Tom Spiller is the former President of the Conservative National Convention and chaired the 2017 party conference.
It is rare that a month goes by without the Russian regime broadcasting its noxious brand of propaganda, over-flying somewhere it shouldn’t, or harassing boats at sea – one might very-well be forgiven for telling them that they should shut up and go away.
Most recently, Russia’s activity in Ukraine puts into stark context its usual day-to-day energy diplomacy and acts of trespass. It is more immediate, more worrying and, sadder still, threatens to cause a significant number of deaths. No doubt President Putin has been emboldened by the naïve behaviour of Angela Merkel who approved Nordstream 2, but this article is not about that.
It is about something far more damaging that threatens our way of life here in Britain. I am talking about “ransomware as a service” or, to put it simply, Russian state-sponsored cyber criminality on an industrial scale.
Every day Russian cyber criminals look for ways to infect British businesses (the Labour Party has now been hit at least twice) with malware to prevent them from functioning until a ransom is paid, often in untraceable cryptocurrency.
This is no mere opportunistic and undirected crime. It is a sophisticated industry and our best guess is that it has cost the British economy several hundred million pounds a year since 2017.
The sophistication is clear from the structure of the industry.
The creators of ransomware operate a franchising system. They create and maintain top quality products, advertise their wares and provide all possible support to their franchisees, whose role is to identify targets, infect target IT systems and then negotiate ransoms in cryptocurrency.
The ransom transfers back to the franchisor, is laundered and divided between the criminals. Perhaps the most perverse part of this whole business is the brand-protection element. Ransomware brand names are ruthless in ensuring their affiliates remove malware upon the payment of ransom – after all, no one would pay an organisation that didn’t.
As with all significant organised crime, this level of sophistication is only possible where the criminals have safe territory in which to organise and protection from a host state. And they have found a home-base in Russia, a country which is seemingly immune from ransomware attacks.
One could draw a comparison to the British privateers of the Elizabethan era and the industries that supported and supplied them. The difference being that, if Drake hijacked a shipment of Spanish jewels at sea, it wouldn’t cause a hospital to immediately stop functioning. Food deliveries wouldn’t be disrupted on a nationwide scale. Power stations wouldn’t cease to operate. Entire borough councils wouldn’t grind to a halt.
Recent events (take your pick: panic buying, Covid restrictions, gas market disruption) have taught us that our economy has a sophisticated but fragile supply chain. It is a fragility that bad actors in Russia are keen to exploit. They live in luxury in Moscow, drive to work at offices in the most desirable sky-scrapers in the city’s financial district in fluorescent Lamborghinis and channel criminal money through Russian banks.
By some estimates there are 50 crypto-exchanges which serve to facilitate the conversion of ransom payments to cash. The Americans are certain of this and have sanctioned the worst offenders, who don’t try to hide their activity.
Predictably, Russian law enforcement has a standard, smirking line when asked to arrest these criminals: no Russian law has been broken so we cannot act.
Both the Russian state and the criminals that operate from Russian territory are ambivalent to the destruction that they cause. That is because they consider themselves to be at war. And this activity is surely what is now referred to as “war by other means”, or asymmetric warfare, to use an older phrase.
I have already listed some of the more jaw-dropping potential effects that cyber criminals can have – and we know that they targeted the NHS (and other European healthcare systems) during the peak of the pandemic – but just look at the headline figure. This activity is having an impact on a huge scale and is plainly designed to harm and drain our economy. To disrupt and damage our way of life in tangible ways that have an effect on British soil.
This brings British policy in this sphere starkly to light. In the world of crypto-currency the state’s efforts are focussed on introducing sufficiently robust anti-money laundering checks to attempt to separate the illegitimate actors from the crypto-pioneers.
In the slightly older world of ransom payments, the state’s policy is more akin to “don’t-ask-don’t-tell”, which leaves crypto-exchanges and insurance companies paying ransoms in an uncomfortably grey legal area.
The reality is that whatever steps we take to regulate activity on our own territory, the criminal cryptosphere (and of course the agencies of the state itself) in Russia will provide all of the services that the criminals need to steal money from hard-working British businesses and enjoy their ill-gotten wealth.
Surely it is time to now recognise the continuum that exists between Russians actions in Ukraine and cyberspace?
The level of Russian hostility towards us has been under-estimated. Now is the time to admit the significant threat that the state-sponsored Russian cyber criminals pose to us and disrupt them in the same way that we do drug cartels and terrorists.
Today, Russian cyber-warfare is sub-contracted to modern-day privateers but, if Russia were to take this activity in-house and use malware without seeking a ransom, the results would be truly crippling, and would cause injury and loss of life on a significant scale.
It is time to get real about this threat and to respond accordingly.