Despite Hacking, The United States is Not Seeking Broader Domestic Surveillance


Even as state-backed international hackers and cybercriminals increasingly use the internet to avoid detection, the Biden administration has no plans to increase government monitoring of the US internet, according to a senior administration official.

The administration is not currently pursuing additional authority to control U.S.-based networks, according to the official, because of the potential for privacy and civil liberties violations. Instead, according to the official, who spoke on the condition of anonymity to reporters, the administration will concentrate on closer alliances and increased information-sharing with private-sector firms that already have wide visibility into the domestic internet.

The remark was intended to recognise the tumultuous political controversy about domestic government surveillance — nearly eight years after former National Security Agency contractor Edward Snowden ignited an uproar with leaked agency documents — as well as the difficulties in balancing the increasing cyber protection imperative with privacy issues that come with increased monitoring.

Foreign state hackers are increasingly using virtual private networks (VPNs) located in the United States to avoid detection by US intelligence services, which are constitutionally prohibited from monitoring domestic infrastructure.

For example, in the critical second stage of the SolarWinds hacking campaign, alleged Russian intelligence operatives used U.S.-based VPNs to syphon data via backdoors in victims’ networks, creating an account that made it seem as if they were in the United States.

The hack, which was discovered in December, affected at least nine federal agencies and revealed “major gaps in modernization and cybersecurity technologies across the federal government,” according to the official. Hundreds of private-sector businesses were also impacted, with the telecommunications and software industries bearing the brunt of the damage.

The United States is also grappling with a different, much more severe and indiscriminate hack, which cyber investigators blame on China and which exploded into a global crisis last week.

It has allowed hackers to gain access to tens of thousands of servers running Microsoft’s Exchange email programme. Despite the fact that Microsoft has patched the vulnerability, affected server owners only had a “short time” to get their servers repaired, according to the official. According to the administration, criminal and state-sponsored hackers looking to exploit the fundamental bug are likely to cause even more havoc.

President Joe Biden has been briefed on the incident, according to the official, and private-sector cybersecurity experts have been brought in to work with White House officials on a response.

When it comes to new surveillance or monitoring powers, the administration’s position is “not yet, not now,” according to the official. According to the official, the administration is currently focusing on enhancing information flow with cloud providers and private companies that have good access into U.S. networks but aren’t subject to the same government restrictions.

Meanwhile, the cybersecurity community’s predictions that ransomware attacks using compromised Exchange servers will be unavoidable given the reach of the hack were proving right.

Microsoft has discovered a new ransomware family, dubbed DearCry, that takes advantage of the vulnerabilities. The website ID Ransomware, according to ransomware specialist Brett Callow of cybersecurity company Emsisoft, has received six submissions of the malware so far, from victims in the United States, Australia, Austria, Canada, and Denmark.

Microsoft said it was blocking the ransomware in a tweet, but Callow said, “It won’t necessarily avoid attacks.” Antivirus software detects and blocks most known ransomware, but hackers often disable antivirus software before deploying it, according to him.

In the last few years, the global ransomware outbreak — mainly the work of Russian-speaking and North Korean cybercriminals — has cost corporations, local governments, health-care facilities, and even K-12 school districts tens of billions of dollars.

Jennifer Thomas
Jennifer Thomas is the Co-founder and Chief Business Development Officer at Cybers Guards. Prior to that, She was responsible for leading its Cyber Security Practice and Cyber Security Operations Center, which provided managed security services.