[01:14] Dmitri Alperovitch Institute

Rachel: Joining us today is Dmitri Alperovitch. He's the co-founder of think tank Silverado Policy Accelerator, and also the co-founder of CrowdStrike. Welcome to the podcast, Dmitri. Dmitri: Great to be back with you guys.

Rachel: You've been in the news a lot lately. I've been following your Twitter. It’s a really great initiative that you've stood up with Johns Hopkins with the Alperovitch Institute. Could you share that with folks? It was recently launched right on the top of the International Spy Museum.

Dmitri: It was. We had Secretary Mayorkas there from Homeland Security. Also Jen Easterly from CISA, Rob Silvers, summer secretary of policy of DHS. We had senior leadership from the FBI and the intelligence community there. Just a fantastic crowd along with many private sector attendees, including your very honor, Trexler. It’s a great event. It was all about something that we wanted to do, which is to give back to the community. To focus on one of the key issues we have in cybersecurity today, which is workforce development.

We don't have enough people in this field. And we don't have enough people that appreciate the intersection between technology and policy. It’s a critical thing that you need to have if you're going to have a career in this field. It is not just about the bits and bites, it's about understanding how policy moves in this town. The geopolitical ramifications of cyber. I've long said, and in fact, Secretary Mayorkas has quoted me on that. His remarks that, "We don't have a cyber problem, we have a Russia, China and North Korea problem," which presents significant challenges to us in cyber.

Dmitri Alperovitch Disconnects Cyber From Geopolitical Fights

Dmitri: But you can't disconnect cyber from the geopolitical fight that we're in with these nations, geopolitical competition. The Alperovitch Institute is going to be hosted inside the School of Advanced International Studies, SAIS, at Johns Hopkins University. It’s one of the leading international affairs schools in the country, in one of the top universities in the world. It is going to be led by a terrific professor, Dr. Thomas Rid, one of the leading academics.

He really understands that in cyber, more than virtually in any other field, you really need to engage with the private sector. That's where all the data is. They're on the front lines of these attacks. He's been pioneering a lot of the cyber research in academia in terms of going back and looking at past attacks. One of his fascinating investigations in recent years was to go back to Moonlight Maze. It occurred 20 years ago when the Russians famously started hacking the Pentagon and other national security systems.

He wants to go back and reinvestigate that case. And he actually discovered the server that was hacked, that was used for the Commander Control servers by the Russians in the UK. He found the server and the logs from that server.

Eric: 20 years later it was still running.

Dmitri: 20 years later, and he managed to trace it, some of the indicators from that 20-year-old hack, and some of the more recent attacks we have seen from Russia. Then connect it to some of the recent intrusions and activities. Those are really pioneer work on many fronts that he has done. He's the author of the Active Measures book that came out last year.

 

History of Information Operations

Dmitri: It’s about the history of information operations to highlight that this has been going on for over 100 years. That this is not new, despite all the huhaha over the last few years about Facebook, Twitter, and social media trolls and bots. The goal is to develop the next cadre of professionals in this field. There's going to be three key elements from an educational perspective in this Institute. One is that we're going to offer a master's program in strategic cybersecurity and intelligence studies.

It's going to be called MA SCI. We spent a lot of time working on that acronym. It's going to be a one-year program and really targeted at professionals. Johns Hopkins does a really good job with offering nighttime classes. They have people from the intelligence community, from parts of the government, private sector, getting these degrees. We're going to be doing the same thing where, if you have a full-time job in the government or even in the private sector, you can still take classes.

Then within a year, get a really great degree in cybersecurity, master's degree. There's going to be a PhD program as well. We're recruiting two PhD candidates right now for a fully funded PhD program starting next fall. The goal behind the PhD program is to build the next cadre of professors. Thomas is great, but unfortunately Thomas won't live forever. We need some people to come out. Occasionally, he does take sabbaticals and vacations. So we need a bigger cadre of people that will not be taking the mantle and carrying this on.

 

Dmitri Alperovitch Wants to Make It Sustainable

Dmitri: One of the things that's really important to me with this Institute is to make it sustainable. Make sure it carries on long after I'm gone from this planet. I do think that the cyber issues will continue for a very long time. The third element is going to be an executive education program. It’s going to be about a week to eight days program for senior leaders in government. The general officers or senior SES professionals, senior private sector leaders, CEOs, and senior executives of companies come together for a week or a few more days at Johns Hopkins.

They deep dive into strategic cyber issues that they need to know in the course of their daily jobs. Think about how to apply those lessons in their respective fields. It's also going to be a great networking opportunity. The Institute is going to be hosted in a great location at 555 Pennsylvania Avenue. It’s the old museum building that Johns Hopkins has bought and is currently renovating. It is the perfect location, an incredible building that's right in between Congress and White House and Pennsylvania Avenue.

It's going to have amazing views of all of DC on the roof of that building. At the top floor of that building is where the executive education program is going to be hosted. So I couldn't be more excited about this. Encourage all of your listed nurses to take a look. Applications are due December 15th for their May program and for the Ph.D. program. We'll provide more information on the exec ed program in the new year. People that are interested in applying should take a look at that. For people that are already experts in cyber, we're looking for adjunct professors, guest lecturers.

 

[08:01] An Incredible Cadre of People

Dmitri: We have an incredible cadre of people that have already signed up to lecture from industry. So we have people from CrowdStrike and FireEye and Facebook, and many other people that are going to be teaching courses in the May program. You're going to get incredible exposure to the best of the best of the industry. It's going to be really valuable. Of course, companies that want to provide assistance and sponsorship opportunities in terms of scholarships for students, we would be delighted to have their support too.

Eric: Is there a program out there today other than this that blends policy and the technology together in the same type of way?

Dmitri: There really isn't. That was the goal for me to start this program. There's a lot of great programs out there. I'm beneficiary of one from my Alma mater, Georgia Tech, which was a terrific program. I was the first graduate out of their master's program 20 years ago now. I’m dating myself here, but it was a technical program. It had a few policy components. But they’re really not what you need to marry these strategic studies, intelligence studies.

Thomas is a scholar of intelligence and has deep relationships with the intelligence community. In fact, John McLaughlin, the former acting director of the CIA is going to be one of the lecturers as well in this program. So we're going to have incredible exposure to the best of the best thinkers, both on cyber issues, but also intelligence and strategy and policy.

Eric: Clearly, if anybody's read your writings of any type lately, they recognize that there is a need to fuse that diplomacy, that policy with the technology piece.
 

The Bits and Bites

Dmitri: The bits and bites are very important, don't get me wrong. I spend my career in the industry building technologies to help avoid critical cyber attacks, but that alone will not solve it. We need policy, we need people to ultimately have that tryout of technology policy. People who will address and minimize the risk. We have underspent in the other two areas.

Eric: In the technology area where we've underspent and we continue to underspent, we'll never be able to spend enough. There's no way to play defense and win with just technology. Let's transition to the Policy Accelerator. What's the difference between the Alperovitch Institute, which is there to educate and train, and the Silverado Policy Accelerator, which you started up in '21?

Dmitri: We launched Silverado Policy Accelerator earlier this year in February. The Alperovitch Institute is an academic program. It's part of John Hopkins. John Hopkins is running it.

You get the Maryland certified graduate degrees and education certificates and the exec ed program. That's one piece of the puzzle in terms of trying to build the next cohort of leaders and policy thinkers in this space. Silverado Policy Accelerator is all about action. It's about how we move policy along on some critical issues that our country desperately needs to improve our position in. The broad theme for us is the renewed great power competition. The rise of China, the threat that it presents to our livelihood, to our economy, to our national security. How do we best address it in a couple of key areas where we have some unique expertise?

 

Dmitri Alperovitch Joins the Age of Power Competition

Dmitri: As you might imagine, I know a couple of things about cyber. Cyber is one of the areas that we're focused on, but it's not the only area. We have two other areas that we think are critical in this new age of a great power competition. The second area is our trade and industrial security policy area. One of the key elements that we're focused on is semiconductors and securing the supply of semiconductors. By the way, we don't have a cyber problem if there's no semiconductors. We will not have any computers, problems solved.

Eric: It's interesting. I just ordered a new MacBook. It was overnight shipping, but it sat in China for 11 days lost in customs.

My thought was, "If they ever wanted to shut us down, they could arbitrarily leave things in customs. Or they could offensively just stop us from receiving equipment." We definitely have an issue.

Dmitri: I know they're listening to the podcast, so I'm sure they're looking for that MacBook right now to deliver it to you very quickly. But make sure it comes.

Eric: They’re delivering today, luckily, but I was sweating it for a while. It just sat there with no visibility. Apple couldn't do anything because it was in the system. UPS couldn't do anything because it was in the system. It reminded me how powerless as a nation we can be when the supply chain requires external or third parties that we can't just control with a remote control.

Dmitri: Maybe they're having COVID issues with their zero COVID policy. They're shutting things down anytime they find one case of COVID. It may be that they're not as efficient as they used to be.

 

COVID-Related Delays

Eric: That's what UPS said. Dmitri: When they were trying to put a bug into a computer, before it would take an hour, now it takes 11 days. That could be the cause of some of the delays.

Eric: They definitely said there were COVID-related delays coming from UPS. But it could have just been, "Oh, this is going to Eric, Rachel's co-podcaster. We need to get some extra equipment into that system."

Dmitri: A little present for Christmas for you. The third area, the third pillar of our work is what we call an eco intersection between ecological and economic security in this new push on climate change and net zero policy. How do we make sure that we are continuing to think about the national security implications of this changeover and now energy supplies. For many decades now a lot of people in the national security circles have been concerned about our dependence on fossil fuels from a national security perspective. It introduces this dependency on the Middle East and all the wars that we've been involved in that region over a number of decades now.

But the last thing you want from our perspective at Silverado is to change out that dependence on the Middle East for dependence on China. Suddenly, we're all going solar, but the solar panels have been built in China. So that would be disastrous. We need to be thinking about how we transition to green energy and renewables. Make sure that the jobs, the national security supply chain are still located ideally here in the United States. If not all here, that it's dependent on our allies and not countries that are diametrically opposed to our interests like China.

 

Leading Edge Nodes

Eric: We're seeing progress on the semiconductor fabs from Intel and AMD and others, which are looking to expand. Pat Gelsinger, CEO of Intel said that they'll have some capability coming online in 2023 at this point.

Dmitri: The problem is actually much broader than that. Everyone's sort of focused on the advanced leading edge nodes. The five nanometer, three nanometer technologies that produce the most advanced chips. Those are the chips that go into your phone, into your MacBook, they power cloud applications and the like. But actually when you think about it, the vast majority of the market, over 80% of the market is actually on the trailing edge. It's the 65-nanometer technology, the 28-nanometer technology. All of our weapon systems, all of our tanks, all of our battleships.

Eric: All of our cars. Dmitri: Aircraft carriers, missiles, they're not using the leading edge. They don't need a leading edge. They're using these old technologies. Eric: It takes too long to get it through the supply, through the acquisition process.

Dmitri: Look around your room right now. Literally almost everything in your room except for your phone and your laptop is going to use trailing edge chips. Your TV, your microwave, your fridge, your car, your planes that you're flying on, all of those are using older generation technologies. Right now, much of that supply chain comes from Taiwan. The challenge with that of course is that it's a single point of failure. Taiwan is situated 90 miles off the coast of China. China over the last couple of years have been extremely belligerent towards Taiwan. There's a great concern about an invasion.

 

[17:12] Dmitri Alperovitch Imagines China Invasion

Dmitri: Imagine a situation where China invades and either takes over those fabs or those fabs get destroyed in the course of invasion. That would be disastrous for us. It would be disastrous for the world. We would lose a massive supply of chips that is not easy to reconstitute. We have a huge shortage of chips right now that you've just talked about and we don't even have any fabs down at the moment. Eric: It's just COVID-related.

Dmitri: Imagine if that capacity went offline, it would literally throw the world into the stone ages for a number of years. You wouldn't be able to get maintenance parts for planes. Planes would have to start being grounded. No new cars, no new microwaves. You can't sell homes because you don't have HVAC systems. All of the repercussions would be absolutely disastrous. By the way, it's not even a concern just about China invading Taiwan. You have earthquake scenarios that could impact those fabs, typhoons. There's a huge water shortage in Taiwan right now because of droughts. The semiconducting industry is incredibly dependent on water. You have a huge problem there. That is one of the reasons why Congress is working to pass this CHIPS Act.

Hopefully they'll pass it this year. It's going to allocate $52 billion to domestic production of chips here in this country. Even more importantly, $52 billion is a drop in the bucket compared to the investments that we need. We need to invest hundreds of billions of dollars. The way you get there is by working with allies, because guess who noticed that CHIPS Act? Europeans did, the Japanese did, the South Koreans did, the Israelis did.
 

CHIPS Act

Dmitri: They all want to invest in their productions as well, which is fantastic. We need more supply of semiconductors from reliable allies where we don't have concerns about either weather-related disruptions or political, geopolitical disruptions. Industry is also committed to investing in the CHIPS Act. Gelsinger from Intel is committed to investing $20 billion. TSMC is going to invest over $100 billion.

It’s really important to keep investing together with industry, together with allies. Huge amounts of money to keep production of both the leading edge, the latest generation chips, but also the trailing edge. That is one of the most critical issues from a national security perspective we can possibly have right now.

Eric: You mentioned TSMC, which is a Taiwanese company, Foxconn is buying capability in the States. If we have a China Taiwan problem, are you okay that TSMC and Foxconn,Taiwanese and Chinese companies are building that capability in the states? Does it need to be a U.S. company?

Dmitri: It depends on how they build it. The traditional model that TSMC has had is to build a fab in the United States, they're talking about building one in Arizona right now. All of the engineering expertise, the process engineering expertise is still going to be in Taiwan. That's a problem if there’s an invasion.

Eric: The expertise doesn't escape. Dmitri: You don't want to have complete dependency on Taiwan there. It is important to figure out how we invest in making sure that they are investing in education. Training for people here or wherever they're building fabs to make sure that you don't have that dependency.

 

How Dmitri Alperovitch Is Moving the Needle

Eric: How is Silverado Policy Accelerator getting involved? How are you moving the needle on these critical national issues?

Dmitri: We are deeply engaged with Congress. We're deeply engaged with that administration on the details of thinking, how do we both invest more? The other piece of this is, how do we stop China? Exports controls are critical. We need to make sure that they don't get to win this race. If they do, it'll be devastating for our national security. It'll be devastating for world security.

We need to think about how we prevent them from getting these advanced technologies. Make sure that if we're going to spend money, if we're going to give industry billions of dollars, which is controversial in Congress, I'll be honest with you. Some of these companies are some of the biggest companies on the planet. There's a lot of pushback on both the Republican, Democratic sides of, "Why are we giving them tens of billions of dollars more?" We need to make sure that their string's attached. They can't turn around and ship that technology to China or do joint ventures with China.

There's a story today in the Wall Street Journal, talking about some of America's leading firms. How venture capitalist operations have been investing massively in the semiconductor businesses in China. Well, that is insane, we should not be doing that. We should not be letting them do that. So we absolutely need to look at our add-on investments. Make sure that the technology that we are funding with our taxpayer dollars is not going to go over to China.

 

A Near Peer Level Adversary

Eric: Even in our investment dollars. If you're in a mutual fund, you probably have no idea how much is being invested in Chinese technology on your behalf. But it's American money. I think about that all the time. There's not a lot you can do. But there’s a tremendous amount of American investment going into China to prop up at least a near peer level adversary whether we're in outright conflict or not.

Dmitri: One of the anecdotes that really hit me in the story in the Wall Street Journal today is that one of the companies that our venture capitalist firms are funding. The CEO of that company in China is literally saying that we are critical to making sure that China has complete independence on foreign sources of semiconductors for the leading chips. Why would money be funding now? The fund managers can make money, that's why.

But we should be thinking about our national security. Imagine in 1930s, U.S. companies were funding Nazi, Germany. We know some of them unfortunately did, Henry Ford and some others. But we're doing this on a scale now that's just completely unimaginable. We are working hard with Congress. We're working hard with the administration to think about how, if this bill does pass, that money goes where it needs to go to make sure we get the biggest bang for the buck.

We are going to have an event on December 7th at 9:00 AM Eastern. A virtual event in which all of the audience is invited to participate with a couple of leading Congress people. We’ll tackle the CHIPS act and the need to secure our semiconductor supply chain. It's really a super critical issue.

 

Dmitri Alperovitch Needs a Lot of Support

Dmitri: We are trying to raise awareness. We're trying to create a lot of support for the need to make sure that we win this race.

Eric: Rachel, I know you want to get to the New York Times op-ed piece. It will have a whole lot of discussion around what's happened since then.

Rachel: My feelings on this are offensive strategies. From your Rachel Maddow interview and Krebs' Release the hounds. I'd love for you to share your perspective here.

Dmitri: First of all, Release the Hounds is actually Patrick Gray from Risky Business. That's his phrase he's been advocating for a few years, the need to push an offense against these ransomware groups. I wrote an op-ed in the New York Times outlining that strategy, which is critical. It's a follow-up to some of the op-eds that we've discussed on the previous podcast that I had in the Washington Post.

It talks about the need to confront Russia in a serious way. I still fundamentally believe that you will not be able to solve this ransomware issue without Russia, but in the absence of Russia, so far they don't appear to have done much. I'm rapidly losing hope that they will. But what can we do? We shouldn't just give up.

That offensive strategy is really critical to slowing these groups down, impacting the operations. It’s causing disarray and distrust among the group members. So what can that look like? We just had a story in the Washington Post that Ellen Nakashima broke about a Cyber Command operation that was conducted against REvil. One of the top ransomware groups that hit CISA in July that hit JBS Food Processor in June.

 

[26:47] From DarkSide to BlackMatter

Eric: Weren't they part of DarkSide?

Dmitri: No DarkSide is separate. DarkSide rebranded themselves as BlackMatter. They recently shut down as well. They're getting a lot of pressure, but the important thing is that we're starting to launch these offensive operations. We need to focus a lot on the psychological impact. It's not enough just to start shutting down their websites or servers. They're going to just reconstitute them. If you can just get them to feel like someone is watching their back. Imagine you're a criminal, even in Russia, suddenly you get a text message on your phone. It has a picture of your passport and your travel itinerary. That would be pretty scary. Big brother is watching.

Eric: Your Interpol record where they're coming after you or something like that.

Dmitri: Some of those psychological elements can have a huge effect. A lot of these guys have already made a lot of money, tens of millions of dollars. If they think that the full power of the U.S. intelligence community is coming after them, that's a scary proposition. It may drive them to say, "You know what? We've made enough time to shut downtime to diversify into other sources of business," hopefully legitimate business.

Eric: Like street crime or something a little better.

Dmitri: Those things are really important, but also because these are not lone-wolf operations. These are groups that are doing them. A lot of them don't even know each other in their personal lives. They don't even know each other's name, so it's easy to cause distrust. Imagine if we steal money from one member of the group, but blame it on another member of the group.

 

Start Thinking Creatively

Dmitri: There are tensions that it would cause within the group membership. We need to start thinking creatively about this problem and think about what would impact them the most. Oftentimes, unfortunately in the U.S. government, we tend to think about what we can do versus what we should do. This is the one area where it's really important to take the view of the adversary. See what is going to be most impactful to them, and focus our resources on them.

Eric: We have seen a couple of arrests of REvil personnels this week.

Rachel: Some money seized, 6.1 million.

Eric: That was this week. We're extraditing at least one of the guys arrested this week. The Polish government, the Canadian Mounties, Romanian national police were involved. It's definitely more than just the United States that's getting involved in this. When you mentioned the Cybercom component to it, that was really interesting to me.

If you think back to Operation Glowing Symphony, they went after ISIS a couple of years ago, going after these ransomware groups. You always think of Cyber Command as a national asset from a military perspective. But they're going after criminals here who are attacking American infrastructure. I have for a long time said, if the Russian sent bombers over the United States, the Air Force would respond.

If they put ships off our coast, the Navy would be there. We're starting to see Cyber Command respond when they put cyber capabilities into the United States that impact us in this conflict we're in right now.

Dmitri: I'm glad as an army guy you didn't dis our Army, Air Force, and Navy about their ability to actually defend ourselves.

 

Cyber Command Is Getting Active

Eric: I try. The army will be there, I know. But Cyber Command is getting active is what it looks like.

Dmitri: It is. General Nakasone has been so public on this that even a year ago they would have been. He's been very clear that a year ago the thinking was, "Ransomware, that's a criminal problem. Law enforcement will deal with it." Now post-colonial, everything has changed. You can impact the energy supplies on the East Coast by shutting down a pipeline of food supplies by shutting down a meat processor and so forth.

It has become a critical national security concern. The military has to defend us against those types of threats. It's fantastic that they've changed their modus operandi on this. It is fantastic that they're getting to the fight. I want them to be more creative in how they're thinking about this problem. Not just as the saying goes, "To hammer everything that looks like a nail."

If we have the ability to shut down websites, let's not just do that. We have that ability. Let's think about the impact it will have and whether it will achieve the objectives that we want. Eric: And creating that distrust. I know you've talked about that before. But I love that approach, because then they don't know what's happening.

Dmitri: I'll give you an example. The REvil group went offline in the last few weeks. Why did they go offline? I have a piece coming out in the Law Fair in the next few days on this, going through the study of this case. The Cyber Command operation and a foreign partner operation took place earlier in the year against REvil.

 

Cyber Offensive Operation

Dmitri: Then how REvil is responding, it's really the first time we have seen a cyber operation, an offensive operation against someone. There's real-time feedback from the perpetrator that is being attacked on how that operation is going from their perspective. They're posting in real-time on these underground forums what from their view they think is going on.

If you recall, after Kaseya REvil went offline for a few months, I actually explained this recently why they did that. One of the group members, who goes by the nickname, Unknown, not very imaginative, disappeared right after Kaseya. He went offline, no one heard a word from him and they panicked. They're like, "What is going on? Did Russian law enforcement crack down? Let's lay low until we can figure this out."

Two months later, they hear nothing from the guy. They also don't have any heat on them. They figure that maybe he wasn't arrested. Actually, they thought he had died. They're like, "Okay, let's go back to business." So in September they resume operations. Then in October, Cyber Command launches this offensive operation that shuts down traffic to their tour site, to their blog, with a list of victims. That actually causes them not to panic, but to look on their servers to figure out how Cyber Command is doing this.

Did someone compromise our infrastructure and realize that they were indeed compromised? Actually, not by Cyber Command according to Ellen Nakashima's reporting, but by a foreign partner early in the year. That's what got them to panic and say, "Wait a second." They're literally saying, "Someone is looking for us. This is too much heat. We're off, take care guys."

 

[33:47] What Dmitri Alperovitch Finds Really Fascinating

Dmitri: It was really fascinating that the Cyber Command operation, while not directly causing them to go offline, actually got them to realize that they're being hacked. That's what got them to be really scared of discovery, scared of losing their freedom. Their identities are being outed, and got them to shut down. We'll see if they stay shut down. It could be yet another case of, we'll go off for a couple of months and see if the heat dissipates. But at least it's a small victory that we've accomplished.

Eric: The person who decided to target Colonial Pipeline never expected the president of the United States to get involved in that ransomware attack. Probably a big mistake and his or her buddies were saying, "That was a big screw up, dumb arse." I imagine it went down somewhere like that with the Eastern European accents and everything.

But I can't imagine what it's like to be one of these cyber criminals where you think you have protection from the Russian government or whatever. You realize now that the U.S. government is hunting you. Cyber Command is looking into your life, or you don't even know. Maybe that's like Unknown disappearing. Did he ever resurface? That would freak me out. That's worse than us posting a picture of him in Guantanamo Bay or something, strung up on a torture rack.

The unknown of Unknown, the unknown whereabouts of Unknown would probably freak me out. Then Cyber Command is reaching into your systems and other things are happening. The lights are flickering, or you have hair falling out. After you wake up one morning you see some extra hair in your pillow.

 

Middle Aging

Eric: I would start to lose my mind by not knowing what's happening, not knowing what the U.S. is doing to me or anybody else.

Dmitri: It could just be middle aging.

Eric: That may be an effective technique.

Dmitri: I love you going all Don Rumsfeld on me, the known unknowns.

Eric: I wasn't trying to channel Mr. Rumsfeld. But seriously, not knowing in many cases what has happened, did he turn on us? Are we totally exposed?

Dmitri: The fear of the unknown is so powerful psychologically. If you think about the psychology of torture, the fear of torture is actually more powerful than the act itself. You don't know how bad it's going to be. Your mind goes in all sorts of directions that financially is even worse than any of the physical pain that you might experience. I'm not advocating torture, just for clarity here.

Eric: Cyber Command could get very creative. Rather than just leaving on their servers, a file that says, "Cyber Command was here and all their money is gone." Maybe just money disappearing randomly, and people disappearing. Creating that uncertainty, who took it, did the U.S. government take it, did the Russian government take it? Or did Vlad, my partner here who I haven't seen in three weeks for some reason take it?

Dmitri: Spreading rumors that people are collaborating with law enforcement, with the U.S. intelligence community. A lot can be done to get these guys really paranoid. They're already paranoid. To amplify it even further, we'll have a lot of disruption effects on their operations.

Eric: It's technology for defense, it's policy, but it's also these operations.

 

Cyber Psychology

Dmitri: Cyber psychology, I like Patrick's term on this. The other critical piece that we haven't talked about, but actually is super important is the cryptocurrency piece. Something that the U.S. government or the U.S. Department of Treasury has done in the last couple of weeks is sanctions against cryptocurrency exchanges. It sanctioned two of them, Suex and Moscow, and another one affiliated with Suex just this week.

That is really critical because ultimately these criminals are getting their cryptocurrency. They're getting their Bitcoins, getting them in arrows as ransom payments. But you know what, you can't yet buy a Lamborghini with Bitcoin. You can buy a lot of stuff now. But not yet a lot of the things you need. You can't buy food and so forth. They still need to convert that into fiat currency, convert it into dollars, or into euros. The exchanges are how they do this.

There's these exchanges that cater almost exclusively to criminal activity. With Suex, over half of all the transactions were illicit transactions, either cyber crime-related, drug trafficking, all sorts of nefarious things. By shutting down these nefarious actors with sanctions, the power of the U.S. global sanction regime, you can have huge effects on the ability of criminals to monetize their criminal activity.

This is something that I know the administration, that Anne Neuberger over at the White House is working very hard on. To make sure that we have an alliance of countries that all care about this ransom problem. That everyone can do more to enforce anti-money laundering regulations, your customer regulations, tracking down these nefarious exchanges, enforcing sanctions against them.

 

A Huge Swath of Criminal Activity

Dmitri: That would have a huge effect, not just on ransomware itself, but on a huge swath of criminal activity from tax evasion to money laundering and other forms of cybercrime.

Eric: But don't you need government involvement? If the Russian government doesn't get involved, can't they convert that into rubles and then into dollars? Obviously they'll pay a higher transaction fee, but they still have outlets to transact.

Dmitri: There's no question that without Russia we're not going to solve this problem. They're absolutely critical on many fronts. But we can do a lot even in the absence of Russian cooperation to make it really difficult and to lower the number of operations that can be conducted, the number of people that are doing it. We should be doing everything we can to make sure that our hospitals, our school districts, our police departments, our small businesses, our energy companies, and our water supply are not being hit on a daily basis by these criminals as they are today.

Eric: Putting defensive tools and operation is not the answer in and of itself. Dmitri: It’s part of the answer but it won't solve it.

Eric: The school system will never be able to protect themselves from the GRU or from ransomware artists.

Dmitri: Protagonist, yes. As I said in my New York Times op-ed, we will not defend ourselves out of this problem. That is very clear.

Eric: You also said, "Diplomacy with Russia, even if it succeeds, will not be sufficient." Dmitri: What I mean by that is that ransomware does not just emanate out of Russia. In fact, when you look at the arrests that have been made with these REvil affiliates, they were down in Romania.

 

[41:52] Dmitri Alperovitch Saw the Core Gangs

Dmitri: They were down in Kuwait, they were down in Poland, a Ukrainian national who resigned there. The affiliates themselves are in a lot of places. Now, the core gangs, many of them are still in Russia, but not all of them. We have now seen gangs out of Iran. We've seen gangs out of China. In fact, most of them are contractors for the Chinese government that are doing operations to steal our intellectual property on behalf of the Chinese government. On the side, they're engaging in ransomware attacks to put more cash in their pockets.

We've seen operations out of North Korea where it's the regime, in that situation that's actually doing these attacks to finance their missile programs and nuclear programs, and invade sanctions. You absolutely have to appreciate that this is broader than just Russia. Russia is a huge part of this problem. But even if, magically, tomorrow Putin decides to crack down and help us solve the ransomware problem in Russia, it will not solve all of the ransomware.

Eric: We still have other problems. Who's number two in your mind?

Dmitri: Probably Iran.

Eric: North Korea, for whatever reason, they've engaged in some ransomware operations. But they've been really focused on stealing cryptocurrency directly by targeting exchanges. They've been targeting banks as well. I'm waiting for when they go big into ransom, it's inevitable. But for whatever reason, they've kept it to a pretty low level so far.

Rachel: The diplomacy element is a really fascinating discussion, Dmitri. You've had people say, "Should we have a cyber UN?" Obviously, it seems like there's so many pathways here to address and no one's going to get us there. How do you see us getting ahead of this really?

 

Bilateral Diplomacy

Dmitri: I'm not in favor of using the UN, this comes down to bilateral diplomacy. It's about realizing that cyber cannot be disconnected from the core geopolitical concerns. Why is it Russia, China, Iran, North Korea that present all these challenges in cyber? Well, that's not an accident, because these are the primary geopolitical foes that we have. A variety of policies that their governments have that are antagonistic to ours, and vice versa from their perspective.

Cyber is just another tool in their arsenal to hit back at us. It’s an asymmetric tool that allows them to have oversized power over our economy and national security. Without appreciating that fact, we're not going to get anywhere.

When we are talking right now to the Russians on ransomware, you can bet that they're linking this to other issues like arms control, Ukraine, and many other things. If they're going to concede to us on this one issue, they're going to expect concessions from us in other areas. That's what I would do if I were in their shoes. So we need to realize that you can't just constrain yourself into a cyber dialogue.

Rachel: It's a very complex landscape, but I love all the things that you're doing to take action. I hope more people take that signal as well, because that's the only way. If we start getting more people into the industry, we need more education programs to get them to understand the geopolitical landscape in addition to the technical side. It's only going to start swaying more and more geopolitically. But I'm so excited for the Alperovitch Institute. Congratulations on getting that started.

 

Infusing Creativity

Eric: Getting out from the same old way we've always done things from a political perspective. Find ways to infuse creativity. Disappearing Mr. Unknown, having money just randomly, how do you get the average government policymaker to think outside of the box? We've got 200 plus years of diplomatic techniques. We've used and we've learned, some of them very effective, but this is a new world. Sanctions aren't the only answer. We turn to sanctions all the time, they're part of the answer.

Dmitri: They're mostly not effective, particularly the sanctions that we have done over the years. Sanctioning an intelligence officer or even a leader of an intelligence agency will do absolutely nothing. They're following the orders. They're not going to change their behavior one iota because we sanctioned them.

Eric: They're not going to St. Pete Beach for a vacation.

Dmitri: Sanction cryptocurrency. It’s really important and it's a great way to do sanctions. We need to think about the impact we're causing and not just feel good because we did something that was easy for us to do. Hopefully, people that are listening are engaged in this fight and are taking notes right now. If they want to contact me, please go to silverado.org and send us a note. Happy to talk more about the ideas we have on this front and many other fronts that we discussed.

Rachel: I learned so much, but we're only scratching the surface too. We have a limited amount of time to get into these really deep subjects. Thank you so much for sharing your insights. To all of our listeners, thanks for joining us again this week. Smash the subscribe button and we'll come right to your inbox every Tuesday.

 

About Our Guest

Dmitri Alperovitch, Co-Founder and Executive Chairman, Silverado Policy Accelerator

Dmitri Alperovitch is the Co-Founder and Executive Chairman of Silverado Policy Accelerator, a non-profit focused on advancing solutions to critical geopolitical and cybersecurity policy challenges. He is a Co-Founder and former CTO of CrowdStrike Inc. A renowned cybersecurity visionary and business executive, Alperovitch is a thought-leader on cybersecurity strategy and state tradecraft and has served as special advisor to the US Department of Defense.

He is also an active angel investor and Board Member of multiple high-growth technology companies. Alperovitch has been named as one of Fortune magazine’s 40 Under 40, MIT Technology Review’s Innovators under 35, Politico magazine's Politico 50 and Foreign Policy magazine’s Leading Global Thinker.