Nearly a decade ago, the United States began naming and shaming China for an onslaught of online espionage, the bulk of it conducted using low-level phishing emails against American companies for intellectual property theft.
On Monday, the United States again accused China of cyberattacks. But these attacks were highly aggressive, and they reveal that China has transformed into a far more sophisticated and mature digital adversary than the one that flummoxed U.S. officials a decade ago.
The Biden administration’s indictment for the cyberattacks, along with interviews with dozens of current and former American officials, shows that China has reorganized its hacking operations in the intervening years. While it once conducted relatively unsophisticated hacks of foreign companies, think tanks and government agencies, China is now perpetrating stealthy, decentralized digital assaults of American companies and interests around the world.
Hacks that were conducted via sloppily worded spearphishing emails by units of the People’s Liberation Army are now carried out by an elite satellite network of contractors at front companies and universities that work at the direction of China’s Ministry of State Security, according to U.S. officials and the indictment.
like Microsoft’s Exchange email service and Pulse VPN security devices, which are harder to defend against and allow China’s hackers to operate undetected for longer periods.
“What we’ve seen over the past two or three years is an upleveling” by China, said George Kurtz, the chief executive of the cybersecurity firm CrowdStrike. “They operate more like a professional intelligence service than the smash-and-grab operators we saw in the past.”
China has long been one of the biggest digital threats to the United States. In a 2009 classified National Intelligence Estimate, a document that represents the consensus of all 16 U.S. intelligence agencies, China and Russia topped the list of America’s online adversaries. But China was deemed the more immediate threat because of the volume of its industrial trade theft.
But that threat is even more troubling now because of China’s revamping of its hacking operations. Furthermore, the Biden administration has turned cyberattacks — including ransomware attacks — into a major diplomatic front with superpowers like Russia, and U.S. relations with China have steadily deteriorated over issues including trade and tech supremacy.
China’s prominence in hacking first came to the fore in 2010 with attacks on Google and RSA, the security company, and again in 2013 with a hack of The New York Times.
breach of the U.S. Office of Personnel Management. In that attack, Chinese hackers made off with sensitive personal information, including more than 20 million fingerprints, for Americans who had been granted a security clearance.
White House officials soon struck a deal that China would cease its hacking of American companies and interests for its industrial benefit. For 18 months during the Obama administration, security researchers and intelligence officials observed a notable drop in Chinese hacking.
After President Donald J. Trump took office and accelerated trade conflicts and other tensions with China, the hacking resumed. By 2018, U.S. intelligence officials had noted a shift: People’s Liberation Army hackers had stood down and been replaced by operatives working at the behest of the Ministry of State Security, which handles China’s intelligence, security and secret police.
Hacks of intellectual property, that benefited China’s economic plans, originated not from the P.L.A. but from a looser network of front companies and contractors, including engineers who worked for some of the country’s leading technology companies, according to intelligence officials and researchers.
It was unclear how exactly China worked with these loosely affiliated hackers. Some cybersecurity experts speculated that the engineers were paid cash to moonlight for the state, while others said those in the network had no choice but to do whatever the state asked. In 2013, a classified U.S. National Security Agency memo said, “The exact affiliation with Chinese government entities is not known, but their activities indicate a probable intelligence requirement feed from China’s Ministry of State Security.”
announced a new policy requiring Chinese security researchers to notify the state within two days when they found security holes, such as the “zero-days” that the country relied on in the breach of Microsoft Exchange systems.
arrested its founder. Two years later, Chinese police announced that they would start enforcing laws banning the “unauthorized disclosure” of vulnerabilities. That same year, Chinese hackers, who were a regular presence at big Western hacking conventions, stopped showing up, on state orders.
“If they continue to maintain this level of access, with the control that they have, their intelligence community is going to benefit,” Mr. Kurtz said of China. “It’s an arms race in cyber.”
China’s government ordered the country’s leading ride-hailing platform, Didi, removed from app stores for “serious” problems related to the collection and use of customer data, the latest blow by Beijing to the company, which went public on the New York Stock Exchange just this past week.
In its brief late-evening announcement on Sunday, China’s internet regulator, the Cyberspace Administration of China, did not explain what problems it had found, only that its decision had been based on information that was reported to it, then tested and verified. The regulator ordered Didi to correct the problems and to “earnestly safeguard the security of all users’ personal information.”
On Friday, the same regulator had issued another surprise evening announcement, saying that new user sign-ups on Didi would be suspended while the authorities conducted a “cybersecurity review.” The agency did not say what had prompted the review.
That announcement, made just two days into Didi’s life as a publicly traded business on Wall Street, sent the company’s share price falling by 5 percent on Friday.
fined a record $2.8 billion in April for antimonopoly violations. Soon after, China’s antitrust authority began investigating the food-delivery giant Meituan on similar grounds. Other major internet companies, including Didi and TikTok’s parent, ByteDance, have been summoned before regulators and ordered to “put the nation’s interests first.”
China’s internet regulator has also named hundreds of apps that it says collect personal data to excess or use it in improper ways. Among them are apps created by some of China’s most prominent internet companies, including ByteDance, Tencent and Baidu. But in those cases, the regulator has required only that the app makers fix the problems within a certain amount of time. It did not order mobile stores to remove the apps.
military threats to human rights concerns. Some were longstanding, others of newer vintage.
During the Cold War, the prospect of nuclear annihilation led to historic treaties and a framework that kept the world from blowing itself up. At this meeting, for the first time, cyberweapons — with their own huge potential to wreak havoc — were at the center of the agenda.
But Mr. Putin’s comments to the media suggested the two leaders did not find much common ground.
In addition to his denials that Russia had played a destabilizing role in cyberspace, he also took a hard line on human rights in Russia.
He said Mr. Biden had raised the issue, but struck the same defiant tone on the matter in his news conference as he has in the past. The United States, Mr. Putin said, supports opposition groups in Russia to weaken the country, since it sees Russia as an adversary.
“If Russia is the enemy, then what organizations will America support in Russia?” Mr. Putin asked. “I think that it’s not those who strengthen the Russian Federation, but those that contain it — which is the publicly announced goal of the United States.”
President Biden said on Wednesday that “I did what I came to do” in his first summit meeting with President Vladimir V. Putin of Russia.
Speaking after the summit in Geneva, Mr. Biden said the two leaders had identified areas of mutual interest and cooperation. But he said he had also voiced American objections to Russia’s behavior on human rights, and warned that there would be consequences to cyberattacks on the United States.
Any American president representing the country’s democratic values, Mr. Biden said, would be obliged to raise issues of human rights and freedoms. And so he said had discussed with Mr. Putin his concerns over the imprisonment of the Russian opposition leader Aleksei A. Navalny and warned there would be “devastating” consequences if Mr. Navalny were to die in prison.
Mr. Biden also brought up the detentions of two American citizens in Russia, Paul Whelan and Trevor Reed, he said.
On the issue of cybersecurity, Mr. Biden said he had argued that certain parts of the infrastructure need to be off limits to cyberattacks. He said he had provided Mr. Putin with a list of critical areas, like energy, that must be spared. Mr. Biden also said the two leaders had agreed to enlist experts in both countries to discuss what should remain off limits and to follow up on specific cases.
“We need to have some basic rules of the road,” Mr. Biden told reporters after the summit.
And if Russia continues to violate what he called the basic norms of responsible behavior, he said, “We will respond.”
Mr. Biden made clear that, during his discussions with Mr. Putin, there were no threats, no talk of military intervention and no mention of what specific retaliation the United States would take in such cases. But Mr. Biden said that the United States was fully capable of responding with its own cyberattacks —“and he knows it.”
Mr. Biden said “there’s much more work to do,” but declared over the course of his weeklong European trip, he had shown that “the United States is back.”
He also said Russia stood to lose internationally if it continued to meddle in elections. “It diminishes the standing of a nation,”Mr. Biden said.
President Vladimir V. Putin on Wednesday repeated well-worn denials of Russian mischief and tropes about American failings, as he spoke to the press after his first summit with President Biden.
But between those familiar lines, he left the door open to deeper engagement with Washington than the Kremlin had been willing to entertain in recent years. On issues like cybersecurity, nuclear weapons, diplomatic spats and even prisoner exchanges, Mr. Putin said he was ready for talks with the United States, and he voiced unusual optimism about the possibility of achieving results.
“We must agree on rules of behavior in all the spheres that we mentioned today: That’s strategic stability, that’s cybersecurity, that’s resolving questions connected to regional conflicts,” Mr. Putin said at a nearly hourlong news conference after the summit. “I think that we can find agreement on all this — at least I got that sense given the results of our meeting with President Biden.”
Mr. Putin’s focus on “rules of behavior” sounded a lot like the “guardrails” that American officials have said they hope to agree on with Russia in order to stabilize the relationship. “Strategic stability” is the term both sides use to refer to nuclear weapons and related issues.
To be sure, there is no guarantee that the United States and Russia will make progress on those fundamental issues, and American officials fear Russian offers of talks could be efforts to tie key questions up in committees rather than set clear red lines. But in recent years, substantive dialogue between the two countries has been rare, making Wednesday’s promises of new consultations significant.
But Mr. Putin fell back on familiar Kremlin talking points to bat away criticisms, pointing to supposed human rights violations in the United States and denying Russian complicity in cyberattacks. He also refused to budge in response to questions over his repression of dissent inside Russia and the imprisonment of the opposition leader Aleksei A. Navalny. As he has said in the past, he repeated that the Kremlin does not see domestic politics as up for negotiation or discussion.
“If you ignore the tiresome whataboutism, there were some real outcomes,” said Samuel Charap, a senior political scientist at the RAND Corporation in Arlington, Va. “Russia is not in the habit of confessing its sins and seeking forgiveness. Particularly under Putin.”
The main outcomes to Mr. Charap were the agreement on U.S.-Russian dialogue on strategic stability and cybersecurity, as well as the agreement for American and Russian ambassadors to return to their posts in Moscow and Washington. Mr. Putin also said there was “potential for compromise” on the issue of several Americans imprisoned in Russia and Russians imprisoned in the United States.
To tout his renewed willingness to talk — while acknowledging the uncertainty ahead — Mr. Putin quoted from Russian literature.
“Leo Tolstoy once said: ‘There is no happiness in life — there are only glimmers of it,’” Mr. Putin said. “I think that in this situation, there can’t be any kind of family trust. But I think we’ve seen some glimmers.”
After President Biden met his Russian counterpart on Wednesday, the two men did not face the news media at a joint news conference.
President Vladimir V. Putin of Russia spoke first, followed by Mr. Biden, in separate news conferences, a move intended by the White House to deny the Russian leader an international platform like the one he received during a 2018 summit in Helsinki with President Donald J. Trump.
“We expect this meeting to be candid and straightforward, and a solo press conference is the appropriate format to clearly communicate with the free press the topics that were raised in the meeting,” a U.S. official said in a statement sent to reporters this weekend, “both in terms of areas where we may agree and in areas where we have significant concerns.”
Top aides to Mr. Biden said that during negotiations over the meetings the Russian government was eager to have Mr. Putin join Mr. Biden in a news conference. But Biden administration officials said that they were mindful of how Mr. Putin seemed to get the better of Mr. Trump in Helsinki.
At that news conference, Mr. Trump publicly accepted Mr. Putin’s assurances that his government did not interfere with the 2016 election, taking the Russian president’s word rather than the assessments of his own intelligence officials.
The spectacle in 2018 drew sharp condemnations from across the political spectrum for providing an opportunity for Mr. Putin to spread falsehoods. Senator John McCain at the time called it “one of the most disgraceful performances by an American president in memory.”
Piggybacking on the attention to Russia with the Biden-Putin meeting on Wednesday, the European Union issued a long and pessimistic report on the state of relations between Brussels and Moscow.
“There is not much hope for better relations between the European Union and Russia anytime soon,” said Josep Borrell Fontelles, the E.U.’s foreign policy chief, introducing the report. It was prepared in advance of a summit meeting of European leaders next week at which the bloc’s future policy toward Russia will be on the agenda.
That discussion has been delayed several times by other pressing issues, including the pandemic.
“Under present circumstances, a renewed partnership between the E.U. and Russia, allowing for closer cooperation, seems a distant prospect,” Mr. Borrell said in a statement, introducing the 14-page report prepared by the European Commission.
The report urges the 27-member bloc to simultaneously “push back” against Russian misbehavior and violations of international law; “constrain” Russia’s efforts to destabilize Europe and undermine its interests, especially in the Western Balkans and neighboring post-Soviet states; and “engage” with Russia on common issues like health and climate, “based on a strong common understanding of Russia’s aims and an approach of principled pragmatism.”
The ambition, Mr. Borrell said, is to move gradually “into a more predictable and stable relationship,” a similar goal to that expressed by the Biden administration.
Mr. Borrell had an embarrassing visit to Moscow in February as he began to prepare the report. He stood by without reacting in a joint news conference as his Russian counterpart, Foreign Minister Sergey Lavrov, called the European Union an “unreliable partner.”
As they were meeting, Moscow announced that diplomats from Germany, Poland and Sweden had been expelled for purportedly participating in “illegal protests” to support the jailed opposition politician Aleksei A. Navalny, a fact Mr. Borrell discovered only later through social media.
He defended the trip, telling the European Parliament that he “wanted to test whether the Russian authorities are interested in a serious attempt to reverse the deterioration of our relations and seize the opportunity to have a more constructive dialogue. The answer has been clear: No, they are not.”
Relations have worsened since then with overt Russian support for a crackdown against democracy and protests in Belarus.
Even before the summit between the United States and Russia got underway on Wednesday, Ukrainian officials played down the prospect for a breakthrough on one of the thornier issues on the agenda: ending the war in eastern Ukraine, the only active conflict in Europe today.
Ukraine said it would not accept any arrangements made in Geneva between President Biden and President Vladimir V. Putin on the war, which has been simmering for seven years between Russian-backed separatists and the Ukrainian Army, officials said.
Before the summit’s start, Dmitri S. Peskov, the Kremlin’s spokesman, said that Ukraine’s entry into NATO would represent a “red line” for Russia that Mr. Putin was prepared to make plain on Wednesday. Mr. Biden said this week that Ukraine could join NATO if “they meet the criteria.”
The Ukrainian government has in recent years dug in its heels on a policy of rejecting any negotiation without a seat at the table after worry that Washington and Moscow would cut a deal in back-room talks. The approach has remained in place with the Biden administration.
“It is not possible to decide for Ukraine,” President Volodymyr Zelensky said on Monday. “So there will be no concrete result” in negotiations in Geneva, he said.
Ukraine’s foreign minister drove the point home again on Tuesday.
“We have made it very clear to our partners that no agreement on Ukraine reached without Ukraine will be recognized by us,” Dmytro Kuleba, the foreign minister, told journalists. Ukraine, he said, “will not accept any scenarios where they will try to force us to do something.”
Ukraine will have a chance for talks with the United States. Mr. Biden has invited Mr. Zelensky to a meeting in the White House in July, when a recent Russian troop buildup along the Ukrainian border is sure to be on the agenda.
Russia massed more than 100,000 troops along the Ukrainian border this spring. Despite an announcement in Moscow of a drawdown, both Ukrainian and Western governments say that only a few thousand soldiers have departed, leaving a lingering risk of a military escalation over the summer.
With Donald J. Trump in Osaka, Japan, in 2019.
With Barack Obama in New York in 2015.
With George W. Bush in Washington in 2005.
With Bill Clinton in Moscow in 2000.
If President Biden wanted an example of a summit that did not go according to plan, he needed only to look back to 2018.
That year, President Donald J. Trump flew to Helsinki to meet President Vladimir V. Putin of Russia, the first face-to-face meeting between the two and a highly anticipated moment given the then-ongoing investigations of Russian interference and cooperation with Mr. Trump’s 2016 presidential campaign.
It might have been a chance for Mr. Trump to push back against those accusations by offering a forceful denunciation of Russia’s actions in private, and again during a joint news conference by the two men.
Instead, standing on the stage by Mr. Putin’s side, Mr. Trump dismissed the conclusions by U.S. intelligence agencies about Russian meddling and said, in essence, that he believed Mr. Putin more than he did the C.I.A. and other key advisers
“They said they think it’s Russia,” Mr. Trump said. “I have President Putin; he just said it’s not Russia.” He added that he didn’t see any reason Russia would have been responsible for hacks during the 2016 election. “President Putin was extremely strong and powerful in his denial today.”
It was the kind of jaw-dropping assertion that U.S. administrations usually strive to avoid in the middle of highly scripted presidential summits. Critics lashed out at Mr. Trump for undermining his own government and for giving aid and comfort to an adversary. Even Republican allies of the president issued harsh denunciations.
“It is the most serious mistake of his presidency and must be corrected — immediately,” said Newt Gingrich, the former Republican House speaker and a staunch supporter of Mr. Trump.
There was nothing about the one day Helsinki summit that was normal. Mr. Putin and Mr. Trump were so chummy that the Russian president gave Mr. Trump a soccer ball to take home as a gift. Mr. Trump thanked him and bounced the ball to Melania Trump, the first lady, in the front row, saying he would take it home to give it to his son, Barron.
(Sarah Sanders, the White House press secretary at the time, later issued a statement saying that the ball — like all gifts — had been examined to make sure it had not been bugged with listening devices.)
In a statement issued as Mr. Biden headed to Europe last week, Mr. Trump once again called his meeting with Mr. Putin “great and very productive” and he defended supporting the Russian president over his intelligence aides.
“As to who do I trust, they asked, Russia or our ‘Intelligence’ from the Obama era,” he said in a statement. “The answer, after all that has been found out and written, should be obvious. Our government has rarely had such lowlifes as these working for it.”
The former president also took a cheap shot at his successor in the statement, warning him not to “fall asleep during the meeting.”
One thing was certain — Mr. Biden did not follow through on Mr. Trump’s request that when Mr. Biden met with Mr. Putin “please give him my warmest regards!”
In the United States, fireworks lit up the night sky in New York City on Tuesday, a celebration meant to demonstrate the end of coronavirus restrictions. California, the most populous state, has fully opened its economy. And President Biden said there would be a gathering at the White House on July 4, marking what America hopes will be freedom from the pandemic.
Yet this week the country’s death toll passed 600,000 — a staggering loss of life.
In Russia, officials frequently say that the country has handled the coronavirus crisis better than the West and that there have been no large-scale lockdowns since last summer.
But in the week that President Vladimir V. Putin met with Mr. Biden for a one-day summit, Russia has been gripped by a vicious new wave of Covid-19. Hours before the start of the summit on Wednesday, the city of Moscow announced that it would be mandating coronavirus vaccinations for workers in service and other industries.
“We simply must do all we can to carry out mass vaccination in the shortest possible time period and stop this terrible disease,” Sergey S. Sobyanin, the mayor of Moscow, said in a blog post. “We must stop the dying of thousands of people.”
It was a reversal from prior comments from Mr. Putin, who said on May 26 that “mandatory vaccination would be impractical and should not be done.”
Mr. Putin said on Saturday that 18 million people had been inoculated in the country — less than 13 percent of the population, even though Russia’s Sputnik V shots have been widely available for months.
The country’s official death toll is nearly 125,000, according to Our World in Data, and experts have said that such figures probably vastly underestimate the true tally.
While the robust United States vaccination campaign has sped the nation’s recovery, the virus has repeatedly confounded expectations. The inoculation campaign has also slowed in recent weeks.
Unlike many of the issues raised at Wednesday’s summit, and despite the scientific achievement that safe and effective vaccines represent, the virus follows its own logic — mutating and evolving — and continues to pose new and unexpected challenges for both leaders and the world at large.
The conflict in Syria — which has now raged for 10 years and counting — was on the meeting agenda for President Biden and President Vladimir V. Putin of Russia as they met on Wednesday.
Since the start of the war, Russia has supported President Bashar al-Assad and his forces, and in 2015 it launched a military intervention with ground forces in the country to prop up the then-flailing government. In the years since, government forces have regained control of much of the country, with the support of Russia and Iran, as Mr. al-Assad’s forced tamped down dissent and carried out brutal attacks against Syrian civilians.
The United States also became deeply involved in the conflict, backing Kurdish forces in the country’s north and conducting airstrikes in the fight against the Islamic State. It has maintained a limited military presence there. Both the United States and Russian forces have found themselves on opposite sides of the multifaceted conflict on numerous occasions.
After years of failed attempts at peace in Syria as the humanitarian toll has continued to mount, Lina Khatib, the director of the Middle East and North Africa Program at Chatham House, a British think tank, said the moment could be ripe for the two major powers to chart a path forward.
She said that “despite taking opposing sides in the Syrian conflict, there is potential for a US-Russian compromise,” and that the summit could be the best place to begin that process.
“The Biden administration must not waste the opportunity that the U.S.-Russian summit presents on Syria,” Ms. Khatib wrote in a recent piece before the meeting in Geneva. “While the focus of various U.S. government departments working on Syria is on the delivery of cross-border aid, fighting the Islamic State and planning an eventual exit for U.S. troops, all these problems are products of the ongoing conflict, and solving them requires a comprehensive strategy to end it.”
American and Russian reporters engaged in a shoving match on Wednesday outside the villa where President Biden and President Vladimir V. Putin of Russia were meeting, stranding much of the press outside when the two leaders began talking.
The chaotic scrum erupted moments after Mr. Biden and Mr. Putin shook hands and waved to reporters before closed-door meetings with a handful of aides.
President Guy Parmelin of Switzerland had just welcomed the leaders “in accordance with its tradition of good offices” to “promote dialogue and mutual understanding.”
But shortly after the two leaders entered the villa, reporters from both countries rushed the side door, where they were stopped by Russian and American security and government officials from both countries. There was screaming and pushing as both sides tried to surge in, with officials yelling for order.
White House officials succeeded in getting nine members of their 13-member press pool into the library where Mr. Biden and Mr. Putin were seated against a backdrop of floor-to-ceiling books, along with each of their top diplomats and translators. The two leaders had already begun to make very brief remarks before reporters were able to get in the room.
Inside, more scuffling erupted — apparently amusing to the two leaders — as Russian officials told photographers that they could not take pictures and one American reporter was shoved to the ground. The two leaders waited, at moments smiling uncomfortably, for several minutes before reporters were pushed back out of the room as the summit meeting began.
“It’s always better to meet face to face,” Mr. Biden said to Mr. Putin as the commotion continued.
Chaotic scenes are not uncommon when reporters from multiple countries angle for the best spot to view a world leader, often in cramped spaces and with government security and handlers pushing them to leave quickly.
But even by those standards the scene outside the villa in this usually bucolic venue was particularly disruptive. Russian journalists quickly accused the Americans for trying to get more people into the room than had been agreed to, but it appeared that the Russians had many more people than the 15 for each side that had been negotiated in advance.
“The Americans didn’t go through their door, caused a stampede,” one Russian reporter posted on Telegram.
In fact, reporters from both countries had been told to try to go through a single door, and officials for both countries at times were stopping all of the reporters from entering, telling them to move back and blocking the door.
When American officials tried to get White House reporters inside, the Russian security blocked several of them.
Wednesday’s Geneva summit got off to an auspicious start: President Vladimir V. Putin of Russia landed on time.
His plane landed at about 12:30 p.m., an hour before he was set to meet President Biden, who had arrived in Geneva the previous evening. Mr. Putin is known for making world leaders wait — sometimes hours — for his arrival, one way to telegraph confidence and leave an adversary on edge.
But this time Mr. Putin did not resort to scheduling brinkmanship.
The summit’s start was laced with delicate choreography: Mr. Putin arrived first, straight from the airport, and was greeted on the red carpet in front of a lakeside villa by President Guy Parmelin of Switzerland. About 15 minutes later, Mr. Biden arrived in his motorcade, shook hands with Mr. Parmelin and waved to reporters.
The Swiss president welcomed the two leaders, wishing them “fruitful dialogue in the interest of your two countries and the whole world.” He then stepped aside, allowing Mr. Biden and Mr. Putin to approach each other, smiling, and shake hands.
Russian officials on Wednesday sought to put a positive last-minute spin on the meeting.
“This is an extremely important day,” a deputy foreign minister, Sergey Ryabkov, told the RIA Novosti state news agency hours before the summit’s start. “The Russian side in preparing for the summit has done the utmost for it to turn out positive and have results that will allow the further deterioration of the bilateral relationship to be halted, and to begin moving upwards.”
Even before Mr. Putin landed, members of his delegation had arrived at the lakeside villa where the meeting is being held. They included Foreign Minister Sergey V. Lavrov, who joined Mr. Putin in a small-group session with Mr. Biden and Secretary of State Antony J. Blinken at the start of the summit; and Valery V. Gerasimov, Russia’s most senior military officer.
Police officers from across Switzerland — the words “police,” “Polizei” and “polizia” on their uniforms reflecting the country’s multilingual cantons — cordoned off much of the center of Geneva on Wednesday.
The city’s normally bustling lakefront was off limits, and the park where President Biden and Mr. Putin were meeting was protected by razor wire and at least one armored personnel carrier.
Inside the leafy Parc la Grange, overlooking Lake Geneva, the police directed journalists to two separate press centers — one for those covering Mr. Putin, one for those covering Mr. Biden. As the reporters waited for the leaders to arrive, a Russian radio reporter went on air and intoned that Lake Geneva had become “a lake of hope.”
A storied villa on the shores of Lake Geneva is sometimes described as having “a certain sense of mystery about it,” but there was little mystery this week about why the mansion and the park surrounding it were closed off.
Visitors were coming.
The Villa la Grange, an 18th-century manor house at the center of Parc la Grange, was the site of the meeting on Wednesday between President Biden and President Vladimir V. Putin.
Set in one of Geneva’s largest and most popular parks, the site is known not just for its lush gardens, but also for its role as a setting for important moments in the struggle between war and peace.
In 1825, the villa’s library — home to over 15,000 works and the only room to retain the villa’s original decorative features — hosted dignitaries of a European gathering that aimed to help Greeks fighting for independence.
Designed by the architect Jean-Louis Bovet and completed in 1773, the villa was owned by the Lullin family and primarily used as a summer residence before it was bought by a merchant, François Favre, in 1800.
It cemented its place in history in 1864, when it was the site of a closing gala for officials who signed the original 1864 Geneva Convention, presided over by Henri Dunant, a founder of the International Red Cross. An attempt to ameliorate the ravages of war on both soldiers and civilians, it set minimum protections for people who are victims of armed conflict.
After World War II, a new draft of the conventions was signed in an attempt to address gaps in international humanitarian law that the conflict had exposed.
In 1969, Pope Paul VI, who traveled to the park to celebrate Mass for a congregation of tens of thousands, pointed to the villa’s history as he spoke about the risk of nuclear conflagration.
He spoke about the opposing forces of love and hate and called for “generous peacemakers.”
MOSCOW — Just weeks before the ransomware gang known as DarkSide attacked the owner of a major American pipeline, disrupting gasoline and jet fuel deliveries up and down the East Coast of the United States, the group was turning the screws on a small, family-owned publisher based in the American Midwest.
Working with a hacker who went by the name of Woris, DarkSide launched a series of attacks meant to shut down the websites of the publisher, which works mainly with clients in primary school education, if it refused to meet a $1.75 million ransom demand. It even threatened to contact the company’s clients to falsely warn them that it had obtained information the gang said could be used by pedophiles to make fake identification cards that would allow them to enter schools.
Woris thought this last ploy was a particularly nice touch.
“I laughed to the depth of my soul about the leaked IDs possibly being used by pedophiles to enter the school,” he said in Russian in a secret chat with DarkSide obtained by The New York Times. “I didn’t think it would scare them that much.”
released a statement a week earlier saying it was shutting down. A customer support employee responded almost immediately to a chat request sent from Woris’s account by the Times reporter. But when the reporter identified himself as a journalist the account was immediately blocked.
Megyn Kelly pressed him in a 2018 interview on why Russia was not arresting hackers believed to have interfered in the American election, he shot back that there was nothing to arrest them for.
“If they did not break Russian law, there is nothing to prosecute them for in Russia,” Mr. Putin said. “You must finally realize that people in Russia live by Russian laws, not by American ones.”
After the Colonial attack, President Biden said that intelligence officials had evidence the hackers were from Russia, but that they had yet to find any links to the government.
“So far there is no evidence based on, from our intelligence people, that Russia is involved, though there is evidence that the actors, ransomware, is in Russia,” he said, adding that the Russian authorities “have some responsibility to deal with this.”
This month, DarkSide’s support staff scrambled to respond to parts of the system being shut down, which the group attributed, without evidence, to pressure from the United States. In a posting on May 8, the day after the Colonial attack became public, the DarkSide staff appeared to be hoping for some sympathy from their affiliates.
“There is now the option to leave a tip for Support under ‘payments,’” the posting said. “It’s optional, but Support would be happy :).”
Days after the F.B.I. publicly identified DarkSide as the culprit, Woris, who had yet to extract payment from the publishing company, reached out to customer service, apparently concerned.
“Hi, how’s it going,” he wrote. “They hit you hard.”
It was the last communication Woris had with DarkSide.
Days later, a message popped up on the dashboard saying the group was not exactly shutting down, as it had said it would, but selling its infrastructure so other hackers could carry on the lucrative ransomware business.
“The price is negotiable,” DarkSide wrote. “By fully launching an analogous partnership program it’s possible to make profits of $5 million a month.”
President Biden and President Vladimir V. Putin of Russia have agreed to meet on June 16 in Geneva for a face-to-face encounter that comes at a time of fast-deteriorating relations over Ukraine, cyberattacks and a raft of new nuclear weapons Mr. Putin is deploying. The summit is the first in-person meeting between the two leaders since Mr. Biden became president.
The one-day meeting is expected to focus on ways to restore predictability and stability to a relationship that carries a risk of nuclear accident, miscalculation and escalation. Geneva was also the site of the 1985 summit between Mikhail Gorbachev, the Soviet leader, and Ronald Reagan that was focused on the nuclear arms race.
The meeting comes at the worst point in Russian-American relations since the fall of the Soviet Union about 30 years ago. To say that the two leaders have a tense relationship is an understatement: Mr. Biden called Mr. Putin a “killer” in a television interview in March, leading Mr. Putin to dryly return the accusation and wish the new president “good health.”
Russia, despite its aggressive language toward the West, has shown optimism about the talks. For Mr. Putin, a high-profile presidential summit can help deliver what he has long sought: respect for Russia on the world stage. And he is sure to repeat his message that the United States must respect Russian interests — especially inside Russia, where the Kremlin claims Washington is trying to undermine Mr. Putin’s rule, and in Eastern Europe.
new round of financial sanctions against the country.
That list includes the prosecution and jailing of Aleksei A. Navalny, the opposition leader Mr. Putin’s intelligence services tried to kill with a nerve agent. And Mr. Biden plans to spend considerable time on cybersecurity in hopes of limiting the rising tide of cyberattacks directed at the United States.
Such attacks have dogged Mr. Biden since December, with the disclosure of SolarWinds, a sophisticated hack into network management software used by most of the United States’ largest companies and by a range of government agencies and defense contractors.
Mr. Biden vowed a full investigation and a proportionate response, though it is unclear whether those moves — which his aides said would be “seen and unseen” — are sufficient to deter the low-cost attacks.
Two weeks ago, Mr. Biden said he would raise with Mr. Putin the more recent ransomware attack on Colonial Pipeline, which shut down nearly half of the supply of gasoline, diesel and jet fuel to the East Coast. That attack was the work of a criminal group, the Biden administration said, but Mr. Biden accused Russia of harboring the ransomware criminals.
The summit will come at the end of Mr. Biden’s first international trip as president, to Europe, where he will meet with the Group of 7 allies — a group the Russians had been part of for several years when integration with the West seemed possible — and NATO allies.
WASHINGTON — Florida on Monday became the first state to regulate how companies like Facebook, YouTube and Twitter moderate speech online, by imposing fines on social media companies that permanently ban political candidates for statewide office.
The new law, signed by Gov. Ron DeSantis, is a direct response to Facebook and Twitter’s ban of former President Donald J. Trump in January. In addition to the fines for banning candidates, it also makes it illegal to prevent some news outlets from posting to their platforms in response to the contents of their stories.
Mr. DeSantis said that signing the bill meant that Floridians would be “guaranteed protection against the Silicon Valley elites.”
“If Big Tech censors enforce rules inconsistently, to discriminate in favor of the dominant Silicon Valley ideology, they will now be held accountable,” he said in a statement.
limiting the right to protest and providing immunity to drivers who strike protesters in public streets.
And the Republican push to make voting harder continues unabated after Mr. Trump’s relentless lying about the results of the 2020 election. Georgia Gov. Brian Kemp signed into law new restrictions on voting, as did Mr. DeSantis in Florida, and Texas Republicans are poised to soon pass the nation’s biggest rollback of voting rights.
The party-wide, nationwide push stems from Mr. Trump’s repeated grievances. During his failed re-election campaign, Mr. Trump repeatedly pushed to repeal Section 230 of the Communications Decency Act, which provides immunity to certain tech firms from liability for user-generated content, even as he used their platforms to spread misinformation. Twitter and Facebook eventually banned Mr. Trump after he inspired his supporters, using their platforms, to attack the Capitol on Jan. 6.
Republican lawmakers in Florida have echoed Mr. Trump’s rhetoric.
“I have had numerous constituents come to me saying that they were banned or de-platformed on social media sites,” said Representative Blaise Ingoglia during the debate over the bill.
But Democrats, libertarian groups and tech companies all say that the law violates the tech companies’ First Amendment rights to decide how to handle content on their own platforms. It also may prove impossible to bring complaints under the law because of Section 230, the legal protections for web platforms that Mr. Trump has attacked.
“It is the government telling private entities how to speak,” said Carl Szabo, the vice president at NetChoice, a trade association that includes Facebook, Google and Twitter as members. “In general, it’s a gross misreading of the First Amendment.” He said the First Amendment was designed to protect sites like Reddit from government intervention, not protect “politicians from Reddit.”
The Florida measure will likely be challenged in court, said Jeff Kosseff, a professor of cybersecurity law at the United States Naval Academy.
“I think this is the beginning of testing judges’ limits on these sorts of restrictions for social media,” he said.
A cyberattack on Ireland’s health system has paralyzed the country’s health services for a week, cutting off access to patient records, delaying Covid-19 testing, and forcing cancellations of medical appointments.
Using ransomware, which is malware that encrypts a victims’ data until they pay a ransom, the people behind the attack have been holding hostage the data at Ireland’s publicly funded health care system, the Health Service Executive. The attack forced the H.S.E. to shut down its entire information technology system.
In a media briefing on Thursday, Paul Reid, chief executive of the H.S.E., said the attack was “stomach churning.”
Caroline Kohn, a spokeswoman for a group of hospitals in the eastern part of the country, said the hospitals were forced to keep all of their records on paper. “We’re back to the 1970s,” she said.
upended the lives of cancer patients whose chemotherapy treatments had to be delayed or recreated from memory.
The attacks come on top of a similar ransomware attack on Colonial Pipeline, the American pipeline operation that supplies nearly half the gas, diesel and jet fuel to the East Coast. That attack prompted Colonial Pipeline to shut down its pipeline operations, triggering panic buying at the pump and gas and jet fuel shortages along the East Coast. Colonial Pipeline agreed to pay its extortionists, a different cybercriminal gang called DarkSide, nearly $5 million to decrypt its data.
The attack in Ireland has caused backlogs inside emergency rooms from Dublin to Galway, and patients have been urged to stay away from hospitals unless they require urgent care.
In many Irish counties, appointments have been canceled for radiation treatments, MRIs, gynecological visits, endoscopies and other health services. Health authorities said the attack was also causing delays in Covid-19 test results, but a vaccine appointment system was still working.
Irish health officials said Thursday that H.S.E. was working to build a new network, separate from the one that has been affected. Hundreds of experts have been recruited to rebuild 2,000 distinct systems. The effort is likely to cost tens of millions of euros, Mr. Reid said.
The H.S.E. said Thursday that it had been provided with a key that could decrypt the data being held for ransom, but it was unclear if it would work.
a separate legal fight by Microsoft — to take down a major botnet, a network of infected computers, called Trickbot, that served as a major conduit for ransomware.
In the weeks that followed those efforts, cybercriminals said they planned to attack more than 400 hospitals. The threat caused the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency to warn health care operators to improve their protection from ransomware.
Ransomware groups continue to operate with relative immunity in Russia, where government officials rarely prosecute cybercriminals and refuse to extradite them. In response to the Colonial Pipeline episode last week, President Biden said Russia bore some responsibility for ransomware attacks because cybercriminals operate within its borders.
Adam Meyers, vice president of intelligence at CrowdStrike, the cybersecurity firm, said members of Wizard Spider, the group responsible for the attack on Ireland’s health systems, spoke Russian and researchers “have high confidence that they are Eastern European, likely Russian.”
Last month, the data of a school district in Florida was held hostage by Wizard Spider. Broward County Public Schools, the sixth largest school district in the United States, was hacked by cybercriminals who demanded $40 million in cryptocurrency. The criminals encrypted data and posted thousands of the schools’ information online after officials declined to pay.
Last December, the chip maker Advantech was also hit by Wizard Spider. Its data was posted to the so-called dark web after it refused to pay.
Some cyber insurance companies have covered the costs of ransom payments, calculating that the ransom payments are still cheaper than the cost of rebuilding systems and data from scratch. Regulators have started to pressure insurance companies out of paying ransom demands, arguing that they are only fueling more ransomware attacks and emboldening cybercriminals to make more lucrative demands.
AXA, the French insurance giant, said last week that it would no longer cover ransom payments. Within days of its announcement, AXA was hit with a ransomware attack that paralyzed information technology operations in Thailand, Malaysia, Hong Kong and the Philippines.
“This is just business as usual,” John Dickson, a cybersecurity expert at the San Antonio-based Denim Group, said in an interview Thursday. “These attacks should come as no surprise to anyone who has been paying attention.”
MELBOURNE, Australia — When Australian officials announced last week that the country was unlikely to fully reopen its borders until mid-2022 because of the coronavirus, the backlash immediately began building.
Critics warned that Australia risked becoming a “hermit nation.” Members of the Australian diaspora who had been struggling to return home for months saw it as another blow. The announcement drew dire warnings from business, legal and academic leaders.
Polls show that keeping the borders shut is a popular idea. But the opposition sees political opportunism on the part of the government. Others predict that a continued policy of isolationism means young people could “face a lost decade” because of prolonged economic loss and social dislocation.
Australian officials contend that the restrictions on international travel — some of the strictest in the world — are the main reason the country has been so successful in crushing the virus. The government is resisting pressure from many quarters to consider an earlier reopening, with Prime Minister Scott Morrison declaring on Tuesday, “I’m not going to take risks with Australians’ lives.”
report, titled “A Roadmap to Reopening,” of long-lasting damage to the country, and especially its young people.
“There is an illusion that Australia can go at it alone and be this Shangri-La in the South Pacific,” Tim Soutphommasane, a political expert at the University of Sydney and co-sponsor of the report, said in an interview. “But I think that’s a misguided view. Other countries that do have a vaccinated population will be able to attract skilled migrants, have their universities open up to international students.”
recent poll showing that three-quarters of Australians support it.
Many were barred for weeks from flying home from India because of the Covid crisis raging there. Tens of thousands have been separated from their families or have put their lives on hold as the country refused to budge on travel restrictions.
For Madeleine Karipidis, an Australian solicitor living in London, the travel hurdles have driven her to take a drastic step. She moved to London from her native Australia seven years ago. After a year of being unable to get home to see her family, and after the government announced the extended closure last week, she began the process of applying for British citizenship.
Government data released on Monday showed that 1.5 million vaccine doses — a quarter of those distributed — had not been used.
Vaccine complacency is also a growing concern, with some Australians seeing the perceived risks of a shot as outweighing the danger of getting sick from the coronavirus.
Still, the government predicts that most people will be vaccinated by the end of the year. But that in itself will not be enough to trigger the reopening of borders, Mr. Morrison has said, because it excludes “millions” of children and those who choose not to be vaccinated. The vaccines may also not be equipped to deal with new variants and mutations, he added.
For Owais Ahmed, an Australian permanent resident and a cybersecurity consultant, the border closure has put his life in limbo. His family and his fiancée are in Pakistan, and though he has been trying to leave Australia to see them, his requests for an exemption have been denied.
Mr. Ahmed said he had been happy to wait out the border closure last year, but that the extended lockdown now seemed more political than medical. His plans to get married and start a family in Australia have all been put on pause.
For years, government officials and industry executives have run elaborate simulations of a targeted cyberattack on the power grid or gas pipelines in the United States, imagining how the country would respond.
But when the real, this-is-not-a-drill moment arrived, it didn’t look anything like the war games.
The attacker was not a terror group or a hostile state like Russia, China or Iran, as had been assumed in the simulations. It was a criminal extortion ring. The goal was not to disrupt the economy by taking a pipeline offline but to hold corporate data for ransom.
The most visible effects — long lines of nervous motorists at gas stations — stemmed not from a government response but from a decision by the victim, Colonial Pipeline, which controls nearly half the gasoline, jet fuel and diesel flowing along the East Coast, to turn off the spigot. It did so out of concern that the malware that had infected its back-office functions could make it difficult to bill for fuel delivered along the pipeline or even spread into the pipeline’s operating system.
What happened next was a vivid example of the difference between tabletop simulations and the cascade of consequences that can follow even a relatively unsophisticated attack. The aftereffects of the episode are still playing out, but some of the lessons are already clear, and demonstrate how far the government and private industry have to go in preventing and dealing with cyberattacks and in creating rapid backup systems for when critical infrastructure goes down.
nearly $5 million in digital currency to recover its data, the company found that the process of decrypting its data and turning the pipeline back on again was agonizingly slow, meaning it will still be days before the East Coast gets back to normal.
seeks to mandate changes in cybersecurity.
And he suggested that he was willing to take steps that the Obama administration hesitated to take during the 2016 election hacks — direct action to strike back at the attackers.
“We’re also going to pursue a measure to disrupt their ability to operate,” Mr. Biden said, a line that seemed to hint that United States Cyber Command, the military’s cyberwarfare force, was being authorized to kick DarkSide off line, much as it did to another ransomware group in the fall ahead of the presidential election.
Hours later, the group’s internet sites went dark. By early Friday, DarkSide, and several other ransomware groups, including Babuk, which has hacked Washington D.C.’s police department, announced they were getting out of the game.
Darkside alluded to disruptive action by an unspecified law enforcement agency, though it was not clear if that was the result of U.S. action or pressure from Russia ahead of Mr. Biden’s expected summit with President Vladimir V. Putin. And going quiet might simply have reflected a decision by the ransomware gang to frustrate retaliation efforts by shutting down its operations, perhaps temporarily.
The Pentagon’s Cyber Command referred questions to the National Security Council, which declined to comment.
The episode underscored the emergence of a new “blended threat,” one that may come from cybercriminals, but is often tolerated, and sometimes encouraged, by a nation that sees the attacks as serving its interests.That is why Mr. Biden singled out Russia — not as the culprit, but as the nation that harbors more ransomware groups than any other country.
“We do not believe the Russian government was involved in this attack, but we do have strong reason to believe the criminals who did this attack are living in Russia,” Mr. Biden said. “We have been in direct communication with Moscow about the imperative for responsible countries to take action against these ransomware networks.”
With Darkside’s systems down, it is unclear how Mr. Biden’s administration would retaliate further, beyond possible indictments and sanctions, which have not deterred Russian cybercriminals before. Striking back with a cyberattack also carries its own risks of escalation.
The administration also has to reckon with the fact that so much of America’s critical infrastructure is owned and operated by the private sector and remains ripe for attack.
“This attack has exposed just how poor our resilience is,” said Kiersten E. Todt, the managing director of the nonprofit Cyber Readiness Institute. “We are overthinking the threat, when we’re still not doing the bare basics to secure our critical infrastructure.”
The good news, some officials said, was that Americans got a wake-up call. Congress came face-to-face with the reality that the federal government lacks the authority to require the companies that control more than 80 percent of the nation’s critical infrastructure adopt minimal levels of cybersecurity.
The bad news, they said, was that American adversaries — not only superpowers but terrorists and cybercriminals — learned just how little it takes to incite chaos across a large part of the country, even if they do not break into the core of the electric grid, or the operational control systems that move gasoline, water and propane around the country.
Something as basic as a well-designed ransomware attack may easily do the trick, while offering plausible deniability to states like Russia, China and Iran that often tap outsiders for sensitive cyberoperations.
It remains a mystery how Darkside first broke into Colonial’s business network. The privately held company has said virtually nothing about how the attack unfolded, at least in public. It waited four days before having any substantive discussions with the administration, an eternity during a cyberattack.
Cybersecurity experts also note that Colonial Pipeline would never have had to shut down its pipeline if it had more confidence in the separation between its business network and pipeline operations.
“There should absolutely be separation between data management and the actual operational technology,” Ms. Todt said. “Not doing the basics is frankly inexcusable for a company that carries 45 percent of gas to the East Coast.”
Other pipeline operators in the United States deploy advanced firewalls between their data and their operations that only allow data to flow one direction, out of the pipeline, and would prevent a ransomware attack from spreading in.
Colonial Pipeline has not said whether it deployed that level of security on its pipeline. Industry analysts say many critical infrastructure operators say installing such unidirectional gateways along a 5,500-mile pipeline can be complicated or prohibitively expensive. Others say the cost to deploy those safeguards are still cheaper than the losses from potential downtime.
Deterring ransomware criminals, which have been growing in number and brazenness over the past few years, will certainly be more difficult than deterring nations. But this week made the urgency clear.
“It’s all fun and games when we are stealing each other’s money,” said Sue Gordon, a former principal deputy director of national intelligence, and a longtime C.I.A. analyst with a specialty in cyberissues, said at a conference held by The Cipher Brief, an online intelligence newsletter. “When we are messing with a society’s ability to operate, we can’t tolerate it.”
Since the DarkSide account was opened in March, Elliptic said, it had received $17.5 million from 21 Bitcoin wallets, indicating the number of ransoms it had collected just this spring. Cybersecurity analysts assess that the group has been active since at least August, and has most likely used a number of different Bitcoin wallets to receive ransoms.
The intense scrutiny that followed the Colonial Pipeline attack has clearly unsettled ransomware groups. This week, the operators behind two major Russian-language ransomware platforms, REvil and Avaddon, announced strict new rules governing the use of their products, including bans on targeting government-affiliated entities, hospitals or educational institutions.
The administrator of XSS, a popular Russian-language cybercrime forum, announced an immediate ban on all ransomware activity on the forum, citing, among other things, the bad press associated with the industry. In a statement posted in the forum, the administrator called the attention a “critical mass of harm, nonsense, hype and noise,” saying even the spokesman for President Vladimir V. Putin of Russia had weighed in on the Colonial Pipe attack. (The spokesman, Dmitri S. Peskov, denied that the Kremlin had been involved in the attack on the pipeline.)
“The word ransom has become associated with a whole series of unpleasant things — geopolitics, blackmail, government cyberattacks,” the XSS administrator wrote. “This word has become dangerous and toxic.”
Even if DarkSide has shut down, the threat from ransomware has not passed. Cybercriminal networks often disband, regroup and rebrand themselves in an effort to throw off law enforcement, cybersecurity experts say.
“It’s likely that these ransomware operators are trying to retreat from the spotlight more than suddenly discovering the error of their ways,” said Mark Arena, Intel 471’s chief executive. “A number of the operators will most likely continue to operate in their own close-knit groups, resurfacing under different aliases and ransomware names.”
Indeed, DarkSide gave no indication that its members were getting out of the ransomware business or even letting victims currently infected with the group’s malware off the hook. In its statement, DarkSide said it would hand over its decryption tools to affiliates, giving these intermediaries, who were responsible for infecting computer systems with the group’s malicious software, the ability to negotiate ransoms with victims directly.
“You will be given decryption tools for all the companies that haven’t paid yet,” the statement read. “After that, you will be free to communicate with them wherever you want in any way you want.”