Yup…16 of them. All the other parts of infrastructure is okay or not as important? Does the same list apply to hackers from China, Iran or North Korea? Do they get a copy too?
Primer:
Remember MH17? Just for what context on Russian operatives, it is not just the United States.
Russian hackers compromised the computer systems of the Dutch national police while the latter were conducting a criminal probe into the downing of Malaysia Airlines Flight 17 (MH17), according to a new report. MH17 was a scheduled passenger flight from Amsterdam to Kuala Lumpur, which was shot down over eastern Ukraine on July 17, 2014. All 283 passengers and 15 crew on board, 196 of them Dutch citizens, were killed.
Dutch newspaper De Volkskrant, which revealed this new information last week, said the compromise of the Dutch national police’s computer systems was not detected by Dutch police themselves, but by the Dutch General Intelligence and Security Service (AIVD). The paper said that neither the police nor the AIVD were willing to confirm the breach, but added that it had confirmed the breach took place through multiple anonymous sources.
On July 5, 2017, the Netherlands, Ukraine, Belgium, Australia and Malaysia announced the establishment of the Joint Investigation Team (JIT) into the downing of flight MH-17. The multinational group stipulated that possible suspects of the downing of flight MH17 would be tried in the Netherlands. In September 2017, the AIVD said it possessed information about Russian targets in the Netherlands, which included an IP address of a police academy system. That system turned out to have been compromised, which allowed the attackers to access police systems. According to four anonymous sources, evidence of the attack was detected in several different places.
The police academy is part of the Dutch national police, and non-academy police personnel can access the network using their log-in credentials. Some sources suggest that the Russian Foreign Intelligence Service (SVR) carried out the attack through a Russian hacker group known as APT29, or Cozy Bear. However, a growing number of sources claim the attack was perpetrated by the Main Directorate of the Russian Armed Forces’ General Staff, known commonly as GRU, through a hacker group known as APT28, or Fancy Bear. SVR attackers are often involved in prolonged espionage operations and are careful to stay below the radar, whereas the GRU is believed to be more heavy-handed and faster. The SVR is believed to be partly responsible for the compromise of United States government agencies and companies through the supply chain attack known as the SolarWinds cyber attack, which came to light in late 2020. source
(notice Victoria Nuland at the table?)
President Biden told reporters Wednesday he gave President Vladimir Putin a list of 16 critical infrastructure entities that are “off limits” to a Russian cyberattack.
Those entities include energy, water, health care, emergency, chemical, nuclear, communications, government, defense, food, commercial facilities, IT, transportation, dams, manufacturing and financial services.
“We’ll find out whether we have a cybersecurity arrangement that begins to bring some order,” Biden said. Putin, for his part, denied any involvement in a recent spate of cyberattacks that have hit major industries across the U.S.
“I looked at him. I said, ‘How would you feel if ransomware took on the pipelines from your oil fields?’ He said, ‘It would matter.’ This is not about just our self-interest.” the president said.
Biden refused to say if military action was on the table if Russia was found to be responsible for a ransomware attack.
“In terms of the red line you laid down is military response an option for a ransomware attack?” a reporter asked.
“Thank you very much,” Biden said as he abruptly tried to end the shorter-than-expected conference. “No, we didn’t talk about military response,” he said when pressed again.
Biden in another moment had said he didn’t make any threats but rather “simple assertions.”
Biden stressed the need for both nation “to take action against criminals that conduct ransomware activities on their territory.”
Putin, in his own press conference after the meeting, claimed that American sources say that a “majority” of the cyberattacks in the world come from within the U.S.
The number of organizations affected by ransomware has jumped 102% compared to the beginning of 2020 and “shows no sign of slowing down,” according to a research note last month from IT security firm Check Point.
Both Colonial Pipeline and JBS Holdings, a meat-processing company, have been subject to major cyberattacks, where against the guidance of the FBI they paid millions of dollars in ransom to resume operation. The Colonial Pipeline attack was linked back to a Russian hacking group.