Atlas is a character from Greek mythology whose punishment from Zeus was to carry the weight of the world on his shoulders. If you saw Atlas struggling to hold up the weight of the world, you might tell him to shrug. (See Ayn Rand’s 1957 novel, Atlas Shrugged.)
Today, billions of people are connected to about a dozen devices each. It is a wonderful time of having everything available, on any device, any time. Soon, wearable medical devices will sample our breath twice a minute for signs of disease or sickness. Artificial intelligence–controlled drug-injection units will administer medication as needed, on the fly. Life spans are averaging over 90 years for many groups, and growing.
But, on the darker side, cyberterrorism has increased by 200%, costing billions of dollars, all flowing into the ever-growing coffers of hackers.
A Look at Cybercrime
Hackers use ransomware to encrypt a person’s or organization’s data, then demand cash or cryptocurrency to unlock it. Malware maliciously destructs information and/or systems. Spyware allows the theft of information and video content to sell to people and countries for criminal purposes. Spear phishing targets executives or politicians to force release information under threat of further action. This all sounds like a fiction novel except it is very real—and, aside from the cost, is exposing many organizations’ and individuals’ private information.
Malware, ransomware, data theft, and malicious attacks confuse, invade, and take control of systems like thousands of ants take over your picnic on a hot summer day. We can’t eliminate all the ants because there are too many of them.
Over a million threats a day are intercepted by U.S. agencies like the NSA, CIA, and FBI, and private organizations like Symantec and McAfee, with command centers throughout the world. Yet, some threats get through. We read about them daily, like box scores in the sports section.
The Big Players in Hacking
Many of the best coders in the world live in the Commonwealth of Independent States (CIS), a regional organization of countries, all post-Soviet republics. The associated countries—Afghanistan, Armenia, Azerbaijan, Belarus, Kazakhstan, Kyrgyzstan, Moldova, Mongolia, Russia, Tajikistan, Turkmenistan, and Uzbekistan—do not attack each other but everyone else is fair game.
Hacker teams Cozy Bear, Voodoo Bear, and others have been linked to CIS and GRU, Russia’s CIA—links established through the hard work and collaboration of the FBI and other federal organizations. CIS-backed attacks have targeted power grids and thousands of computers and servers worldwide in critical settings, including health care, transportation, and voting systems.
Yet, none of the hackers have been prosecuted for their cybercrimes.
A Worldwide Risk
All emails and all photos are identified with artificial intelligence metadata such as people, items, geography, background, or recognizable language signs. Metadata is data about the documents, emails, and pictures, allowing for searching by keywords or numbers. Metadata is data about the data. Hacker gangs use metadata to identify their targets.
Over 400 undersea cable systems crisscross the earth beneath the ocean, and handle more than 99% of the world’s internet traffic. Undersea cables are multiplying and the pipes or fiberoptic systems are exponentially larger.
Advancements like these are helping keep us connected—but also helping the hackers of the world. Modern cyber warfare is being fought along these global internet connections as bits travel to find their ultimate destination.
The Russian Polar Express Arctic fiber-optic lines now being established will encircle the earth and route 85% of the world’s users and data. The Polar Express is supported by Russian federal authorities.
Examining a CIS-affiliated hacker gang, arguably the largest and most successful organization to date, “REvil,” or “Sodinokibi” in Russian, offers a glimpse into the world of the dark web.
The New York–based information security and technology news publication, BleepingComputer, has reported on ransomware attacks and offered free ransomware decryptors. It’s the first news organization to partner with the No More Ransom Project, an alliance of Europol’s cybercrime center, the Dutch National Hi-Tech Crime Unit, and McAfee.
This year, BleepingComputer published the story of a REvil caper. The criminal group behind the REvil ransomware is extorting organizations, threatening to release sensitive files unless they pay $10 million in cryptocurrency. On May 7, 2021, REvil operators published a message addressed on an untraceable dark-web portal, threatening to release the stolen files.
In the past, REvil’s public representative was a threat actor who called himself “Unknown” or “UNKN,” and frequently posted on hacking forums to recruit new affiliates or post news about ransomware operations.
REvil shut down its infrastructure and completely disappeared after its biggest caper yet—a massive attack on July 2, 2021, that encrypted 60 managed-service providers and over 1,500 businesses using the Kaseya remote-management platform. REvil then demanded $50 million for a universal decryptor for all victims, $5 million for the managed-service providers’ decryption, and $44,999 for individual file decryption at affected businesses.
That week, a free, master decryptor for the REvil ransomware operation was released, allowing all victims encrypted before the gang disappeared to recover their files for free. The REvil master decryptor was delivered by a cybersecurity firm, Bitdefender, from Kaseya software, whose remote-management application was used to introduce REvil code into thousands of systems.
Later, a new hacker representative began posting on hacking forums claiming that the gang briefly shut down after they thought Unknown was arrested and servers were compromised.
Here’s a translation of these posts that was published by BleepingComputer:
“As Unknown (aka 8800) disappeared, we (the coders) backed up and turned off all the servers. Thought that he was arrested. We tried to search, but to no avail. We waited—he did not show up and we restored everything from backups. After UNKWN disappeared, the host informed us that the REvil servers were compromised and they deleted them at once. We shut down the main server with the keys right afterward.”
While we may never know the real reason for the disappearance or how the decryption key was obtained, what is most important is that REvil is back to targeting corporations and governments worldwide.
REvil recruits affiliates to distribute the ransomware on its behalf. As part of this arrangement, the affiliates and ransomware developers split revenue generated from ransom payments. It is difficult to pinpoint their locations other than somewhere in the CIS. REvil and another hacking group, DarkSide, use similarly structured ransom notes and the same code to check that the victim is not located in a CIS country.
Is Cyberwar on the Horizon?
The Belgorod is an Oscar-II-class Russian nuclear submarine with a hull 584 feet long and 49 feet across—bigger in every respect than the largest U.S. submarine.
Belgorod’s intended purpose combines two seemingly contradictory roles. First is as a host submarine for deep-diving, nuclear-powered mini-submarines. The articulated arms are capable of intercepting internet traffic on fiber-optic cables and other objects on the seafloor. The second role is one of nuclear strike and deterrence. For this it is armed with six Poseidon torpedoes. Their performance (around 70 knots and 1,000 meters’ depth) means that they cannot be countered with existing weapons. The Belogorod also utilizes an internal drydock splicing chamber for tapping undersea fiber-optic cables when the mini-subs can’t be utilized.
Fiber tapping extracts signals from an optical fiber without breaking the connection. Tapping optical fiber allows diversion of some of the signal being transmitted in the core of the fiber into another fiber or a detector. Test equipment can simply put a bend in the fiber and extract sufficient light to identify a fiber or determine whether a signal is present.
Several countermeasures can make the stolen data unintelligible to the thief. One is encryption. Another is to deploy a fiber-optic sensor into the existing armored cable. In this scenario, anyone attempting to physically access the data is detected.
Another possible “countermeasure”: The Navy’s newest Virginia-class nuclear sub, the USS Hyman G. Rickover. This fast-attack sub, which also carries the latest in undersea cable-tapping technology, can cruise quietly for extended periods under the Arctic ice and is heavily engaged in intelligence-gathering operations, among other specialized missions. The sub can spend indefinite time undersea as long as food and fresh water are supplied to the 140-person crew.
The Rickover has a distinct, 100-foot long extension called the Multi-Mission Platform, which, along with other modifications, gives it additional capabilities to perform underwater espionage operations. A large drydock chamber accommodates room for lockout chambers, underwater remotely operated vehicles, mini-subs, and cargo bays for delivering and retrieving outsized loads. It can manipulate communications cables deep under the surface of the ocean. With a top speed of 50+ knots and stealth technology, the Rickover can be anywhere in the sea in a day or less and be undetected for the entire trip. It truly is America’s ultimate spying tool that can hunt and fight like a fast-attack submarine.
These two behemoths battling it out for our data is the stuff of action movies.
Be Prepared, Then Shrug It Off
Over 3 billion people are “hyper-connected,” with instant access to information through telecommunications and the internet. You’re probably one of them.
If your phone died, your router, your internet connections, Alexa, Siri, all your screens were locked—could you shrug it off? With a backup plan to recover from a digital disaster or crime spree, you can shrug it off. We can be confident that free countries are vigilantly watching out for us.
While cybercrime could keep you up at night, making Atlas shrug is about creating more value for the world: free enterprise, willing trade, innovation, and a higher standard of living. You can stop carrying the burden of the world yourself and work for your own benefit and the benefit of others—make your data safe and backed up, first, then ensure that your friends’ and your organizations’ data is safe as well. Then shrug.
Throughout his career, Keith Gunther has held management positions at VERITAS/Symantec software as well as 3M, Fujifilm, Xerox and ARC. Read more of Keith’s Thought Leadership here.