The Biden administration has no plans to step up government Internet surveillance in the United States, although foreign hackers and state-backed cybercriminals increasingly use it to evade detection, a senior administration official said Friday.
The official said the administration, aware of the privacy and civil liberties implications that may arise, is not currently seeking additional authorities to monitor US-based networks. Instead, the administration will focus on closer partnerships and better information sharing with private sector companies that already have broad exposure on the national internet, said the official, who spoke to reporters on condition of anonymity.
The comment was an acknowledgment of the intense political debate surrounding national government surveillance – nearly eight years after former National Security Agency contractor Edward Snowden sparked a scandal with leaked agency documents – and an acknowledgment of the challenges in the balance the growing cyber defense imperative against the privacy concerns that come with enhanced monitoring. Hackers from foreign states are increasingly using U.S.-based virtual private networks, or VPNs, to evade detection by U.S. intelligence agencies, which are legally bound from monitoring of domestic infrastructures.
In the crucial second phase of the SolarWinds hacking campaign, for example, suspected Russian intelligence agents used US-based VPNs to steal data through backdoors into victims’ networks, creating an account that made it look like they were in the United States. . The hack detected in December compromised at least nine federal agencies and exposed “significant gaps in cybersecurity modernization and technology across the federal government,” the official said. Dozens of private sector companies have also been affected, the telecommunications and software sector more heavily.
The United States is also facing a separate, much more widespread and indiscriminate attack that cybercriminals attribute to China that became a global crisis last week. It has exposed tens of thousands of servers running Microsoft’s Exchange e-mail program to intrusions. Although Microsoft fixed the vulnerability, the affected server owners only had a “short period” to repair the vulnerable servers, the official said. Criminal and state-backed hackers seeking to exploit the underlying flaw tend to cause more chaos, the administration says.
The official said President Joe Biden was informed of the incident and private sector cybersecurity investigators were brought in to confer with White House officials on a response.
When it comes to pursuing new supervisory or monitoring authorities, the official described the administration’s position as “not yet, not now”. The official said the administration is currently committed to improving the flow of information with cloud providers and private companies that have good visibility in US networks but are not bound by the same government constraints.
Predictions from the cybersecurity community has proven correct, meanwhile, that ransomware attacks exploiting compromised Exchange servers would be inevitable given the scale of the hack.
Microsoft said it has detected a new ransomware family, called DearCry, taking advantage of the trade-offs. Ransomware expert Brett Callow of cybersecurity company Emsisoft said the ID Ransomware website has received six reports of the malware so far: from victims in the United States, Australia, Austria, Canada and Denmark.
Microsoft said in a tweet that it was blocking the ransomware, but, Callow said, “It won’t be necessary to stop the attacks.” Antivirus products detect and block many known ransomware, but hackers often disable those products before distribution, he said.
The global scourge of ransomware – primarily the work of Russian and North Korean-speaking cybercriminals – has cost businesses, local governments, healthcare professionals and even K-12 school districts tens of billions of dollars in recent years.
(This story has not been edited by our team of editors and is generated from a feed.)
- Despite the hacks, the US is not seeking expanded internal surveillance