Author

Topic: US agencies can now hack into the networks of criminals and foreign governments (Read 118 times)

legendary
Activity: 1162
Merit: 2025
Leading Crypto Sports Betting & Casino Platform

Is there a chance stolen funds from north korean ransomware, or our 2022 DeFi crime wave might be recovered from such operations?
 

Assuming the guys at Pyongyang are not dumb enough to leave their war bounty in a hot wallet, I would say there is little chance USA could recover funds. Even if there is a chance, the fact Biden has opened addressed this new strategy just makes easier the adversaries to be on guard.

I think the objective is not actually to recover money from North Koreans but rather provoke damage to their software and hardware, and eventually make it more difficult for them to operate and cost them money, additionally make their future heists less effective, of course.

that's about right and the crypto wallet companies i think may just be a perfect target for this operation.

they will start by identifying who are these people in the networks of criminals and if they say Bitcoin users, it will them the right to investigate software wallet developers and codes. the first aim is always fake like the NKor hackers and the real target is where they can make crypto indsutry vulnerable.


That is exactly why everyone would only use 100% open source wallets. Actually, I have got a hunch that popular wallets which are nor fully open (like Ledger, for example) may be already compromised with surveillance codes or something similar.

Many people do not know, but Metamask is not fully open, either, so in terms of privacy it can be a huge Trojan horse.

 
legendary
Activity: 3248
Merit: 1055

Is there a chance stolen funds from north korean ransomware, or our 2022 DeFi crime wave might be recovered from such operations?
 

Assuming the guys at Pyongyang are not dumb enough to leave their war bounty in a hot wallet, I would say there is little chance USA could recover funds. Even if there is a chance, the fact Biden has opened addressed this new strategy just makes easier the adversaries to be on guard.

I think the objective is not actually to recover money from North Koreans but rather provoke damage to their software and hardware, and eventually make it more difficult for them to operate and cost them money, additionally make their future heists less effective, of course.

that's about right and the crypto wallet companies i think may just be a perfect target for this operation.

they will start by identifying who are these people in the networks of criminals and if they say Bitcoin users, it will them the right to investigate software wallet developers and codes. the first aim is always fake like the NKor hackers and the real target is where they can make crypto indsutry vulnerable.
full member
Activity: 1092
Merit: 227
The need to do this has outgrown over the years. We are literally moving with unwanted high speeds in the technology and getting into age of ultron! Imagine speaking these concepts with people who were in their 19's. For them this unrealistic change that has happened.

From having written contact numbers in our pockets to important information in our Safe's we moved far beyond to have the same info stored digitally over the internet servers and NOW we are scared about the data leaks, money getting robbed digitally, increased criminal activities through digital money.

The question we should ask ourselves is, whether we are making better place to live OR are we creating PROBLEMS first and then finding SOLUTION for them?

Read through the article carefully. The center point is that we have private sectors and we have government sectors whose collaboration can do this, is doing this and will do this! The whole point is they are now behind investment of Cybersecurity. The same tech giants who are signing consents that they will store and safeguard our data are now seeking help from Government in terms of financial collaboration.

Quote
Still, the new strategy won’t solve all the problems. There are several sectors—including food and agriculture, emergency services, and several manufacturing industries—where Congress would need to pass authorities to regulate. And the new Congress, at least on the House side, doesn’t seem interested in passing much of anything, much less additional regulations on business.

On the other, quoting from article itself - the sad reality. The sectors which actually needs the help of government and their various schemes are put down just like that. Obviously government knows the mainstream supply chain is less profitable as compared to the age of ultron. Everyone think about their own temporary benefits.

If a congressman is on the body then he would just see quick ways to make nation happy. The big bulls will always be filling up their wallets all the time that's why they will release mega funds to such sectors.
However, they forgetting with the time that Agriculture, food, manufacturing based on heavy labours etc are one of the fields that needs keen attention with the time.

Hope so we do not blow up this planet with AI roaming around us!
hero member
Activity: 2170
Merit: 575
I think "can" is a bit of a stretch, I think "allowed to" is more like it. I mean the tech was there and they were not legally allowed to do but I am sure some black hat already revenge sometimes, but at the end of the day it was there and it was being done. With this though? It is going to be something that is allowed and loved, which is why I think it is going to be pretty much different. Basically just like how soldiers go out there and fight with weapons and missiles and all that, we are going to have hackers going into a war with computers and other tech they may need and each nation who attacks another one will have someone attack them back. China is famous for hackers, but USA will now have legal basis to attack back.
legendary
Activity: 2856
Merit: 1519
The U.S. has been doing this for ages, see Stuxnet, a computer worm designed jointly by the U.S. and Israel to curtail Iran's nuclear weapons program: https://en.wikipedia.org/wiki/Stuxnet

Of course the U.S. has been on the offense in cyberwarfare for quite sometime and wouldn't divulge much details when caught.

I'm not sure what the purpose of announcing this bill would be. Article mentions new regulations that are being placed on companies which I assume is the primary purpose. I'd be curious to see what these regulations actually are and whether they do anything effective. Given it's the Biden administration, I would assume no unless proven otherwise.
legendary
Activity: 1162
Merit: 2025
Leading Crypto Sports Betting & Casino Platform

Is there a chance stolen funds from north korean ransomware, or our 2022 DeFi crime wave might be recovered from such operations?
 

Assuming the guys at Pyongyang are not dumb enough to leave their war bounty in a hot wallet, I would say there is little chance USA could recover funds. Even if there is a chance, the fact Biden has opened addressed this new strategy just makes easier the adversaries to be on guard.

I think the objective is not actually to recover money from North Koreans but rather provoke damage to their software and hardware, and eventually make it more difficult for them to operate and cost them money, additionally make their future heists less effective, of course.
legendary
Activity: 1596
Merit: 1288
Does the United States need to Hack inside the United States? I thought they had back doors that made it easier for them to access the data.
Outside the United States, the rules change. The United States controls innovation and hardware, which makes it much easier for them to put side doors that no one can access, and I don't think lawmakers will be as bothered to hack into phones in Iraq, Russia or China as they are inside the United States.
sr. member
Activity: 980
Merit: 237
Since the September 11th incident in the U.S., they have been more into cyber security and advancement. We know how bad a cyber attack could be, let alone it affects a country like U.S.A.  Wars nowadays has gone past using weapons , heavy attillary or boots. Biological weapons, chemical weapons, AI intelligence and cyber space hacking protocols can be deployed in an instant and cause terrible damage. We also remember the Donald Trump's case where he was quizzed about using hackers to rig the election he won.
I can say am not surprised these US agencies have suddenly taken the bull by the horn in taking the fight to criminals who thought nothing other than causing mayhem.
legendary
Activity: 3752
Merit: 1864
And what is wrong ? Very correct. Moreover, I consider the right of any retaliatory steps, even on the verge of legality, in the fight against criminal countries, terrorist countries. Developed countries should understand one simple thought: "it is impossible to play by gentlemen's rules with criminals!". For example, in relation to terrorists, moral and ethical norms can also be "closed eyes." a criminal, in a classical situation, always has advantages - his actions are not limited in any way, he understands that the "humane" legislation of the state will not deprive him of his life, and the punishment will be mild, and after a while he will be released, and he will be able to continue his vile deeds. And once again they will put him behind bars, they will feed, water, support ... And then they will let him go again. Therefore, I consider it acceptable to apply the "freeze" of legislative norms in relation to such people, organizations, states. The essence of justice - the crime must be guaranteed punishable and inevitable! Only then do the criminals begin to whine, and be afraid to repeat the "mistakes of others"
sr. member
Activity: 2464
Merit: 252
Of course, hackers of various kinds must be dealt with systematically and resolutely, as well as at the level of state and interstate decisions. And fight not defending, but advancing. Therefore, the tactics of "destroy and dismantle" hostile networks are quite justified at this stage. It is only important to adequately respond to hacker attacks without abusing your capabilities.
legendary
Activity: 2562
Merit: 1441
Quote

President Biden is about to approve a policy that goes much farther than any previous effort to protect private companies from malicious hackers—and to retaliate against those hackers with our own cyberattacks.

The 35-page document, titled “National Cybersecurity Strategy,” differs from the dozen or so similar papers signed by presidents over the past quarter-century in two significant ways: First, it imposes mandatory regulations on a wide swath of American industries. Second, it authorizes U.S. defense, intelligence, and law enforcement agencies to go on the offensive, hacking into the computer networks of criminals and foreign governments, in retaliation to—or preempting—their attacks on American networks.

“Our goal is to make malicious actors incapable of mounting sustained cyber-enabled campaigns that would threaten the national security or public safety of the United States,” the document states in a five-page section titled “Disrupt and Dismantle Threat Activities,” according to a draft exclusively viewed by Slate. (The document has not yet been publicly released, though it will be after Biden signs it, an event anticipated sometime this month.)

Under the new strategy, the U.S. will “disrupt and dismantle” hostile networks as part of a persistent, continuous campaign. This campaign will be coordinated by the FBI’s National Cyber Investigative Joint Task Force working in tandem with all relevant U.S. agencies—a systematic collaboration that has rarely been attempted and never before publicized. Private companies—both firms that are frequent targets of cyberattacks and firms that specialize in cybersecurity methods—will be full partners in this effort, both to alert the government task force of intrusions and to help repel them. (In the past, many of these firms, especially in Silicon Valley, have been reluctant to be seen cooperating with the government on these issues.)

The new strategy—which was in the works for much of 2022 under the supervision of senior White House officials—stems from the growing recognition of two facts, which have long been obvious to specialists.

First, mere guidelines on cybersecurity—which Washington has previously allowed private companies to follow voluntarily—have, for the most part, failed to block major intrusions by foreign governments or cybercriminals.

Second, purely defensive measures have also had limited impact, as a clever hacker will eventually find ways around them.

The United States has conducted cyber-offensive operations for many decades. Bill Clinton was the first president to acknowledge this fact publicly. In 2012, Barack Obama issued Presidential Policy Directive No. 20, which established  strict controls,  including that the president’s explicit permission was needed for all cyber-offensive operations. (Classified Top Secret, it was one of many documents leaked by Edward Snowden.) In 2018, President Trump signed National Security Presidential Memorandum No. 13, which loosened those controls, giving defense and intelligence agencies enormous leeway to mount offensive campaigns themselves.

Gen. Paul Nakasone, who was and still is NSA director and Cyber Command chief (the two positions are generally held by the same four-star officer), was the chief advocate of that approach. In an article he later wrote for Foreign Affairs, he described the mission, with its greater latitude, as “hunt forward” and “persistent engagement.”

At the time, many feared that the end of tight controls would unleash excess and blowback, and ultimately harm security. But, as one official who used to be among the fearful told me last week, “None of those horrible things happened.”

As a result, Biden and his team decided to push the Trump-Nakasone policy further. The strategy that Biden is set to approve covers only those offensive operations designed to disrupt hostile actors’ attempts to hack into U.S. networks. At the same time, however, the Pentagon is drafting a new cyber strategy, which applies the White House paper’s principles to cyber policies, both defensive and broadly offensive.

The other sections of the Biden paper—which includes 30 pages dealing with purely defensive measures—outline still more drastic departures from present policies to protect the nation’s “critical infrastructure.” That term, “critical infrastructure,” was coined in the mid-1990s and refers to economic sectors—such as banking, finance, electrical power, water works, transportation systems, telecommunications, and emergency management services—that are essential to modern societies and are connected to computer networks, meaning they are vulnerable to cyberattacks.

Presidents Bill Clinton, George W. Bush, and Barack Obama all signed orders and created agencies to strengthen the resiliency of these sectors. A few aides to all three presidents tried to impose mandatory cybersecurity regulations on companies in these sectors, but corporate lobbyists successfully resisted their efforts, as did some economic advisers, who warned (perhaps correctly) that regulations would curtail innovation. So enforcement of the rules has been, until now, strictly voluntary.

The new strategy stems from a recognition that voluntary measures in most of those sectors don’t work. There are exceptions—for instance, banks. Cybersecurity is central to their business; if they get hacked too often, customers will take their deposits elsewhere; banks also have the money to hire very good specialists. However, for public utilities, such as power plants, cybersecurity is very expensive. Mandatory regulations are needed to prod them into action.

At the same time, the new strategy recognizes that  uniform standards for all sectors—which some aides under past presidents tried to formulate—don’t work either. As an alternative, more than a year ago, the Biden White House started analyzing each sector, in consultation with the federal agency that had authority over each sector and with the companies that would be affected by regulations.

For instance, according to one official, the TSA identified 97 oil and gas pipelines that serviced at least 25,000 Americans. The White House then held three meetings with executives of the companies that owned the pipelines. At one meeting, after being vetted for security clearances, the executives were briefed by intelligence officials on the threats their pipelines faced.

Officials have also met with state utility commissions on the threats to electric power grids and on measures to improve security. Just before Christmas, in a bill signed by Gov. Kathy Hochul, New York became the first state to issue new mandatory cybersecurity regulations. It will be assisted by a few federal experts as well as a chunk of the $1.5 billion that the White House is allotting to states that take this leap. Similarly, this month, according to one official, the EPA will issue new regulations on the cybersecurity of the nation’s waterworks.

Context is another big difference between Biden’s strategy and earlier attempts to impose regulations. As recently as a few years ago, many corporate executives perceived cyber threats as theoretical. Now they are obviously anything but. In 2020, Russia’s massive hack on SolarWinds—which affected system management tools on the computers of more than 30,000 agencies and firms involved in critical infrastructure—was a major wake-up call. In 2021, a criminal gang’s ransomware attack on Colonial Pipeline—which shut down the flow of gasoline and jet fuel to 17 states until Colonial paid 75 Bitcoins (at the time worth $4.4 million) to the hacker group—was another.

The Colonial hack couldn’t have happened had even rudimentary security measures been followed. It was a big part of what led Biden to impose mandatory regulations on pipelines. The new strategy spreads such regulations across the other critical industries.

Michael Daniel, Obama’s cyberpolicy coordinator who now heads the Cyber Threat Alliance, a nonprofit group of security providers and IT firms, told me, “There’s definitely been a shift in business thinking. It’s one thing if your spreadsheets are wrecked—quite another if it’s your pacemaker. With recognition that cyberattacks can cause physical damage, some degree of government regulation is inevitable.”

Many of these companies also do business abroad, where regulations are much more stringent. If they need to follow regulations in Europe, Australia, or Canada, they might as well follow them here, too.

Still, the new strategy won’t solve all the problems. There are several sectors—including food and agriculture, emergency services, and several manufacturing industries—where Congress would need to pass authorities to regulate. And the new Congress, at least on the House side, doesn’t seem interested in passing much of anything, much less additional regulations on business.

Even for sectors where the executive branch already has authority, the lines of authority—which agencies can write and enforce which regulations over whom—aren’t entirely clear. During the drafting of the National Cybersecurity Strategy, the two White House officials in charge—Anne Neuberger, the deputy national security adviser for cyber and emerging technologies (appointed by Biden), and Chris Inglis, the national cyber director (a position newly created by Congress just two years ago)—sometimes clashed over these matters. Compromises were made, and a consensus was reached between the two of them and among more than 20 federal agencies. Still, there are, inevitably, some lingering ambiguities, which are to be settled in a subsequent “implementation strategy.”

It was way back in October 1997 when President Clinton’s Commission on Critical Infrastructure Protection warned of “cyber attacks” that could “paralyze or panic large segments of society” and “limit the freedom of action of our national leadership”—adding, “We must learn to negotiate a new geography, where borders are irrelevant and distances meaningless, where an enemy may be able to harm the vital systems we depend on without confronting our military power.”

A quarter-century later, Biden’s new strategy goes a long distance toward coming to grips with this new geography. But in many ways, we’re still negotiating.

https://slate.com/news-and-politics/2023/01/biden-cybersecurity-inglis-neuberger.html


....


North korean hackers have been credited with deploying various forms of crypto ransomware over the years. They have also been credited with having carried out some of the recent DeFi electronic attacks in 2022 which collected billions of dollars worth of stolen crypto funds.

Now it appears US President Biden is poised to give offensive electronic attacks launched from authorities inside the USA a green light.

Is there a chance stolen funds from north korean ransomware, or our 2022 DeFi crime wave might be recovered from such operations?

How do we envision this trend playing out in the real world?
Jump to: