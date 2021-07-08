WASHINGTON A senior U.S. cyber warfare lawyer is making public calls for military operations against transnational criminal hackers, shedding light on a debate inside and outside government over the best way to deal with ransomware and other virtual threats. .

Kurt Sanger, a Marine lieutenant colonel serving as a general adviser to the US Cyber ​​Command, argues in an article published last week on Lawfare.com that ransomware interruptions and other criminal threats of piracy have become so detrimental to national security that the use of military force against them with code lines, not bombs and bullets, as weapons are justified and legal.

“Under ideal conditions, law enforcement organizations would address any kind of criminal activity; however, in cyberspace, ideal conditions rarely prevail,” writes Sanger with a co-author, Peter Pascucci, a lawyer with the rank of commander in the Navy. “Transnational crimes, to varying degrees and sophistication, can exceed US federal law enforcement capacity to take immediate action. … Operational opportunities often need to be seized immediately by whichever entity is most positioned. good to do that. “

The article includes a standard denial that the views are those of the authors, not the US government. But it was significant that Sanger, who has worked in the legal trenches of military cyber operations for years, came out publicly and forcefully in favor of hacker hacking.

For years, successive administrations have been reluctant to respond forcefully with cyber weapons to piracy by nations or criminals, in part because the U.S. is uniquely vulnerable to cyberspace and leaders feared the implications of a retaliation and escalation of possible.

The authors drafted the section in response in a Lawfare article by Jason Healey, a former White House cyber adviser who is now a senior research researcher at Columbia University School of International and Public Affairs.

Healey had argued that a cyber military operation against criminal hackers should only be considered on a rare occasion when he meets a five-part test that requires the threat to be imminent, extremely dangerous, and linked to the state’s major opponents. komb.

“If implemented, the five-part Healey test will significantly hurt the United States and take key assets out of the hands of the president,” Sanger and Pascucci write. “The restraint imposed by this test is weak given the nature of cybercrime, the nature of cyberspace intentions and the threats that cybercrime poses to the nation and its interests.”

Such restraint may be “exactly what US opponents hope for when they perform law and getting involved in gray area operations, “they write.

“Gray zone operations” refers to the efforts of nation states to use representatives and other undeniable means to inflict pain on opponents to an extent that is only a minority of an act of war, with the idea of ​​limiting possible revenge.

Traditionally, American law and politics call for the military to be used against foreign and terrorist threats. But there have been exceptions in the real world, like when the Navy seal rescued a ship captured by Somali pirates.

Typically, the FBI investigates cybercrime with an eye toward prosecution. Military cyber operations against criminal networks of piracy seem to have been extremely rare.

“We tend to divide bad cyber actors into different categories and this kind of dictation who responds,” said Gary Brown, a professor of cyber law at National Defense University and a former adviser to Cyber ​​Command.

Last fall, according to people informed about the matter, the Cyber ​​Command shot down a large botnet run by Russian-speaking hackers in the largest known example of a military cyber operation against criminals.

As first reported by The Washington Post, the operation was justified to defend the 2020 election because there was intelligence that the botnet could be used to intervene.

Botnet was also used to install ransomware.

These types of military cyber operations “could be absolutely disruptive” to criminal networks, Brown said, even if they could ultimately resume their operations.

Cyber ​​experts say similar operations could be ordered against, for example, REvil-based ransomware gangs and DarkSide, which have recently crippled and extorted businesses under US President Joe Biden is under pressure to act as global businesses try. to avert another ransomware attack by REvil, three weeks after Biden warned Russian President Vladimir Putin to crack down on criminal hackers in Russia.

Sanger and Pascucci argue that cybercrime is different in scope from other types of crime, deserving of a national response that could include military force.

“Not so long ago, it would take an attack armed with good resources to achieve the strategic impacts that can be produced by some cybercrime,” they write.

The Colonial Pipeline Revenge, in particular, “highlights the far-reaching and serious impacts that criminals can cause through cyberspace,” they add. It was a crime, they say, but also a threat to national security.

“The mission of the US military is not to conduct military operations. Its mission is to protect the nation,” the authors write. “If the United States insists on a common ordering of threats, federal organizations and capabilities, they will certainly fail to protect its citizens, its interests and its values.”

In a statement, a Cyber ​​Command spokesman said, “US Cyber ​​Command roles are to enable our partners with the best knowledge available and to act when ordered to disrupt, degrade or otherwise impose consequences on our adversaries. offers options but does not define policy “