THIS IS AN OPINION
We'd also like to hear yours.
Tweet us @ArkBusiness or email us
In last Monday’s Executive Q&A feature, Mark Hayes, executive director of the Arkansas Municipal League, cited technology — particularly cybersecurity and the threat of cybercrimes like ransomware — as the biggest challenge facing cities around the state.
On the day that issue landed on subscribers’ desks, the U.S. Department of Justice announced a thrilling new weapon in the war on hackers: better hackers. The DOJ, with a warrant from a federal magistrate judge in the Northern District of California, infiltrated a cryptocurrency “wallet” and seized 63.7 of the 75 bitcoins that Colonial Pipeline of Alpharetta, Georgia, had paid last month to the cybercriminals who had shut down the computer systems that controlled its vast fuel pipe network. (The dollar value of the bitcoins had fallen in the interim.)
That ransomware attack, as you surely remember, led to a fuel shortage on the East Coast that was exacerbated by panic buying. The price of gasoline spiked, especially in the affected areas, and airlines were left scrambling.
Federal officials attributed the hack to DarkSide, a group of hackers probably based in Russia that has victimized more than 90 businesses and organizations since it first surfaced less than a year ago. DarkSide is believed to be an affiliate of a Russian hacking group called REvil (with an emphasis on the “evil”).
Ransomware is not new. Our Sarah Campbell-Miller first wrote about it as a threat to businesses in Arkansas in mid-2016 — and Augusta health care provider ARCare and the Carroll County Sheriff’s Office fell victim to it later that year.
Five years is a long time in the field of cybersecurity. Back then, an aspiring cybercriminal could buy the malware online and deploy it against small, unsophisticated organizations with weak networks. The ransom demanded was typically small — Carroll County shelled out $2,400, which was more than most — which made paying the ransom a fairly easy response. (ARCare stiffed its hackers, having made adequate preparation for a data loss.)
DarkSide, REvil and their ilk started hitting vastly larger organizations and threatening vital infrastructure. DarkSide posted an apology online for the “social consequences” of its hit on Colonial Pipeline and promised to “introduce moderation” in targeting future crime victims. Color me skeptical — especially if it turns out that DarkSide is responsible for this month’s holdup of JBS SA. The giant Brazilian meat packing company paid $11 million in ransom.
Ramping up the reward also ramped up the risk. Remember the words of criminal mastermind Hans Gruber in “Die Hard”: “Well, when you steal $600, you can just disappear. But when you steal $600 million, they will find you, unless they think you’re already dead.” While DarkSide stole only $4.4 million from Colonial directly, that was a pittance compared with the cost to the American economy in just a few frantic days. And while the DOJ hasn’t captured the criminals, it made the crime far less lucrative.
In mid-May, a day or so after President Biden promised aggressive federal action in retaliation for the Colonial hack, cybersecurity journalists with The Record reported that DarkSide had lost control of the digital accounts containing the ransom. Or so DarkSide’s pseudonymous operator claimed in an online post. Consider the source.
About the same time, the cybersecurity firm Elliptic announced that it had identified the crypto wallet that received the Colonial ransom payment. Within a few more days Elliptic said it had tracked some $90 million in ransom payments to DarkSide between October and May.
Tracking bitcoin transfers requires high-level expertise in blockchain technology, but knowing that money has been moved from one state-of-the-art safe to another is one thing; getting the money out is another. (“You can unlock the vault, can’t you?” Hans Gruber asked the oleaginous Theo.) What the DOJ announced last week should send shivers through every criminal who thought Bitcoin was “secure, decentralized and anonymous,” as The New York Times put it.
Exactly how the DOJ was able to access the DarkSide wallet is the kind of state secret even I approve of, as long as it is used to make victims whole and frustrate criminals. It might even provide a glimmer of hope for someone like Stefan Thomas, the San Francisco programmer I mentioned in this space a couple of weeks ago. He has 7,200 bitcoins, worth $265 million last week, but has forgotten the password to his wallet.
Panic is never a good financial strategy. During the fuel shortage last month, I saw a thought-provoking comment on Facebook that went something like this:
Some people will take only one slice of pizza because they are worried there won’t be enough to go around. Other people take three slices for the same reason.
Which kind of person are you?