Non-state or quasi-non-state actors preying on commerce for profit. They steal, hold hostages, and some times engage in extortion where if you don’t pay them off, they will break your stuff.
The news of the last 48-hrs about DarkSide and the pipeline held hostage is just another chapter in a long story;
The ransomware group linked to the extortion attempt that has snared fuel deliveries across the U.S. East Coast may be new, but that doesn’t mean its hackers are amateurs.
Who precisely is behind the disruptive intrusion into Colonial Pipeline hasn’t been made officially known and digital attribution can be tricky, especially early on in an investigation. A former U.S. official and two industry sources have told Reuters that the group DarkSide is among the suspects.
You should recognize this for exactly what it is; piracy. The cyber domain, a global common in a fashion, is not that different from another global common, the high seas. Human society has a template thousands of years old of this kind of crime. We also know how to solve it.
Piracy is like any other business, if there is a profit to be made, more people will try to make it.
Piracy usually starts with small victims with small costs. Governments and corporations, both often dangerously short sighted, accept it as the cost of doing business and not worth the trouble. They ignore it as it grows, but eventually it gets too big and too powerful, and hopefully that trigger point is small enough to be quickly managed. If you wait too long, the threat to commerce becomes a national security threat.
For decades, criminals, nee pirates, in the cyber domain have been holding small companies, local governments, and even individuals hostage, blackmailed, or even vandalized. The government, in the responsible law enforcement entity of FBI and DOJ, have not been engaged to the level they need to be going after this international criminal conspiracy. They have been doing other things while this threat has grown. It is so effective that the non-state and quasi-non-state actors have been joined by governments in this enterprise for fun and profit.
Nation states cannot let piracy stand. It is best to crush them when a small threat, but when large, the need is even greater.
As I asked over on twitter;
If someone threatened to sink a container ship to block the port at Long Beach that was at anchor blocking the port right now unless a ransom was paid, would we say that was a "private sector decision" to pay the ransom or not?
Critical infrastructure is critical infrastructure
We need to raise the Blood Flag.
Of course, in our overly civilized times, we cannot gibbet cyber criminals from the lampposts in front of DOJ or 10th Fleet HQ (however …) but there are other things we can do.
In conjunction with the CIA – as many of these threats are overseas – we need to make this business no longer profitable.
Destroy their systems. Take their property or render it useless. Seize their assets. Find the embarrassing information about their principals and make it public. Seize the individuals when possible and give them to SDNY's most dyspeptic attorneys.
What we cannot do is have our government state that this is a “private sector problem” anymore than we would tell shipping companies that piracy on the high seas is a private sector problem.
Raise the Blood Flag and get our geeks to work.