IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Hacking the Hackers — International Coordination

Turn about is fair play.

International hackers are a problem. Generally they have been safe from prosecution. A couple of years ago I had the opportunity to speak with a cybersecurity delegation from Poland.

I asked them about their own ability to pursue hackers and bring them to justice. The biggest problem are international hackers who are outside the justice system of an individual nation. They had not solutions to offer.

Then there is this recent news. It is not justice in the form of a trial and punishment, but is "revenge served warm" by attacking hackers and putting them back on their heels with their own tactics.

Read below information that was shared with me:

The ransomware group REvil was itself hacked and forced offline last week by a multi-country operation, according to cyber experts. See a story here, FBI, others crush REvil using ransomware gang’s favorite tactic against it

Robert Cattanach is a partner at the international law firm Dorsey & Whitney who advises companies about ransomware attacks. He has previously worked as a trial attorney for the United States Department of Justice and was also special counsel to the Secretary of the Navy. Today he practices in the areas of regulatory litigation, including cybersecurity, privacy and telecommunications, civil and criminal enforcement proceedings and international Regulatory Compliance (EU focus). He says this hack demonstrates countries taking hard stand against cybercriminals:

"Confirming speculation over the cause of the latest demise of notorious cybergang REvil’s website, Reuter’s reports that a consortium of ‘like-minded countries’ – likely spearheaded by the FBI, Cyber Command, and the Secret Service – took a page from the hacker’s playbook and covertly corrupted backups, which Revil apparently attempted to use to restore its functioning after the FBI took it down earlier. Infecting backups with secret malware is a common strategem used by hackers to deter victims from attempting to restore their systems, and instead pay the ransom rather than going through the time and expense of a clean reboot.

But apparently someone at REvil didn’t get their own memo, and attempted to use REvil’s backup files to restore their systems – always a risk if you’ve been hacked, but one which some victims are willing to take to avoid the costly and time-consuming alternative. And it also demonstrates a resolve not previously seen by the US and its allies to pursue cybercriminals with aggressive counterstrikes, which may themselves be of dubious legality under international law. Whether this prompts even more destructive escalations by cybercriminals, or causes the likes of REvil to tap the brakes a bit, remains to be seen," Cattanach says.
Eric Holdeman is a contributing writer for Emergency Management magazine and is the former director of the King County, Wash., Office of Emergency Management.