In recent weeks, the international spotlight has shone brightly on the latest development in the already tense relations between the United States and Russia, this following early reports that the Kremlin appears to have perpetrated one of the largest espionage attacks against the United States since the Cold War. Using sophisticated hacking tactics and techniques, the Russians were able to infiltrate several departments of the U.S. government and several of its associated entities, with the attack’s true scale and scope still relatively undetermined. All the more troubling for political officials and citizens alike is the fact that these attacks went undetected for upwards of six to nine months, beginning in the spring of 2020, despite billions upon billions of dollars being invested by the American government into both cyber-defensive and cyber-offensive capabilities over the past decade to counter potential moves of this variety by Russia and China, among others. A joint statement released by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Office of the Director of National Intelligence (ODNI) recently confirmed our worst fears that the hacking campaign is still ongoing, leaving many to speculate as to just how deep the roots of Russian involvement in the Americas run.

As Global RADAR has chronicled in the past, legitimate companies and individuals are being targeted and used without their knowledge to do the dirty work for cyber criminals at ever-increasing rates, powered by the growing generational shift to automation and web-based technologies. While new details about this strike are emerging daily, what is known right now is that this particular act of “cyberespionage” was carried out in part through a mass malware campaign using an unwitting U.S. IT management software company named SolarWinds. While the CISA has determined that the SolarWinds Orion software is not the only way hackers compromised a variety of online networks, approximately 18,000 SolarWinds customers – a fair percentage of which are employees of federal civilian agencies –were found to have installed these malicious updates onto their systems. This in turn led to the CISA issuing a rare Emergency Directive – only the fifth such injunction since Congress created the agency under the Cybersecurity Act in 2015 – instructing all federal civilian agencies to assess their respective networks for potential compromise and subsequently power down the use of any and all SolarWinds Orion products indefinitely.

Using the backdoor created by the malware, Russian hackers gained access to classified information held within various integral departments of the United States government. These include (but may not be limited to) the U.S. Commerce and Treasury Departments, the Department of Homeland Security and Department of State, and even the National Institute of Health. American political journalism firm Politico last week wrote that the Energy Department and National Secuirty Administration, both with direct ties to U.S. nuclear weapons programs, have evidence that the hackers also maliciously breached their networks, with early returns signaling that significant damage may have been done to the Federal Energy Regulatory Commission (FERC).² However, the Energy Department has announced that the impact of the attack has been isolated to business networks and “has not impacted the mission essential national security functions of the Department, including the National Nuclear Security Administration (NNSA),” which oversees the nation’s stockpile of nuclear weapons.³ In reviewing federal procurement records, the Wall Street Journal notes that the Pentagon and multiple branches of the armed services, including the Army and Navy, have purchased and installed the Orion product, obviously leaving their classified information susceptible as well.⁸ It goes without saying that these are among the most critical cogs in the federal government machine with regards to national defense. While the New York Times writes that “investigators have not discovered breaches into any classified systems, only unclassified systems connected to the internet” amongst the aforementioned parties, the intrusion nevertheless appears to be one of the largest in American history, with the thought of the shear amount of information accessed and potentially stolen creating a state of havoc in Washington.

Of course, the Russians have denied any involvement in the attack to date, with Russian ambassador to the United States Anatoly I. Antonov instead claiming that the recent stir was an “unfounded attempt by the U.S. media to blame Russia” for these cyberattacks.⁷ Secretary of State Mike Pompeo appeared to concede to Russia’s involvement in the hack based on a statement issued early last week where he vowed that the Trump Administration would continue to work to protect the sensitive information of government agencies and American businesses from falling into the hands of bad actors.⁸ Nevertheless, there are still many questions that have to be answered related to the recently uncovered attacks. Answers are expected to come by way of the new Cyber Unified Coordination Group (UCG), created by the FBI, CISA, and ODNI to coordinate a whole-of-government response to this significant cyber incident. Global RADAR will provide updates on new developments related to this case in the coming weeks.

Weekly Roundup

DOJ, FBI Investigating AML Breaches by Euro Banks

The United States Department of Justice (DOJ) and Federal Bureau of Investigation (FBI) have opened an investigation examining the respective roles of prominent European banks SEB, Swedbank and Danske Bank in breaches of current AML regulations and possible fraud. The government of Sweden has reportedly received requests for assistance from U.S. authorities on multiple occasions in relation to the major money-laundering scandal that shook the Baltic region dating back to 2018 for which these respective institutions have already faced local penalties. Reuters writes that “although the banks have admitted to probes by U.S authorities over the past year, [this] report is a reminder that the scandal could yield further – and potentially heftier – fines, after each lender was penalized by local regulators.”⁶

In what has been described as the largest money laundering schemes in European history, the embattled Danske Bank ultimately admitted to firsthand involvement in allowing suspicious payments of at least €200 billion ($243 billion) from multiple countries – including Russia – to flow through the doors of its Estonian branch without proper vetting between 2017-2015. The fallout from the allegations ultimately reached Sweden, with Swedbank being levied a fine of 4 billion Swedish crowns ($477 million) by the country’s primary financial regulator over flaws in its anti-money-laundering management in its Baltic operations and for willfully withholding pertinent information from investigators and the proper authorities. SEB was also hit with a fine of 1 billion Swedish crowns for similar compliance shortcomings related to the case.

Mexico’s Questionable Security Law Leads to AML Conundrum

 Last week, Mexican Congress passed a new national security law with the potential to cripple current cross-border efforts to curb money laundering through the drug trade. The law, which passed by a vote of 329 to 98 passed on December 14^th, effectively “strips foreign agents of diplomatic immunity and requires foreign officials in the country to share any intelligence they have obtained with Mexican officials.”¹ Reports have indicated that foreign agents will now be required to disclose all information they acquire when operating within Mexico, and must provide monthly reports regarding the scope of their general activities. While the law will apply to all countries with dealings in Mexico moving forward, many have viewed the move as direct retribution by the national government against that of the United States following the October arrest of former Mexican defense minister, General Salvador Cienfuegos, on drug trafficking and corruption charges.

Cienfuegos was ultimately released back to his home country in November, with Attorney General William Barr formally dropping all charges against the ex-commander in an effort to preserve cooperation efforts between the two North American countries. Unfortunately, it appears the damage had already been done, as the changes brought forth by the legislation provide a major blow to efforts of the Drug Enforcement Agency (DEA) and other U.S. law enforcement bodies with expansive operations in Mexico.

Following the announcement of the rapid progression of the proposed measure, AG Barr issued a statement of his own, noting that the U.S. is “troubled by legislation currently before the Mexican Congress, which would have the effect of making the citizens of Mexico and the United States less safe.”⁴ Barr continued, noting that such a law “can only benefit the violent transnational criminal organizations and other criminals that we are jointly fighting.”⁴

UK Regulator Fines Barclays $34.7 Million

 Arguably the United Kingdom’s (UK) top financial watchdog, the Financial Conduct Authority (FCA) hit Barclay Bank’s PLC-related units with a fine of £26 million ($34.7 million) last week over their improper treatment of certain classes of consumer credit customer. On December 15^th, the FCA announced that between April 2014 and December 2018, the group and its affiliates failed to follow its customers’ contact policies for customers who fell into arrears, failed to have appropriate conversations with customers to help understand the reasons for the arrears and also failed to properly understand customers’ circumstances leading it to offer unaffordable, or unsustainable, forbearance solutions.⁵ Each of these transgressions fell short of the FCA’s standards for “best practice”, which require firms to allow for proper consideration and potential forbearance when providing services to customers in arrears or difficult financial situations.

While Barclays identified its deficiencies in this respect in early 2014, they were not immediately rectified. Barclays later enacted a program that saw the firm contact each of the affected customers to determine potential compensation on a case-by-case basis for their lack of care and diligence at the time. The FCA took the creation of said program into account when deciding on the above-mentioned financial penalty.

Citations

1. Agren, David. “Mexico: New Security Law Strips Diplomatic Immunity from DEA Agents.”The Guardian, Guardian News and Media, 15 Dec. 2020.
2. Bertrand, Natasha, and Eric Wolff. “Nuclear Weapons Agency Breached amid Massive Cyber Onslaught.” POLITICO, POLITICO, 17 Dec. 2020.
3. Cohen, Zachary, et al. “US Cybersecurity Agency Warns Suspected Russian Hacking Campaign Broader than Previously Believed.” CNN, Cable News Network, 18 Dec. 2020.
4. de Cordoba, Jose, and Santiago Perez. “Mexico Passes Law Curbing Operations of Foreign Security Agents.” The Wall Street Journal, Dow Jones & Company, 15 Dec. 2020.
5. “FCA Fines Barclays £26 Million over Treatment of Customers in Financial Difficulty.” Financial Conduct Authority, 15 Dec. 2020.
6. Johnson, Simon, and Colm Fulton. “U.S. Investigation Report Hits SEB, Swedbank and Danske Bank Shares.”Reuters, Thomson Reuters, 15 Dec. 2020.
7. Sanger, David E., and Nicole Perlroth. “Billions Spent on U.S. Cyberdefenses Failed to Detect Giant Russian Hack.” The New York Times, The New York Times, 16 Dec. 2020.
8. Volz, Dustin, and Robert McMillan. “Suspected Russian Hack Said to Have Gone Undetected for Months.” The Wall Street Journal, Dow Jones & Company, 15 Dec. 2020.