Login | April 26, 2024
Discussing DC cybersecurity updates
RICHARD WEINER
Technology for Lawyers
Published: October 15, 2021
Lots of stuff going on recently in the fluid interfaces among the US government, various hackers, and the cybersecurity field. Here are a few highlights.
Congress yells at the FBI about ransomware. Over the last Fourth of July weekend, a ransomware group named REvil attacked between 800 and 1,500 companies, locking down their computers until a ransom would be paid in an attack on software provider Kaseya.
Unbeknownst to those companies and to anyone else, the FBI quickly got a hold of the password key that could help unlock those computers. But instead of getting the key to those businesses, the FBI decided that they would try to run a sting operation on REvil which required no one to know that the agency had that key and held on to the key for three weeks.
That sting operation became obsolete when REvil loudly disbanded after the attack (it reconstituted itself as Black Matter, so they didn’t go anywhere).
A bipartisan group of Congress people on the House Oversight Committee has sent a strongly-worded letter to the FBI demanding a hearing and answers. Members of the House Cybersecurity Caucus called the action “inexcusable.”
The FBI isn’t directly answering questions about the Kaseya hack as of this writing.
In other congressional cybersecurity news, the US deported a convicted Russian hacker as a part of a Russia-Israeli-US-something-or-other that is apparently very unusual. The US and Russia do not have an extradition treaty.
And the Senate bill to make critical infrastructure companies report data breaches that we wrote about over the summer moved forward, with a further bill requiring a company to report a breach within 72 hours to what will be a Cyber Incident Review Office within CISA. It would also require most ransomware hacks that result in payment to the hackers to be reported within 24 hours. Unless the FBI has the key (?).
The new bipartisan bill was co-sponsored by Senator Rob Portman. Senator Mark Warner said that he hoped to merge that bill with the bill that he had introduced in July. The House has already passed a bill with language similar to the new Senate bill. Looks like this might actually happen.