EXCLUSIVE: Ex-U.S. counterintel chief: Russia could halt cyber strikes ‘in one moment’


President Vladimir Putin has repeatedly denied Moscow’s involvement in the surge of ransomware attacks targeting the U.S., but a recently retired U.S. spy chief says there’s no question Russian intelligence has influence over the hacking operations.

The reason: The cyberattacks fit in with Mr. Putin’s larger strategy to undermine American democracy and economic power.

“The Russian government could shut this down in one moment if they wanted to,” said William R. Evanina, who tracked Russian and other hostile operations against the U.S. as director of the National Counterintelligence and Security Center until early this year and previously as chief of the CIA’s “counterespionage” group.

While Mr. Evanina generally praised the Biden administration’s attempts to elevate the government’s response to the growing drumbeat of ransomware and other cyberattacks, he told The Washington Times in an interview that U.S. intelligence could engage in dramatically more aggressive cyber operations to counter the Russian hacking.

“We always have a list of targets,” Mr. Evanina said. U.S. intelligence “can reach out and touch anybody, any time we want.”

But he said the offensive cyber operations have been held back by a range of legal and policy concerns — as well as the prospect of triggering a “cascading escalation” with the Russians.

He made the comments as President Biden and Mr. Putin engaged in their high-stakes summit this week, an event came in the wake of allegations of Russian intelligence involvement in last year’s SolarWinds hack, which was viewed as the worst cyber-espionage breach ever against American government agencies, as well as last month’s Colonial Pipeline ransomware attack that nearly crippled gasoline supplies across the U.S. Southeast.

U.S. cyber forensics investigators have pinned both attacks on hackers operating from inside Russia, and Mr. Biden presented Mr. Putin with a list of critical American infrastructure systems that should be off-limits for future ransomware and cyberattacks during Wednesday’s summit, warning that the U.S. has “significant cyber capability” to respond if such attacks were to occur.

In his own press conference, Mr. Putin denied Russian involvement in any cyberattacks, claiming “Russia isn’t on the list” of countries the attacks could have originated from. He told NBC News ahead of this week’s summit that the charges were “farcical.”

Mr. Evanina, who currently runs the Evanina Group, a firm focused on advising CEOs and board of directors on strategic corporate risk in the cybersecurity and other arenas, said in the interview that the recent attacks have been carried out by “a criminal element in Russia [that is] unable to operate without the express or implied protection of the [Russian] intelligence services.”

“They’re being protected by the Russian Federation,” he said, drawing a parallel to Russian meddling in the 2016 U.S. election via the “Internet Research Agency,” a pseudo-private Russian firm that manipulated American social media accounts in coordination with Russian intelligence prior to being neutralized by U.S. counter cyberattacks.

The Internet Research Agency was “an ‘independent contractor’ in Russia, but if anybody thought they were doing that without the instruction of the intelligence services, it would be foolish and naive to say the least,” Mr. Evanina said, adding that the current wave cyber operations fits under Mr. Putin’s modus operandi of doing “anything he can to destabilize our democracy.”

The Biden administration has scrambled to respond in the wake of the Colonial Pipeline attack, but some are criticizing the White House for not explicitly addressing the threat for what it is: a state-sponsored campaign that will only get worse until U.S. leadership confronts it.

Leon E. Panetta, a former CIA director and Obama administration defense secretary, recently told C-SPAN that the U.S. “lacks an effective national strategy” for dealing with cyberattacks.

“We also need to have an offense as well that can make clear to our adversaries — whether it’s Russia, or China or North Korea or Iran or terrorists — that if they’re going to continue these kinds of attacks on the United States, they, too, will have to pay a price,” Mr. Panetta said.

Prior to Wednesday’s summit, Mr. Biden stopped short of directly blaming the Kremlin for authorizing the Colonial Pipeline attack.

“So far, there is no evidence based on, from our intelligence people, that Russia is involved,” the president said in the immediate aftermath of the attack, although he added that “there’s evidence that the actors, ransomware, is in Russia” and that the Russian government has “some responsibility to deal with this.”

Mr. Evanina said one of the primary challenges is the elusive reality of the cyber-realm. “People don’t understand it, they don’t see it, they don’t taste it,” he told The Times. “It’s not like terrorism, where there is kinetic value, where you get to see people hurt. It’s invisible.”

But the sophistication of ransomware attacks has risen dramatically in recent years, he said.

“Two years ago, you had criminals or ransomware threat actors who would lock down your systems and then you would have to pay to have them unlocked. It was a simple formula,” Mr. Evanina said. “Now, ransomware has turned into a data issue. Data is the huge commodity right now. So now there are ransomware actors, criminals, who can steal your data and use your data as a bargaining chip for remuneration.”

Such was the case with Colonial Pipeline. Hackers first locked important proprietary company files, then threatened to make them public if the company didn’t pay up.

“They’ve upped the game and they’ve upped the ante,” Mr. Evanina said.

He cautioned against dismissing the seemingly small ransom demands in recent cases. In the Colonial attack, the hackers sought only $4.4 despite reports from a company with assets of more than $3 billion.

“Four million dollars will fund a lot of stuff in Moscow,” Mr. Evanina said. “…We’re talking about astronomical numbers” when one considers the full slate of ransomware attacks in recent months — a slate that includes incidents not publicized or reported to government agencies.

While he said “we don’t know” how much is really being paid in ransom, Mr. Evanina estimated it’s in the “tens of millions upon hundreds of millions of dollars.”

Colonial CEO Joseph Blount testified to Congress earlier this month that the decision to pay was “the hardest” he’s ever made in 39 years in the energy industry.

The White House itself faced criticism for saying it hadn’t offered advice to Colonial on whether or not to pay the ransom — prompting charges the administration is leaving American companies to fend for themselves against Russian state-sponsored cyberattacks.

‘Dramatic increase’

Mr. Evanina was a career FBI official before getting tapped in 2014 to head U.S. counterintelligence under President Obama and then staying on through the Trump administration.

He broadly defended recent cybersecurity policy moves by the Biden administration, including Mr. Biden‘s executive order last month requiring federal agencies to increase their basic cybersecurity protections and setting new security standards for software contractors with the federal government.

Mr. Evanina told The Times the administration has “the right concepts in place” to improve both government and private-sector preparedness. With not only Russia, but China and Iran also “getting more brazen with their cyberattacks,” he said, “we’re going to have to respond accordingly and I think the Biden administration is doing that.”

He stressed, however, that “there needs to be more aggressive intelligence-sharing” between the government and the private sector.

“We have to have the ultimate public-private partnership here, with the government to be able to provide as much information as possible about the networks and the criminal elements — whether or not they are state sponsored — to the sectors and corporations so that CEOs can make value-added business decisions of whether or not they’re going to pay,” Mr. Evanina said.

“There [also] needs to be a concerted effort by industry to take precautions that are necessary to prevent ransomware in the first place and those precautions start with basic cyber-hygiene,” he said, pointing to things like increased employee awareness of potential spear-phishing emails.

The Justice Department said earlier this month it was elevating investigations of ransomware attacks to a similar priority as terrorism. The move has prompted speculation that future U.S. action against cyber criminals could soon mirror aggressive tactics used against global terror groups over the past two decades.

Mr. Evanina predicted “a dramatic increase” is coming in U.S. cyber operations, both the U.S. intelligence community and the Pentagon’s Cyber Command.

Despite the legal and policy implications at play, “I think you’re going to see an opening of the optic so the American people and the world will see that we are going to continue to fight back but we will be more transparent about it.”

• Dave Boyer, Jeff Mordock and Ryan Lovelace contributed to this article.

Sign up for Daily Newsletters

View original Post


Please enter your comment!
Please enter your name here