U.S. announces up to $10m bounty on nation-state hackers
Months after a ransomware attack forced Colonial Pipeline to shut operations, the U.S. State Department has announced a bounty of $10 million (£7.26 million) on information about state-sponsored hackers who are carrying out malicious cyber activities against U.S. critical infrastructure.
The offer, which could benefit White Hat hackers and threat
hunters in the coming days, promises a bounty of up to £7.26 million to anyone
who can offer information that leads to the identification or location of any
malicious actor who is in the business of targeting U.S. critical
infrastructure at the direction or under the control of a foreign government.
The offer, announced by the U.S. State Department on
Thursday, also stipulates that the hacking activity should be in violation of
the Computer Fraud and Abuse Act (CFAA). Acts that constitute as violations
under the law include “transmitting extortion threats as part of ransomware
attacks; intentional unauthorized access to a computer or exceeding authorized
access and thereby obtaining information from any protected computer; and
knowingly causing the transmission of a program, information, code, or command,
and as a result of such conduct, intentionally causing damage without
authorization to a protected computer.”
“Commensurate with the seriousness with which we view these
cyber threats, the Rewards for Justice program has set up a Dark Web
(Tor-based) tips-reporting channel to protect the safety and security of
potential sources. The RFJ program also is working with interagency partners to
enable the rapid processing of information as well as the possible relocation
of and payment of rewards to sources. Reward payments may include payments in
cryptocurrency,” the State Department said.
“We encourage anyone with information on malicious cyber
activity, carried out against U.S. critical infrastructure in violation of the
CFAA by actors at the direction of or under the control of a foreign
government, to contact the Rewards for Justice office via our Tor-based
tips-reporting channel at:
he5dybnt7sr6cm32xt77pazmtm65flqy6irivtflruqfc5ep7eiodiad.onion (Tor browser
required).”
Commenting on the first-ever bounty offered by the U.S.
government to identify and locate state-sponsored hackers, Richard Walters, CTO
of Censornet, told TEISS that this is a significant reward that could turn the
head of any ransomware hacker. However, it is difficult to establish if the
offer amount is sufficient to lure hackers away from the lucrative ransomware
industry and report on their colleagues.
“Cybercriminals are masters of disguise and subterfuge, so
it’s not guaranteed that they are in possession of any identifying information
about their colleagues. Also, ransomware is a profitable business. Would
hackers risk killing their golden goose by turning in a partner in crime?” he
said.
“When you pay a ransom, there’s no guarantee a cybercriminal
will come good on their promises and hand back your data. Can we really trust a
hacker who informs on their colleagues? How can we guarantee they won’t lie or
simply disappear with the money? We can’t, basically.
“Hackers are not to be trusted when it comes to ransomware
negotiations, which is one reason why we advise that they shouldn’t pay
ransoms. It might be wise for the US State Department to consider this fact
when dealing with cyber-informants,” he added.
On the same day when the bounty was announced, the U.S.
Department of Justice (DOJ) and the U.S. Department of Homeland Security (DHS)
also launched a new website, named Stop Ransomware.gov, as a one-stop hub for
ransomware resources for individuals, businesses, and other organisations.
According to DoJ, StopRansomware.gov is the first central
hub consolidating ransomware resources from all federal government agencies. It
offers individuals and businesses guidance, the latest alerts, updates, and
resources related to ransomware attacks. This way, individuals and
organisations won’t have to visit a variety of websites to find the latest
information and alerts about ransomware threats.
“Like most cyber attacks, ransomware exploits the weakest
link. Many small businesses have yet to adequately protect their networks, and
StopRansomware.gov will help these organisations and many more to take simple
steps to protect their networks and respond to ransomware incidents while
providing enterprise-level information technology (IT) teams the technical
resources to reduce their ransomware risk,” the department said.
Comments
Post a Comment