Would you pay a cyber ransom?

Would you pay a cyber ransom?

A few days ago, cyber criminals hacked into one of the largest oil pipelines in the US, which halted operations after its corporate IT network was knocked offline. If the engineers don't fix the system on their own or the owners cough up the ransom that the hackers are demanding, millions of Americans will soon feel the heat of cybercrime in their daily lives, through higher prices at the gas pump.

Who pulled off this attack, and what does it tell us about the vulnerability of critical infrastructure and the rules (or lack thereof) in cyber conflict today?


The culprit. The US government has blamed the Colonial Pipeline cyberattack on DarkSide, a relatively new group of veteran hackers from Eastern Europe famous for bragging about its exploits online, and leaking data dumps from victims who don't pay up. The DarkSiders style themselves as Robin Hoods of the hacker world, donating (a minuscule) part of their profits to global NGOs such as Children International and The Water Project. But this time they may have bitten off a bit more than they can chew.

DarkSide issued on Monday a rare apology for creating "problems" to society, insisting they only want money and are not at all interested in politics, although they do seem to avoid former Soviet bloc nations. That's common for cyber criminals based in these countries, whose governments will look the other way as long as hackers target victims outside their borders.

One of those governments is that of Russia, with a long history of outsourcing its dirty cyber work to unscrupulous hackers. Joe Biden says there's no evidence that the Kremlin was involved this time, but does have "some responsibility."

The problem. The fact that a bunch of geeks armed with laptops shut down a pipeline that serves 45 percent of America's oil refineries shows that US critical infrastructure is a lot more vulnerable to cyber-extortion than we'd like to think. And the Biden administration's $2 trillion plan to upgrade US infrastructure across the board turns cybersecurity into an even more urgent concern.

As always, the pandemic has made everything worse. Ransomware attacks — and cybercrime in general — have boomed in COVID times, largely as a result of IT systems that became more vulnerable when companies rushed to adapt them for remote access. Moreover, hackers are now targeting bigger firms for a lot more money thanks to the rise of cryptocurrencies, which make it easier for them to get paid and harder to trace.

Ransomware attacks are particularly problematic for companies and countries because they are forced to make a tough choice: pay off hackers and risk encouraging further such attacks, or hold out and take the economic or social disruption on the chin.

The response. The Colonial Pipeline hack shows how cyberattacks can do severe damage to a country by disrupting critical infrastructure. But as we've written before, these types of operations are hard to prevent, and even harder to attribute and respond to.

So far, the US government has declared a state of emergency to keep the oil flowing to the Eastern Seaboard. But at this point it can't do much more to stop the hackers, or hold them responsible for a brazen attack that would otherwise be considered an act of war against America. It can't even prevent the corporation from paying the cryptocurrency ransom.

What it can do mostly depends on whether a foreign government was involved, or aware of what DarkSide was cooking. If that's confirmed later on, the US may want to hit that country harder than with the usual economic sanctions. There could even be political pressure to respond proportionately in cyberspace — perhaps with a similarly damaging attack. And when the cyber gloves are off, things could get very bad, very fast.

All businesses have a role to play in accelerating the transition to a low-carbon, sustainable economy.

That's why Bank of America is part of the Partnership for Carbon Accounting Financials, a group of financial institutions working to assess and disclose the greenhouse gas (GHG) emissions associated with their loans and investments.

Betrayal. Treason. Duplicity. These are some of the words used by the French government to describe the US' recent decision to freeze Paris out of a new security pact with the UK and Australia in the Indo-Pacific, which nixed a contract for Australia to buy French submarines.

Macron's subsequent tough stance against one of its oldest and closest allies is unusual, including his decision to briefly recall the French ambassador from Washington, the first time a French president has done so. But this headstrong strategy is also a deliberate diplomatic choice.

More Show less

Can the UK join a North American trade deal? The acronym for the US-Mexico-Canada Agreement was never all that elegant, but now London wants to throw two more letters into that soup. That's right, the UK wants to join USMCA, the trade pact brokered by the Trump administration in 2020 as an update to the 1990s-era NAFTA agreement. London had hoped that Brexit would free it up to ink a bilateral free trade deal with the US, but as those talks have stalled in recent months, PM Boris Johnson now wants to plug his country into the broader three-party deal. The fact that the UK already has deals with Canada and Mexico should help, in principle. But it would doubtless be a complex negotiation. And there's at least one huge hurdle: US officials are reportedly unaware of any mechanism at all for bringing aboard additional countries.

More Show less

1 billion: US House Democrats this week voted to cut $1 billion worth of military aid for Israel. The money — which was stuffed into a larger appropriations bill meant to fund the US government and raise the debt ceiling — was supposed to go specifically to Israel's Iron Dome missile defense system. The move sets up a showdown between progressives who want to slash US aid to Israel and the pro-Israel moderate wing of the party.

More Show less

Marietje Schaake, International Policy Director at Stanford's Cyber Policy Center, Eurasia Group senior advisor and former MEP, discusses trends in big tech, privacy protection and cyberspace:

How will the QUAD leaders address the microchip supply chain issue during their meeting this week?

Well, the idea for leaders of the US, Japan, India, and Australia, is to collaborate more intensively on building secure supply chains for semiconductors, and that is in response to China's growing assertiveness. I think it's remarkable to see that values are becoming much more clearly articulated by world leaders when they're talking about governing advanced technologies. The current draft statement ahead of the QUAD meeting says that collaboration should be based on the rule of respecting human rights.

More Show less


On the one hand, UN Secretary-General António Guterres believes COVID has fractured trust between mainly rich and poor countries, especially on vaccines, as the pandemic "demonstrated our enormous fragility." On the other hand, it generated more trust in science, especially on climate — practically the only area, Guterres says, where the US and China can find some common ground these days. Watch his interview with Ian Bremmer on the latest episode of GZERO World.

Well, we're in the thick of "high-level week" for the United Nations General Assembly, known as UNGA. As always, the busiest few days in global diplomacy are about more than just speeches and hellish midtown traffic in Manhattan. Here are a few things we are keeping an eye on as UNGA reaches peak intensity over in Turtle Bay.

More Show less

Ahead of the 76th UN General Assembly, the US and the EU both agreed to cut methane emissions by at least 30 percent from 2020 levels by the end of the decade to reduce global warming. Will they convince other top emitters like China, Russia and India to do the same before the COP26 climate summit in November? This would be a big deal, because methane emissions, one-quarter of which come from agriculture, are the biggest contributors to climate change after carbon dioxide — and 80 times more potent in warming the planet. We take a look at the world's top methane emitters, compared with their respective carbon dioxide emissions.

Subscribe to GZERO Media's newsletter, Signal

GZEROMEDIA

Subscribe to GZERO Media's newsletter: Signal

GZEROMEDIA

Subscribe to GZERO Media's newsletter: Signal