Ex-US Cyber Boss Calls For Military Strikes On Ransomware Hackers

US military should use ‘information warfare’ to strike back against ransomware gangs, as cyber-attacks threaten to disable state and local services

The former head of the US’ internal cybersecurity agency has named ransomware as the world’s top cyber threat, and called on the military to carry out counter-attacks.

Chris Krebs, former head of the US Cybersecurity and Infrastructure Security Agency (CISA), said ransomware was a bigger threat than state-sponsored espionage activity such as the widespread SolarWinds hack.

He said the military would be justified in carrying out countermeasures, such as publicly disclosing the attackers’ identities, a practice known as doxxing.

“You’ve got to go after the bad guys, and I’m not just talking about law enforcement,” Krebs told the Financial Times.

security, hacking, ransomware‘Information warfare’

He said military bodies such as the US Cyber Command could employ civilian hackers and intelligence resources to carry out “information warfare” against ransomware gangs.

“You dox them. There are things you can do,” Krebs said.

Carrying out hacks against cyber-criminals is a contentious idea, in part because of the complexities around definitively identifying the individuals behind a hack or hacking campaign.

Some industry experts have suggested that if it became common practice to carry out attacks on hackers, hackers could mislead people to hack-back against the wrong targets.

Krebs said ransomware has grown into such a threat that it is now compromising the ability of governments bodies to offer services.

He said the fact that states are buying cyber-insurance is “crazy”.

Government vulnerability

“We have to have a broader set of tools to stop this stuff, because it is systematically undermining… state and local governments,” Krebs said.

The city government of Atlanta was hit by ransomware in 2018, while Baltimore was compromised twice in two years.

The rise in remote working during the pandemic has led into an expansion of the “risk surface”, making organisations even more vulnerable to disruption, Krebs said.

Krebs, who is currently consulting with SolarWinds over last year’s attack, said enterprises can help by making their own networks and services more secure, such as by using multi-factor authentication by default.

Cyber-security

CISA has been without a director since Chris Krebs was fired from the post in November, in the wake of then-president Donald Trump’s election defeat.

The move came shortly before the discovery of the wide-ranging SolarWinds hack, which broadly compromised US government agencies and large enterprises, and has been attributed to Russia.

Robert Silvers, a former assistant secretary at the Department of Homeland Security, is expected to be tapped to head CISA, while Eric Goldstein, also a veteran of the DHS, is expected to lead CISA’s cybersecurity division, one of the agency’s key departments.

The moves by incoming US president Joe Biden are seen as strengthening the country’s cyber-security efforts, which were less emphasised under the previous administration.