Now We Know the Power of the Dark Side

How RAAS is re-imagining hacking.

Photo by R.D. Smith on Unsplash

If I were to ask anyone what their favorite scene in Star Wars is, the top answer would be the climactic sequence of The Empire Strikes Back, where Luke Skywalker took on Darth Vader in the highly anticipated lightsaber duel that everyone had been waiting to see since the saga first began.

Unfortunately, Luke hadn’t completed his training and Darth Vader was able to overpower him, besting him in combat and lopping off one of his hands. Backed onto a ledge, Darth Vader offers Luke a position at his side in leading the Galactic Empire — uttering the now infamous quote, “If you only knew the power of the dark side,” (complete with the grisly, rhythmic, mechanical sound of his breath) in an attempt to lure the hero with a promise of a mass of power that he can’t even comprehend yet.

This is a dramatic and exciting cinematic tale, not very different from the powerful narrative of the biblical serpent’s tale, where ‘good’ versus ‘evil’ has captured the minds of humankind over millennia. So it is no surprise that this fundamental tension in duality has plagued people from the dawn of time, and the question begs — is truth stranger than fiction?

The spate of recent cyberattacks, such as the SolarWinds assault on the US Treasury, Nuclear Agency and the NSA, or the massive global hack of Microsoft email server software introduces the uncomfortable realm, where the lines between fantasy and reality are increasingly blurred. The most recent attack against Colonial Pipeline, one the nation’s largest pipelines, should completely erase the line between fiction and truth for everyone, demonstrating that real life is just as, if not more, remarkable than invented tales — and here is why.

Let’s start by discussing how the Colonial Pipeline attack unfolded. On May 7, 2021 it was formally announced it suffered a cyberattack, where 100 gigabytes of data was stolen and then held for ransom, and the operator’s defensive maneuver was to shut down all pipeline operations in response.

With that we know the victim: the customers of the pipeline, or the whole East Coast for that matter, who are lined up in a panic buying surge, unable to get fuel and undoubtedly hit hard with inflated prices at the fuel pump. Much like Batman, in swoops the hero, the US Government, and it is carrying a big stick — backing up Colonial Pipeline with threats to the attackers and promising to exact justice by hunting the criminals down and to hold them accountable. Just three days later, May 10th, the evil villain is revealed: the aptly named DarkSide, a ransomware group that emerged from the depths of the murky side of the Web with a veneer of professionalism and efficiency in August 2020, is the group behind the attack.

We have the makings for an exciting ‘good’ versus ‘evil’ story.

With the stage set, we have all the makings for an exciting ‘good’ versus ‘evil’ story — innocent victims? Check. Unappreciated hero? Check. Smart villain? Check. I am bursting at the seams with anticipation, ready for the battle to begin.

Act One.

In the first act, our hero, the U.S. government, springs into action by calling in law enforcement authorities and other federal agencies. Squaring off with the enemy, the F.B.I. along with the Department of Energy and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency are all lined up, ready for the fight. Then the Federal Motor Carrier Safety Administration issued a regional emergency declaration to lift restrictions for motor carriers and drivers to provide assistance in softening the blow of a gasoline shortage.

Act Two.

As if it were following some Hollywood script, in Act Two, emergency meetings are taking place with our hero, the White House, drawing the line with the enemy with its second line of defense of preparing an executive order intended to bolster the security of federal and private systems and declaring it is taking a “zero trust” posture with software vendors — granting them access to federal systems only when necessary, and only if they can certify that they have complied with a new set of digital safety standards. The order, which is expected to be issued in the coming days, would establish a small “cybersecurity incident review board,” which is loosely based on the National Transportation Safety Board that investigates major accidents at air or sea. Can you feel the tension? I can — with fists clenched and teeth gritting, I am waiting for the villain to just get creamed.

Act Three.

And then, in Act Three, something really weird happens — no doubt, as pressure is mounting from US law enforcement and the White House itself, DarkSide, the evil villain, blamed the hack on DarkSide’s affiliates, and pledged to more thoroughly vet the criminals it contracts with. Whaaaat? (sound of screeching brakes, bringing everything to a halt) — by deflecting the blame to others, DarkSide sounded like every other corporate press release. Amazingly, it even went further “We are apolitical, we do not participate in geopolitics,” DarkSide posted on Monday. “Our goal is to make money, and not creating (sic) problems for society. From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.” Really? I mean … (at a loss for words) … really? The villain refuses to fight? Really?

And this, folks, is where truth becomes stranger than fiction.

Who would have expected this? And this, folks, is where truth becomes stranger than fiction. While this truly ratcheted up the story on the excitement meter for a second, the bubble of anticipation for the hero to unequivocally win the duality battle burst, when I realized that the evil villain is sounding like any industry promising to self-police as an alternative to government regulation.

Sounding so much like FaceBook, DarkSide’s doubtful pledge to self-regulate probably stems from the ransomware group’s concerns that it had crossed a red line. So why would it promise to ‘behave?’ — with the hope of lessening the repercussions which may threaten its short existence, this reaction by the villain actually exposes the real problem with cybersecurity — greed, not politics, is the motivating factor behind these attacks, pure and simple.

Borrowing from the SaaS model, there is a new category in subscription software: RaaS, or Ransomware as a Service — and it is the new business model of the Dark Web. Gone are the independent hackers — there’s a new kid in town and it is organized and professional — it even announced its presence in a formal press release on its Web site back eight months ago. It uses a double-extortion model of not only locking up the victim’s data with encryption, but then also threatens to release it — and it is wildly profitable.

Dark Side hackers, a modern-day Robin Hood?

And since it has surfaced it has used a charm offensive, spinning its murky image into a modern-day Robin Hood by donating proceeds of its thefts to two non-profit organizations. Trying very hard to not roll my eyes in annoyance, DarkSide even has the audacity to advertise a code of conduct on its Web site, where it declares that hospitals, hospices, schools, nonprofits and government agencies are off limits. Because Colonial Pipeline is a privately held organization, it was considered fair game — but with the latest attack, it has drawn the attention, and the ire, of the US Government.

This latest mis-step by the attacker, however, provides an opportunity to accelerate solutions for the development of a defensive posture against well-organized, corporate-type, reimagined hackers of today, who are after profits and nothing political, as nation-state hackers would be.

Some industries — such as the nation’s biggest financial institutions — have invested billions of dollars, but many have not. Some government officials have been beating the drum about the same issue since the George W. Bush administration. Unfortunately, efforts to regulate minimum cybersecurity standards for companies that oversee critical systems have repeatedly failed, most notably in 2012, when lobbyists killed such an effort in Congress. Their argument? Standards would be too expensive and too onerous for businesses, completely ignoring the gargantuan cost of the alternative. “The ghost of 2012 hangs over this,” says James A. Lewis of the Center for Strategic and International Studies in Washington. “But we’ve been recommending these same measures since there were two people on the internet.” To take on the new threat, it is incumbent on the government to treat the issue with the same urgency it had treated 9/11, because that is the only way it will bring the collective effort required within the institution to deliver an effective answer — so far it seems as though they are.

Further still, because this is a private target, there needs to be a comprehensive effort to calibrate efforts between the private and public sectors of the economy to successfully tackle this economically-motivated vector — this can be achieved by eliminating fragmentation and consolidating authority. To that point, another hopeful sign is the Ransomware Task Force led by the Bay Area-based Institute for Security Technology, that delivered an exhaustive framework prepared by executives from Amazon Web Services, Microsoft, Cisco, and dozens of other organizations, including the FBI, calling for urgent action to combat ransomware — but this time in a more aggressive public-private response, rather than the historically piecemeal one. Leading a similar effort on the government level, the Justice Department is now identifying a “blended threat of nation-states and criminal enterprises, sometimes working together to exploit our own infrastructure against us.” Why is this significant? Until now, the Justice Department has largely pursued a strategy of indicting individual hackers, few of whom ever stand trial in the United States.

Act Four.

So Act Four, the climactic ‘The End,’ to this story is still not written and remains to be told. Whatever the outcome, I have great confidence that the US Government will prevail. Why? Because the signs are there that our hero now knows the power of the dark side. So get out the popcorn and watch the show — I am secretly hoping there will be lightsabers.

A lifelong learner, insatiably curious, prefer the road less travelled and forever fascinated by Albert Einstein being born 3/14th.