Categories: SecurityWorkspace

Ex-US Cyber Boss Calls For Military Strikes On Ransomware Hackers

The former head of the US’ internal cybersecurity agency has named ransomware as the world’s top cyber threat, and called on the military to carry out counter-attacks.

Chris Krebs, former head of the US Cybersecurity and Infrastructure Security Agency (CISA), said ransomware was a bigger threat than state-sponsored espionage activity such as the widespread SolarWinds hack.

He said the military would be justified in carrying out countermeasures, such as publicly disclosing the attackers’ identities, a practice known as doxxing.

“You’ve got to go after the bad guys, and I’m not just talking about law enforcement,” Krebs told the Financial Times.

‘Information warfare’

He said military bodies such as the US Cyber Command could employ civilian hackers and intelligence resources to carry out “information warfare” against ransomware gangs.

“You dox them. There are things you can do,” Krebs said.

Carrying out hacks against cyber-criminals is a contentious idea, in part because of the complexities around definitively identifying the individuals behind a hack or hacking campaign.

Some industry experts have suggested that if it became common practice to carry out attacks on hackers, hackers could mislead people to hack-back against the wrong targets.

Krebs said ransomware has grown into such a threat that it is now compromising the ability of governments bodies to offer services.

He said the fact that states are buying cyber-insurance is “crazy”.

Government vulnerability

“We have to have a broader set of tools to stop this stuff, because it is systematically undermining… state and local governments,” Krebs said.

The city government of Atlanta was hit by ransomware in 2018, while Baltimore was compromised twice in two years.

The rise in remote working during the pandemic has led into an expansion of the “risk surface”, making organisations even more vulnerable to disruption, Krebs said.

Krebs, who is currently consulting with SolarWinds over last year’s attack, said enterprises can help by making their own networks and services more secure, such as by using multi-factor authentication by default.

Cyber-security

CISA has been without a director since Chris Krebs was fired from the post in November, in the wake of then-president Donald Trump’s election defeat.

The move came shortly before the discovery of the wide-ranging SolarWinds hack, which broadly compromised US government agencies and large enterprises, and has been attributed to Russia.

Robert Silvers, a former assistant secretary at the Department of Homeland Security, is expected to be tapped to head CISA, while Eric Goldstein, also a veteran of the DHS, is expected to lead CISA’s cybersecurity division, one of the agency’s key departments.

The moves by incoming US president Joe Biden are seen as strengthening the country’s cyber-security efforts, which were less emphasised under the previous administration.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago