Going After the Hackers

The United States has been victimized by foreign hackers for a long time.

While the U.S. remains a superpower in real space — no one comes close in nuclear weapons, aircraft carriers, stealth fighters and drones — in cyberspace it has been the neighborhood weakling, picked on at will by every cyber bully from Moscow to Beijing.

Nothing is safe; the most sensitive and heavily fortified systems have fallen prey, from the Pentagon and the Democratic National Committee to Citigroup, CNN and such high-tech domains as Sony, Dell and Yahoo. There is little comfort in knowing that the U.S. is not alone; the United Nations, the Organization for Security and Cooperation in Europe (OSCE), the Defense Research and Development Organization (DRDO) in India and other government agencies have also been penetrated.

But this week there is good news. U.S. law enforcement agencies have been making arrests and the criminal community has been unnerved, according to a McClatchy/ TNS report. The reach was dazzling:

Maxim Senakh, a 41-year-old Russian, was captured at a Finnish border crossing and convicted in Minneapolis for running a zombie criminal enterprise worth millions. Mark Vartanyan, 29, was extradited from Norway and pleaded guilty to computer fraud involving Citadel, a “universal spyware system,” in an Atlanta courtroom, that will send him to prison. Eric Donys Simeu, a/k/a Martell Collins, 32, from Cameroon, was arraigned for a variety of cybercrimes, caught by French authorities while traveling from Casablanca to Paris on an allegedly fraudulent airline ticket, and then shipped to Atlanta for prosecution.

The federal campaign to get these crooks has had an impact beyond the individuals apprehended, too. “They no longer travel — the high-profile hackers. They understand the danger,” said Arkady Bukh, a criminal defense lawyer in New York who has defended numerous alleged Russian cybercriminals.

As for military, industrial and political espionage, there is good news, too. Currently, the focus is Russia. But over the past year, the cyberattacks from China, formerly the cyber public enemy No. 1, have declined dramatically. A report by FireEye released last June documented a falloff in the volume of attacks per month by 72 Chinese hacker groups from over 60 per month during 2013 to five or fewer attacks in most months of 2016.

Here, the solution was reportedly a combination of prosecution of individual criminals and pressure on Beijing. The U.S. Department of Justice accused five members of China’s People’s Liberation Army of illegal intrusions into American companies, and issued criminal charges against them in absentia.

On the larger canvas, the U.S. threatened new trade sanctions in response to Chinese hacking activities, which resulted in Chinese President Xi Jinping and President Obama signing a mutual cyber non-aggression accord in September 2015, in which they agreed not to hack the other’s private sector.

While some are inclined to dismiss Chinese promises as cynical ploys not worth the paper they’re written on, others point to the fact that Chinese hacking of U.S. assets has dwindled. Security experts have rejected the possibility that they have merely become more adept at evading detection. CrowdStrike chief technology officer Dmitri Alperovitch says the same methods seen previously are still used against some high-value government targets. He hailed the drop in Chinese hacking as “the biggest accomplishment we’ve had in the cyber domain in the last 30 years.”

However, the problem does persist, and it will presumably be on the agenda of the summit between President Donald Trump and China’s Xi at Mar-a-Lago this week, however much North Korea has dominated the headlines. In fact, it may be that Trump will be able to extract more cooperation on cyber issues than on Pyongyang’s nuclear program, where China has been virtually immovable for decades.

Currently, Russia looms as the chief cyber adversary, and given the contemptuous attitude of President Vladimir Putin, the outlook is not bright. While we can take heart from the arrest and prosecution of Russian criminals, it will not stop the Kremlin from sponsoring agents to penetrate U.S. targets and causing as much economic and military damage and political mayhem as possible.

Just before leaving office, President Barack Obama ordered the expulsion of 35 Russian diplomats in retaliation for the hacking of Democratic Party computers. At the same time, Obama called on private companies to work with government security experts to help “network defenders in the United States and abroad identify, detect, and disrupt Russia’s global campaign.”

It signaled that a more intensive effort is afoot, but the way forward remains unclear.

Georgetown professor and ex-CIA counsel Catherine Lotrionte says that the U.S. has to continue probing for Russia’s weak points, to make them pay a price they will decide is not worth paying.

In an interview with the technology site Wired, Lotrionte suggested going after Putin himself, and his favorite cronies. Targeted trade sanctions could be combined with freezing Russian assets in American banks and denying travel to Putin and friends. Washington has the legal authority to freeze assets and prohibit travel to do that, she said.

How much any of this would deter Putin is hard to tell, though it is certainly worth trying.

Last but not least, reaching back into her CIA experience, Lotrionte noted that “covert action” is also an option. That could take the form of America’s own hackers retaliating with devastating attacks on Russian computer systems.

In other words, using a computer language the Kremlin understands.