Republicans are accusing President Joe Biden of being weak on Russia after the brazen ransomware attack on the Colonial Pipeline that the FBI has linked to a Russian military intelligence unit.
The attacks came as U.S. fuel supplies tightened after the pipeline, which supplies 40 per cent of the fuel for the East Coast, was shut down for a fifth consecutive day – and as Biden prepares to hold a special summit meeting with Russian President Vladimir Putin.
Sen. Tom Cotton (R-Ark.) on Monday night, said Moscow must have known about the attack in advance – and blamed Biden for its occurence.
'No cyber-gang in Russia can conduct this kind of attack against an American piece of critical infrastructure without the tacit or explicit knowledge of Vladimir Putin’s government,” Cotton said on 'Fox News Primetime.'
'It shows that Joe Biden’s weak policy on Russia is having consequences for the American people,' he said.
He accused Biden of giving away the store to Russia, even as the administration slapped additional sanctions on Moscow in response to the SolarWinds hack and other transgressions.
'When you give away the store to Russia, when you extend the nuclear arms treaty that favors Russia over the United States, you allow Russia to build a gas pipeline to Germany under the Baltic Sea, when you invite Vladimir Putin to a summit despite all that, you just embolden Vladimir Putin and his minions to launch these kind of attacks on the U.S. But the second, it also highlights just how bad Joe Biden’s energy policy is,' Cotton continued.
Cotton was calling out the Nord-Stream pipeline, a favorite target of President Trump's that is backed by Germany but has some of Russia's East European neighbors concerned. He was also referencing an agreement between Biden and Putin to extend the New START treaty on strategic nuclear weapons.
Cotton is a potential presidential candidate who broke with some of his GOP colleagues when he refused to join their challenge to Trump's election loss.
The White House has defended the summit as an effort to normalize relations with Russia, following Russia's interference in U.S. elections, invasion of Crimea and the recent show of force at the border with Ukraine, and other efforts to undermine U.S. policy.
Biden on Monday said there wasn't evidence that Russia was involved, despite the FBI pointing the finger at DarkSide, which has gone after numerous U.S. and European companies but refrained from going after Russia.
‘I'm going to be meeting with President Putin, and so far there is no evidence based on from our intelligence people that Russia is involved. Although there is evidence that they have actors ransomware is in Russia. They have some responsibility to deal with this.‘
Biden himself also brought up evidence that the group identified as carrying out the attack was at least partially located within Russia's borders.
'There is evidence that the actors’ ransomware is in Russia. They have some responsibility to deal with this,' Biden said when pressed Monday.
The FBI on Monday confirmed that DarkSide was responsible for the attack on Colonial Pipeline that has experts fearing widespread gas shortages and significant price hikes.
DarkSide has already boasted that it has been paid millions of dollars in ransom from 80 companies across the US and Europe.
'Whether they work for the state or not is increasingly irrelevant, given Russia's obvious policy of harboring and tolerating cybercrime,' Dmitri Alperovitch, a co-founder of CrowdStrike, told NBC News of DarkSide's recent hacking.
Meanwhile, cybersecurity experts have condemned White House officials for appearing to countenance ransom payments, despite the FBI's own policy against them.
'We recognize that victims of cyberattacks often face a very difficult situation,' Anne Neuberger, deputy national security adviser for cyber, said Monday.
'And they have to just balance off, in the cost-benefit, when they have no choice with regard to paying a ransom,' she added.
Amid the uproar over the attack which is already impacting drivers, airlines, and markets, former House Speaker Newt Gingrich on Monday night said Biden should be authorized to 'order the killings of anybody overseas' who was found to be behind attacks on America's infrastructure, describing the cyberhack of the Colonial Pipeline as 'an act of war'.
Gas shortages were beginning to be reported across the East Coast on Monday evening, as the pipeline was slowly brought back on line after a four-day shutdown.
The hack, and the belief that Russia was once again behind a damaging cyber intrusion against a U.S. asset, is adding further strain to relations with Moscow.
Officials are also accusing Russia of being behind mysterious directed energy attacks on Americans.
The administration has blasted Putin's government for jailing opposition leader Alexei Navalny following a poisoning attack against him with the nerve agent Novichock.
U.S. sanctions against Russia are intended to discourage what the U.S. repeatedly labels 'malign' behavior.
Gingrich said that the U.S. needed more power to go after those responsible.
'On the national security part, we ought to pass a law immediately that makes this kind of hacking subject to a death penalty and the law should include a provision that the president, through a judicial process, should be able to order the killings of anybody overseas who is doing this,' he told Sean Hannity on Fox News.
'It's an act of war against the United States to do stuff like this.
'We need to react to it as an act of war, and the American people are going to look at their representatives and their senators and say, if you don't fix this, your successor will. I won't put up with it, and I won't put up with you if you don't fix it.'
Gingrich, 77, the former Speaker of the House, said it was pitiful that the U.S. was falling prey to such attacks.
'We have no idea who they are. We have no idea where they are,' he said.
'If we did know who they were, we would have no mechanism to do anything about it.
'A great country can't allow people to savage it and have no consequences and wait for the next attack.
'And yet that literally is where we are.'
The problem is spiraling out of control.
In the last few months in the United States, ransomware gangs have attacked large businesses, schools and universities, local governments, hospitals and the police.
Last week Christopher Krebs, the former top cyber official in the Department of Homeland Security, told Congress that the ransomware emergency in the U.S. was a 'digital dumpster fire.'
Appearing before the House Subcommittee on Cybersecurity, Infrastructure Protection & Innovation, Krebs - who was fired by Donald Trump for stating that the November election was free and fair - said that the U.S. had a growing problem.
'Even if software and services were more secure, the allure of a quick buck and no real repercussions means the forward-looking prospects for ransomware actors are quite good,' he said.
Gingrich said that Congress needed to act.
'This ought to be a bipartisan issue. What are we prepared to do to protect America from official governments or private citizens?' he asked.
'This is an intolerable situation.'
Putin's cyber soldiers: DarkSide hackers who hit America's biggest fuel pipeline started eight months ago in Russia where they're given free rein to target the West and have already been paid millions by 80 companies
The cyberextortion attack that forced the shutdown of America's largest fuel pipeline was carried out by a criminal gang known as DarkSide that is believed to based out of Russia where they are given free rein to target Western countries.
DarkSide is made up of veteran cybercriminals but insists it is not political. Like many others, however, DarkSide seems to spare Russian, Kazakh and Ukrainian-speaking companies, which does suggest a link to Russia.
Ransomware rackets are now dominated by Russian-speaking cybercriminals who are shielded - and sometimes employed - by Russian intelligence agencies, according to US officials.
Cyber experts say Russia gives free rein to hackers who target the US and European countries.
DarkSide has already boasted that it has been paid millions of dollars in ransom from 80 companies across the US and Europe.
'Whether they work for the state or not is increasingly irrelevant, given Russia's obvious policy of harboring and tolerating cybercrime,' Dmitri Alperovitch, a co-founder of CrowdStrike, told NBC News of DarkSide's recent hacking.
The FBI on Monday confirmed that DarkSide was responsible for the attack on Colonial Pipeline that has experts fearing widespread gas shortages and significant price hikes.
The agency has been tracking the group since at least October and are investigating whether they have ties to the Russian government.
The US last month slapped sanctions on Russia for malign activities including state-backed hacking. The Treasury Department said Russian intelligence has enabled ransomware attacks by cultivating and co-opting criminal hackers and giving them safe harbor.
While there is no evidence the Kremlin benefits financially from ransomware, US officials believe President Putin savors the mayhem it wreaks in adversaries' economies.
DarkSide, which cultivates a Robin Hood image of stealing from corporations and giving a cut to charity, said in a statement posted on the dark web that their only goal was to 'make money' and not create problems for society.
'We are apolitical, we do not participate in geopolitics,' the statement read. 'Our goal is to make money and not creating problems for society.'
DarkSide seemed to suggest that an affiliate may have been responsible for the attack.
'From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future,' the statement said.
Colonial, which is based in Atlanta, Georgia, has not yet said whether it has paid or is negotiating a ransom with the hackers.
The White House declined to weigh in on Monday on whether companies that are hacked like Colonial should pay ransom to their attackers.
President Biden acknowledged there was evidence DarkSide was based in Russia but said US intelligence hasn't discovered any ties between the attack and the Russian government.
Despite only emerging in August last year, DarkSide appears to be very organized, according to cybersecurity experts.
Those who have tracked DarkSide said it appears to be composed of veteran cybercriminals who are focused on squeezing out as much money as they can from their targets.
'They're very new but they're very organized,' Lior Div, the chief executive of Boston-based security firm Cybereason, said.
'It looks like someone who's been there, done that.'
DarkSide is one of a number of increasingly professionalized groups of digital extortionists, with a mailing list, a press center and a victim hotline to help facilitate ransom payments.
Experts say DarkSide was likely composed of ransomware veterans and that it came out of nowhere in the middle of last year and immediately unleashed a digital crimewave.
'It's as if someone turned on the switch,' said Div, who noted that more than 10 of his company's customers have fought off break-in attempts from the group in the past few months.
DarkSide's site on the dark web hints at their hackers' past crimes with claims they previously made millions from extortion and that just because their software was new 'that does not mean that we have no experience and we came from nowhere'.
The site also features a Hall of Shame-style gallery of leaked data from victims who haven't paid up.
It advertises stolen documents from more than 80 companies across the US and Europe.
One of the more recent victims featured on its list was Georgia-based rugmaker Dixie Group Inc, which publicly disclosed a digital shakedown attempt affecting 'portions of its information technology systems' last month.
DarkSide has previously targeted Enterprise rental cars, Canadian real estate firm Brookfield Residential and an Office Depot subsidiary called CompuCom.
The group has a supposed code of conduct intended to spin the group as reliable, if ruthless, business partners.
They have publicly stated that they prefer not to attack hospitals, schools, non-profits, and governments.
They instead go after big organizations that can afford to pay large ransoms and claims to donates a portion of its take to charity.
'Before any attack, we carefully analyze your accountancy and determine how much you can pay based on your net income,' the group has previously said.
The group has posted receipts from donations it claims it has made to US charities in the wake of ransom attacks.
According to data security firm Arete, DarkSide finds vulnerabilities in a network, gains access to administrator accounts and then harvests data from the victim's server and encrypts it.
The software leaves a ransom note text file with demands.
Ransoms average more than $6.5 million and the attacks lead to an average of five days of downtime for the business.
Sometimes stolen data is more valuable to ransomware criminals than the leverage they gain by crippling a network because some victims are loath to see sensitive information of theirs dumped online.
Ransom software works by encrypting victims' data and typically hackers will then offer the victim a key in return for cryptocurrency payments that can run into the hundreds of thousands or even millions of dollars.
If the victim resists, hackers threaten to leak confidential data in a bid to pile on the pressure.
According to some experts, DarkSide's code is standard ransomware but Div said that what does set them apart is the intelligence work they carry out against their targets beforehand.
Typically 'they know who is the manager, they know who they're speaking with, they know where the money is, they know who is the decision maker,' Div said.
In that respect, Div said that the targeting of Colonial Pipeline, with its potentially massive knock-on consequences for Americans up and down the Eastern seaboard - may have been a miscalculation.
'It's not good for business for them when the US government becomes involved, when the FBI becomes involved,' he said.
'It's the last thing they need.'
Law enforcement has been largely powerless to stop the global epidemic of ransomware because experts say the cybercriminals are largely shielded by Russia.
'Like almost any major industry in Russia, (cybercriminals) work kind of with the tacit consent and sometimes explicit consent of the security services,' Michael van Landingham, a former CIA analyst who runs the consultancy Active Measures LLC, told The Associated Press.
Karen Kazaryan, CEO of the software industry-supported Internet Research Institute in Moscow, told the outlet that Russian authorities have a simple rule.
'Just don't ever work against your country and businesses in this country. If you steal something from Americans, that's fine,' she said.
The nation's top security agencies, including the FBI and the Pentagon, were rocked by an unprecedented breach when it emerged SolarWinds had been hacked in December.
US officials have said the attackers were likely from Russia's SVR foreign intelligence service.