Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

5/18/2016
08:35 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Time To Treat Sponsors Of Ransomware Campaigns As Terrorists, Lawmaker Says

Fighting ransomware at an international level will require cooperation between law enforcement and State Department, Sen. Lindsey Graham, said at a Senate hearing.

A senior lawmaker Wednesday hinted that nations not doing enough to stop ransomware groups from operating within their countries should be treated in the same way that the US treats countries that sponsor terror groups.

In opening comments at a Senate Judiciary subcommittee hearing Wednesday, Senator Lindsey Graham described ransomware attacks as a “terrible crime” affecting schools, hospitals, and the lives of thousands of others.

“[Ransomware] has a psychological, violent aspect to it,” Graham said. “It is just a matter of time before somebody gets physically hurt,” he said while expressing the government’s intention to give law enforcement the tools needed to combat the scourge.

“Maybe what we should think about when it comes to the nation state aspect of [ransomware] is to have a collaboration between the Department of Justice and maybe the State Department,” he said.

The goal should be to identify nations that are doing a good job in trying to deal with the problem and to help them in that effort while weeding out the ones that are not doing enough or are actively sponsoring such attacks.

“We have a state-sponsor of terrorism list that the State Department collects,” Graham noted. “If you are on that list, bad things come your way because you are a bad actor.”

Graham said it may be time to consider adopting a similar approach to countries that are either aiding and abetting ransomware operators or not doing enough to stop them: “If we don’t wake up some of the nation-states where these problems reside in large measure, you are never going to fix this problem.”

Richard Downing, deputy attorney general at the US Department of Justice and one of the witnesses at the hearing, characterized the scope of the ransomware problem as "staggering." One of his recommendations is for Congress to enact legislation that will close loopholes in existing laws and make it easier for FBI and law enforcement in general to pursue and prosecute those involved in ransomware schemes.

Current statutes such as the Computer Fraud and Abuse Act (CFAA) already make it a crime for people to create botnets by breaking into computers or using a botnet to carry out ransomware attacks. But the law is less clear on the implications for people who might be renting or selling a botnet but are not actually using it, he said.

Similarly, while federal law gives courts the authority to issue injunctions for disrupting the operation of a botnet, such action is limited to botnets that are being actively used to commit specific categories of crime. There is little in existing law pertaining to what actions law enforcement would be able to take in situations where a botnet might be used to send phishing emails or to launch denial of service attacks, or if a botnet is known to exist but is inactive, Downing said.

“The revenue generated by ransomware is not insignificant,” said Adam Meyers, vice president of intelligence at security vendor CrowdStrike, who also spoke as a witness at the hearing.

The only way to slow down those behind such campaigns is to make it harder and costlier for them to operate, Meyers said. The goal should be to make the potential downsides of running a ransomware campaign greater than any upside for the criminals. Only by turning the tables on the economic factors that fuel ransomware can the scourge be eliminated, he said.

Related stories:

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
nathanwburke
100%
0%
nathanwburke,
User Rank: Author
5/19/2016 | 9:32:12 AM
Re: Not quite as extreme, but...
That's the whole problem: How do you find the criminals?

Almost every time a politician weighs in on how we need to adopt a "tougher stance" on cyber criminals, they make it sound like a decision. It's not as if cyber criminals are operating in the open, using their real names and locations, and law enforcement has just decided it's not worth catching them. 

Instead, catching those behind cyber crimes like ransomware is an intricate, complex game that cannot be solved with a simple "bad things come your way because you are a bad actor" sound bite. It's just not that easy.

We can't fight new and sophisticated problems with old and simple policies. And although that truth may not be as popular as a "we're going to hunt you down" sound bite on the news, it's the reality. 
Whoopty
50%
50%
Whoopty,
User Rank: Ninja
5/19/2016 | 7:31:45 AM
Not quite as extreme, but...
While I don't think you can really put people who encrypt files in the same category as murderers, ransomware is a troubling growth industry for hackers. Perhaps sanctions should be considered against countries that house them, but considering nailing down their location is so difficult, I'm not sure that proof could be acquired in a definitive manner
97% of Americans Can't Ace a Basic Security Test
Steve Zurier, Contributing Writer,  5/20/2019
How Security Vendors Can Address the Cybersecurity Talent Shortage
Rob Rashotte, VP of Global Training and Technical Field Enablement at Fortinet,  5/24/2019
TeamViewer Admits Breach from 2016
Dark Reading Staff 5/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-7068
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-7069
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-7070
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-7071
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
CVE-2019-7072
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .