The U.S. Justice Department did not ask Russian law enforcement for help in tracking down the perpetrators of the Colonial Pipeline ransomware attack because Moscow’s history of harboring cybercriminals essentially makes it a waste of time, according to a senior department official.
“I think we’ve reached the stage, today, where there’s very little point in doing so,” said John Demers, the assistant attorney general for national security. “We have made those requests in the past.”
The Russian government is “not just tolerating this,” Demers said at CyberTalks, presented by CyberScoop. “They’re actively getting in the way of U.S. law enforcement efforts to combat this type of hacking,” he added, referring to previous Russian efforts to block U.S. requests to extradite accused hackers from other countries.
The remarks were pre-recorded on June 3. The Justice Department did not answer follow-up questions about possible Russian cooperation in the weeks since.
The Russian Embassy in Washington, D.C., did not respond to a request for comment on Demers’ allegations.
Demers, who is stepping down as assistant attorney general later this month, spoke as President Joe Biden planned to raise the issue of safe harbor for cybercriminals during a Wednesday meeting with Russian President Vladimir Putin. Demers’ comments underscore how little optimism some U.S. officials have that Russia will change its behavior without an intense pressure campaign from the U.S. and allies.
Colonial Pipeline, which transports some 45% of fuel consumed on the East Coast, shut down for several days in early May following a ransomware intrusion that the FBI blamed on a Russian-speaking criminal syndicate known as DarkSide. Biden said that, while there was no evidence of Russian government involvement in the incident, Moscow had “a responsibility to deal with this.” Putin has balked at the idea, saying any talk of Russian involvement in ransomware attacks are meant to “provoke some new conflicts” with Biden.
Just weeks after the Colonial Pipeline incident, ransomware disrupted JBS, the world’s biggest meat processor, forcing the temporary shutdown of facilities in Australia, Canada and the U.S. The FBI blamed another set of Russian-speaking hackers for that incident.
U.S. officials have long railed against what they see as Russian intransigence on cybercrime. In a speech to Interpol in November 2018, then-Deputy Attorney General Rod Rosenstein threatened to “expose” attempts by other governments “to manipulate the extradition process,” singling out Russia.
As an example of the problem, U.S. officials have cited the case of Aleksey Belan, a dual Latvian-Russian national who was charged in 2012 with hacking major U.S. e-commerce companies. After a U.S. arrest warrant was issued for Belan, he reportedly escaped from a hideout in Greece and returned to Russia. From there, U.S. officials alleged, Belan and others breached 500 million Yahoo email accounts at the behest of Russian intelligence agents.
Belan is still wanted by the FBI.
While U.S. complaints against Russian tolerance of criminal hackers are nothing new, they have reached a fever pitch in the wake of the JBS and Colonial Pipeline hack, which made cybersecurity a tangible issue for many Americans as gas stations ran low on fuel.
Demers said the U.S. and its allies in Europe, Asia and elsewhere needed to “put pressure on the Russian government to … at least make good-faith efforts to prevent the intrusions that are taking place from its own borders.”
Amid a spate of ransomware attacks that have disrupted hospitals and other critical infrastructure during the coronavirus pandemic, ransomware has become a top diplomatic issue. After an April meeting, law enforcement officials from Australia, Canada, New Zealand, the U.K. and the U.S. announced an agreement to “more closely [align] our policies” to combat ransomware.
U.S. officials have successfully encouraged other governments to denounce alleged Russian hacking in recent years. Whether that will translate into any coordinated push against the Kremlin’s alleged feet-dragging on cybercrime remains to be seen.
Meanwhile, the Justice Department is in the midst of a wholesale review of its approach to cybersecurity, including ransomware. The department also formed a task force in April to dedicate more resources and training for officials to investigate ransomware gangs.
“Certainly, the events of the last six months have taught us we need to move faster and we need to move in ways that we haven’t moved in the past,” Demers said of the Justice Department initiatives.
“I think that what you’re going to see is really a much more coordinated approach at dealing with the problem of ransomware,” he added. “You’re going to see more disruptions [of criminal hackers] taking place.”