No outcome of the Geneva summit was more eye-opening than
claim to have presented
with a list of 16 categories of U.S. cyber targets that must remain off-limits to attack.
Mr. Biden’s list almost certainly is the same as the one publicly posted by the U.S. Cybersecurity and Infrastructure Security Agency last year. It contains no state secrets. U.S. expectations that Mr. Putin will take a proactive hand against Russia’s for-profit hackers are also probably correspondingly low. It would impose costs and risks on Mr. Putin to interfere in a business that’s paying off so handsomely for some of his clients, including officials of his own security services.
But calling Mr. Putin’s attention to the list also calls the attention of Russia’s hackers to it, for whom surviving in business means being sensitive to the Kremlin’s ill-defined and often retroactive red lines.
Mr. Biden’s threat of retaliation would have been heard too and suggested to Russia’s hackers a new source of risk to their domestic immunity. Mr. Biden specifically mentioned Russia’s oil-field pipelines and elicited from Mr. Putin an agreement that such an attack would “matter” to him.
Admittedly this is speculative, but it smells like the U.S. is playing a three-cornered game with Mr. Putin and Russia’s hackers. If so, it fits what we know about how Russia operates. Mr. Putin is far from all-seeing and all-knowing. It also fits what we learned in the aftermath of the Colonial Pipeline hack that caused gasoline shortages in the Eastern U.S., when hackers believed to be part of the Russia-based group Dark Side conspicuously apologized for the collateral damage and pretended to dissolve their organization.
This message was certainly intended for Mr. Putin, not to appease U.S. authorities.
It also follows from what we know about the history of Russia’s cyber underworld, as illuminated by an episode in early 2017 amid the election-meddling furor. Almost simultaneous with the U.S. government announcing the indictment of named members of the Russian security services for a 2014 Yahoo email hack, Russia arrested the same officers on “treason” charges.
In the press emerged details of the officers habitually mixing with for-profit hackers, but their long sentences were reportedly for sharing the identities of certain Russian cybercriminals with Western police agencies. Never mind that the arrested officers operated the FSB bureau specifically tasked with cooperating with Western police agencies. Exposés in the Russian press suggested their real sin was either leaking to the U.S. the identities of the rival Russian military hackers who were behind the 2016 Democratic email heist or at least being so well-informed and well-connected to Western counterparts that it was deemed wise to put them under lock and key.
Lesson: Asking Mr. Putin for anything may be useless but creating situations that cause him to sense risk to his own position, which depends on being welcome and influential on the world stage, can get him off the dime.
At the moment, Mr. Putin owes Mr. Biden twice over, for relaxing pressure over the Nord Stream 2 pipeline and for the summit photo-opportunity, both of which strengthen his position at home. In the normal course of events, any token of reward for Mr. Biden would also likely be short-lived. After all, endless Russian mischief is what extorted a U.S. president to come to the table in the first place.
Thus a second notable development was Mr. Biden’s highly unusual invocation of the U.S.’s own cyber capabilities. The U.S. also has effective allies. Norway and Sweden are known to be key partners in monitoring Russian communications. Danish intelligence was recently outed for having assisted the U.S. even in spying on French and German leaders. In recent days, the FBI recovered part of the Colonial Pipeline ransom and, in a joint operation with Australia, used a fake messaging app to nab hundreds of alleged cybercriminals. On Wednesday, as Mr. Biden was meeting with Mr. Putin, Ukraine made a show of rolling up a local ransomware gang that specialized in blackmailing U.S. universities.
The tide may be turning. Big-dollar ransomware has always been a risky racket for practitioners because it necessitates prolonged communication and negotiation with the victim. If the U.S. is making progress, it’s not because Mr. Putin is being helpful but because Mr. Biden’s threats perhaps aren’t all empty talk.
Hence a third interesting moment was Mr. Putin’s claim at his own press conference that the U.S. and Canada are the world’s No. 1 and No. 2 source of cyberattacks. His comments were dismissed by the usual fact checkers, who assume he meant the kind of cybercrime Russia is associated with, but it’s not at all clear what he was referring to. It might be interesting to know.
Copyright ©2020 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8
Appeared in the June 19, 2021, print edition.