Security Experts:

Biden Tells Putin Russia Must Crack Down on Cybercriminals

President Joe Biden told Russian President Vladimir Putin in a Friday phone call that he must “take action” against cybercriminals acting in his country and that the U.S. reserves the right to “defend its people and its critical infrastructure” from future attacks, the White House said.

The warning to Putin was largely a repetition of the tough rhetoric Biden had used during their meeting in Geneva last month, when he warned that there would be consequences for continuing cyberattacks emanating from Russia. Since then, a new ransomware attack linked to the Russia-based REvil hacking group has caused widespread disruption, placing Biden under growing pressure to this time marry the warning with actions — though none were immediately announced.

“I made it very clear to him that the United States expects when a ransomware operation is coming from his soil even though it’s not sponsored by the state, we expect them to act if we give them enough information to act on who that is,” Biden said, speaking to reporters at an event on economic competitiveness. Asked whether there will be consequences, he said, “Yes.”

The call with Putin underscored the extent to which the ransomware threat from criminal hacker gangs has mushroomed into an urgent national security challenge for the White House, and it suggested a possible concession by the administration that earlier warnings to the Russian leader had failed to curb a criminal activity that has taken aim at businesses across the globe.

A White House statement announcing the hourlong call also highlighted a U.S.-Russian agreement that will allow humanitarian aid to flow into Syria. The dual prongs of the agenda show how even as Biden pledges to get tough on Russia over hacking, there’s an inherent desire to avoid aggravating tensions as the administration looks for Russia to cooperate, or at least not interfere, with U.S. actions in other areas, including Syria, the Afghanistan withdrawal and climate change.

In his call with Putin, besides reiterating the need for Russia to take action and that the U.S. stands ready to act in response, Biden also “emphasized that he is committed to continued engagement on the broader threat posed by ransomware,” the White House said.

Biden told reporters that the U.S. and Russia have “set up a means of communication now on a regular basis to be able to communicate with one another when each of us thinks something is happening in another country that affects the home country. And so it went well. I’m optimistic.”

In its own summary of the call, the Kremlin said “Putin noted that despite the Russian side’s readiness to jointly stop criminal activities in the information sphere, U.S. agencies haven’t made any requests during the past month.”

The Kremlin said the two leaders emphasized the need for cooperation on cybersecurity, which it said “must be permanent, professional and non-politicized and should be conducted via special communication channels ... and with respect to international law.”

The Kremlin statement also noted that Biden and Putin touched on the situation in Syria “with a special emphasis on humanitarian aspects“ and “gave a positive assessment of coordination of Russian and U.S. efforts on the issue, including in the U.N. Security Council.”

The White House declined to discuss the tone of Biden’s call, though press secretary Jen Psaki said it did focus significantly on the latest breach, which cybersecurity researchers have said infected victims in at least 17 countries, largely through firms that remotely manage IT infrastructure for multiple customers.

Though Biden had previously said the attack had caused “minimal damage,” and it did not appear to target vital infrastructure, the sheer global scale and the fact that it occurred so soon after the Geneva meeting put immediate pressure on the administration to have some sort of response.

Officials did not immediately announce any specific actions they were taking or would consider taking. There are few easy options to resolve the threat without risking a conflict that could spiral out of control beyond the cybersecurity realm.

The Biden administration took office on the heels of a massive cyberespionage campaign known as SolarWinds that U.S. officials have linked to Russian intelligence operatives. But ransomware attacks, perpetrated generally by criminal hacker gangs rather than state-sponsored hackers, appear to have eclipsed old-fashioned spying as a potent threat.

A May attack on a pipeline that supplies roughly half the fuel consumed on the East Coast caused the company to temporarily halt operations. Colonial Pipeline paid roughly $4.4 million in ransom, although U.S. authorities were able to claw back a large portion of that sum in a law enforcement operation last month.

Hackers also recently extorted an $11 million ransom payment from JBS SA, the world’s largest meat processor.

view counter