETTY IMAGES

WASHINGTON—U.S. authorities have recovered millions of dollars in digital currency paid to the hackers who hit a major East Coast fuel pipeline with a ransomware attack last month, in a law-enforcement operation that officials said demonstrated progress undermining criminals’ ability to disrupt American commerce and critical infrastructure for profit.

Investigators seized about 64 bitcoin, valued at roughly $2.3 million, from a virtual wallet—the alleged proceeds from the ransom hack carried out by a suspected Russian-based criminal gang on Colonial Pipeline Co., the Justice Department said.

“The extortionists will never see this money,” Stephanie Hinds, acting U.S. attorney for the Northern District of California, where the seizure warrant was obtained, told reporters. “This case demonstrates our resolve to develop methods to prevent evildoers from converting new methods of payment into tools and extortion for undeserved profits.”

Senior Biden administration officials have in recent weeks characterized ransomware, in which criminals take an organization’s data or computer system hostage for ransom, as an urgent national-security threat. In just the past month ransomware attackers linked to Russia have threatened the nation’s fuel and meat supply, and poorly defended school systems, hospitals and local governments have suffered increasingly frequent ransomware attacks.

Ransomware has also become a diplomatic issue for the U.S., because the perpetrators of the attacks often appear to reside in countries unwilling to extradite them to the U.S., like Russia or North Korea. President Biden and other officials have said there is no evidence the Russian government was involved in the Colonial attack, but have condemned Russian President Vladimir Putin for allowing criminal hackers to target the U.S. freely. Mr. Biden intends to discuss the matter with Mr. Putin at their summit in Geneva on June 16.

“One of the things that President Biden will make clear to President Putin when he sees him is that states cannot be in the business of harboring those who are engaged in these kinds of attacks,” Secretary of State Antony Blinken said Monday in congressional testimony.

Mr. Putin has broadly denied Western accusations about cyberattacks originating in Russia and said on Russian state television last week that it was absurd to suggest any Russian involvement in recent ransomware attacks

Last month Colonial Pipeline, which transports gasoline, diesel, jet fuel and other refined products from the Gulf Coast to Linden, N.J., was shut down for six days as the company responded to the ransomware attack on its business systems. The company voluntarily took the pipeline offline due to concerns the hack would spread, and the stoppage spurred a run on gasoline along parts of the East Coast that pushed prices to the highest levels in more than six years and left thousands of gas stations without fuel.

The FBI officially discourages victims from paying ransoms because doing so can fuel a booming criminal marketplace and often won’t actually result in the restoration of the frozen computer systems. But the pipeline company’s Chief Executive Officer Joseph Blount told The Wall Street Journal the company paid $4.4 million to the hackers because executives were unsure how badly the cyberattack had breached its systems or how long it would take to bring the pipeline back online.

The ransom amounted to 75 bitcoin, a person familiar with the payment said, of which 64 was recovered. Because the cryptocurrency fluctuates dramatically in value, the dollar value recovered was only a little more than half the dollar value of the ransom payment.

In a statement Monday, Mr. Blount said Colonial plans to keep sharing “intelligence and learnings” with federal agencies, and that its goal was to help other critical infrastructure companies harden their cyber defenses and collaborate across industries to thwart attacks.

“Holding cyber criminals accountable and disrupting the ecosystem that allows them to operate is the best way to deter and defend against future attacks of this nature,” Mr. Blount said.

Mr. Blount is scheduled to testify at the Senate about the hack and pipeline outage on Tuesday and again before a House committee on Wednesday.

On Monday investigators obtained a seizure warrant from a magistrate judge in northern California that enabled authorities working with Colonial Pipeline to capture the bitcoin from the virtual wallet linked to the hacking group.

The FBI had tracked Colonial’s ransom payment across several bitcoin addresses in May, court documents show.

Law-enforcement officials often work with private-sector analysts who can track cryptocurrency transactions across public ledgers known as blockchains. By mapping clusters of virtual wallets and cross-referencing their transactions with intelligence about hacks, analysts say, they are able to reliably trace many ransom payments.

Upon receiving payouts from victims such as Colonial, hackers often switch funds among several wallets to cover their tracks or pay affiliates, as well as convert ransoms to different cryptocurrencies or hard money at exchanges. Law-enforcement officials can step in with search warrants and seize funds from the exchanges, analysts say.

“Because bitcoin transactions are available on a publicly distributed ledger, in many cases law enforcement can trace bitcoin payments and track stolen funds,” said Sujit Raman, a former senior Justice Department official. “When cybercriminals use bitcoin, that can sometimes be more traceable than just using cash or fiat currency.”

U.S. law enforcement have previously seized ransomware proceeds and other cryptocurrency sums, including more than $1 million tied to a Palestinian militant group last year. Officials Monday indicated they intended to more frequently seek to recover funds paid to ransomware operators to disincentivize the activity.

Administration officials and some lawmakers have in recent weeks called for consideration of tighter regulations of digital currencies, noting they have enabled ransomware groups and other criminals to extort victims.

The FBI has previously blamed the Colonial Pipeline attack on DarkSide, a prolific ransomware group that U.S. officials say is based in Russia and that security researchers say has made tens of millions over the past year, often by sharing its malware with affiliate criminals and then splitting proceeds. Tom Robinson, co-founder of blockchain analytics firm Elliptic, which tracked the Colonial-to-DarkSide transaction, said the amount seized appears to represent DarkSide affiliates’ share of the stash.

Investigators have identified over 90 victims of DarkSide ransomware across several critical infrastructure sectors, including manufacturing, legal, insurance, healthcare and energy, FBI Deputy Director Paul Abbate said Monday.

DarkSide told associates last month that it was shutting down in the wake of the pipeline hack, citing pressure from U.S. law enforcement. Security researchers, however, said it is not uncommon for ransomware groups such as DarkSide to disband, only to pop up later under a different name.

Comments RSS feed for comments on this page

There are no comments yet. Be the first to add a comment by using the form below.

Search