BARCELONA, Spain — In the spring of 2019, an emissary of Catalonia’s top separatist leader traveled to Moscow in search of a political lifeline.
The independence movement in Catalonia, the semiautonomous region in Spain’s northeast, had been largely crushed after a referendum on breaking away two years earlier. The European Union and the United States, which supported Spain’s effort to keep the country intact, had rebuffed the separatists’ pleas for support.
But in Russia, a door was opening.
In Moscow, the emissary, Josep Lluis Alay, a senior adviser to the self-exiled former Catalan president Carles Puigdemont, met with current Russian officials, former intelligence officers and the well-connected grandson of a K.G.B. spymaster. The aim was to secure Russia’s help in severing Catalonia from the rest of Spain, according to a European intelligence report, which was reviewed by The New York Times.
recordings revealed a Russian plot to covertly finance the hard-right League party. In Britain, a Times investigation uncovered discussions among right-wing fringe figures about opening bank accounts in Moscow. And in Spain, the Russians have also offered assistance to far-right parties, according to the intelligence report.
Whether Mr. Alay knew it or not, many of the officials he met in Moscow are involved in what has become known as the Kremlin’s hybrid war against the West. This is a layered strategy involving propaganda and disinformation, covert financing of disruptive political movements, hacking and leaking information (as happened in the 2016 U.S. presidential election) and “active measures” like assassinations meant to erode the stability of Moscow’s adversaries.
It is unclear what help, if any, the Kremlin has provided to the Catalan separatists. But Mr. Alay’s trips to Moscow in 2019 were followed quickly by the emergence of a secretive protest group, Tsunami Democratic, which disrupted operations at Barcelona’s airport and cut off a major highway linking Spain to northern Europe. A confidential police report by Spain’s Guardia Civil, obtained by The Times, found that Mr. Alay was involved in the creation of the protest group.
Unit 29155, which has been linked to attempted coups and assassinations in Europe, had been present in Catalonia around the time of the referendum, but Spain has provided no evidence that they played an active role.
Many Catalan independence leaders have accused the authorities in Madrid of using the specter of Russian interference to tarnish what they described as a grass-roots movement of regular citizens. The referendum was supported by a fragile coalition of three political parties that quickly dissolved over disputes about ideology and strategy. Even as some parties pushed for a negotiated settlement with Madrid, Mr. Puigdemont, a former journalist with a Beatles-like mop of hair, has eschewed compromise.
Asked about the Russian outreach, the current Catalan government under President Pere Aragones distanced itself from Mr. Puigdemont.
railed against the “silence of the main European institutions.”
The European Union declared the Catalan independence referendum illegal. Russia’s position, by contrast, was more equivocal. President Vladimir V. Putin described the Catalan separatist drive as Europe’s comeuppance for supporting independence movements in Eastern Europe after the fall of the Soviet Union.
“There was a time when they welcomed the collapse of a whole series of governments in Europe, not hiding their happiness about this,” Mr. Putin said. “We talk about double standards all the time. There you go.”
In March 2019, Mr. Alay traveled to Moscow, just weeks after leaders of the Catalan independence movement went on trial. Three months later, Mr. Alay went again.
In Russia, according to the intelligence report, Mr. Alay and Mr. Dmitrenko met with several active foreign intelligence officers, as well as Oleg V. Syromolotov, the former chief of counterintelligence for the Federal Security Service, Russia’s domestic intelligence agency, who now oversees counterterrorism as a deputy minister at the Russian foreign ministry.
Mr. Alay denied meeting Mr. Syromolotov and the officers but acknowledged meeting Yevgeny Primakov, the grandson of a famous K.G.B. spymaster, in order to secure an interview with Mr. Puigdemont on an international affairs program he hosted on Kremlin television. Last year, Mr. Primakov was appointed by Mr. Putin to run a Russian cultural agency that, according to European security officials, often serves as a front for intelligence operations.
“Good news from Moscow,” Mr. Alay later texted to Mr. Puigdemont, informing him of Mr. Primakov’s appointment. In another exchange, Mr. Dmitrenko told Mr. Alay that Mr. Primakov’s elevation “puts him in a very good position to activate things between us.”
Mr. Alay also confirmed meeting Andrei Bezrukov, a decorated former officer with Russia’s foreign intelligence service. For more than a decade, Mr. Bezrukov and his wife, Yelena Vavilova, were deep cover operatives living in the United States using the code names Donald Heathfield and Tracey Foley.
It was their story of espionage, arrest and eventual return to Russia in a spy swap that served as a basis for the television series “The Americans.” Mr. Alay appears to have become close with the couple. Working with Mr. Dmitrenko, he spent about three months in the fall of 2020 on a Catalan translation of Ms. Vavilova’s autobiographical novel “The Woman Who Can Keep Secrets,” according to his encrypted correspondence.
Mr. Alay, who is also a college professor and author, said he was invited by Mr. Bezrukov, who now teaches at a Moscow university, to deliver two lectures.
Mr. Alay was accompanied on each of his trips by Mr. Dmitrenko, 33, a Russian businessman who is married to a Catalan woman. Mr. Dmitrenko did not respond to requests for comment. But Spanish authorities have monitored him and in 2019 rejected a citizenship application from him because of his Russian contacts, according to a Spanish Ministry of Justice decision reviewed by The Times.
The decision said Mr. Dmitrenko “receives missions” from Russian intelligence and also “does different jobs” for leaders of Russian organized crime.
A Political Tsunami
A few months after Mr. Alay’s trips to Moscow, Catalonia erupted in protests.
A group calling itself Tsunami Democratic occupied the offices of one of Spain’s largest banks, closed a main highway between France and Spain for two days and orchestrated the takeover of the Barcelona airport, forcing the cancellation of more than a hundred flights.
The group’s origins have remained unclear, but one of the confidential police files stated that Mr. Alay attended a meeting in Geneva, where he and other independence activists finalized plans for Tsunami Democratic’s unveiling.
Three days after Tsunami Democratic occupied the Barcelona airport, two Russians flew from Moscow to Barcelona, the Catalan capital, according to flight records obtained by The Times.
One was Sergei Sumin, whom the intelligence report describes as a colonel in Russia’s Federal Protective Service, which oversees security for Mr. Putin and is not known for activities abroad.
The other was Artyom Lukoyanov, the adopted son of a top adviser to Mr. Putin, one who was deeply involved in Russia’s efforts to support separatists in eastern Ukraine.
According to the intelligence report, Mr. Alay and Mr. Dmitrenko met the two men in Barcelona for a strategy session to discuss the independence movement, though the report offered no other details.
Mr. Alay denied any connection to Tsunami Democratic. He confirmed that he had met with Mr. Sumin and Mr. Lukoyanov at the request of Mr. Dmitrenko, but only to “greet them politely.”
Even as the protests faded, Mr. Puigdemont’s associates remained busy. His lawyer, Mr. Boye, flew to Moscow in February 2020 to meet Vasily Khristoforov, whom Western law enforcement agencies describe as a senior Russian organized crime figure. The goal, according to the report, was to enlist Mr. Khristoforov to help set up a secret funding channel for the independence movement.
In an interview, Mr. Boye acknowledged meeting in Moscow with Mr. Khristoforov, who is wanted in several countries including Spain on suspicion of financial crimes, but said they only discussed matters relating to Mr. Khristoforov’s legal cases.
By late 2020, Mr. Alay’s texts reveal an eagerness to keep his Russian contacts happy. In exchanges with Mr. Puigdemont and Mr. Boye, he said they should avoid any public statements that might anger Moscow, especially about the democracy protests that Russia was helping to disperse violently in Belarus.
Mr. Puigdemont did not always heed the advice, appearing in Brussels with the Belarusian opposition and tweeting his support for the protesters, prompting Mr. Boye to text Mr. Alay that “we will have to tell the Russians that this was just to mislead.”
GAZIANTEP, Turkey — In the 10 years since its popular uprising set off the Arab Spring, Tunisia has often been praised as the one success story to emerge from that era of turbulence. It rejected extremism and open warfare, it averted a counterrevolution, and its civic leaders even won a Nobel Peace Prize for consensus building.
Yet for all the praise, Tunisia, a small North African country of 11 million, never fixed the serious economic problems that led to the uprising in the first place.
It also never received the full-throated support of Western backers, something that might have helped it make a real transition from the inequity of dictatorship to prosperous democracy, analysts and activists say. Instead, at critical points in Tunisia’s efforts to remake itself, many of its needs were overlooked by the West, for which the fight against Islamist terrorism overshadowed all other priorities.
Now, as Tunisians grapple with their latest upheaval, which began when President Kais Saied dismissed the prime minister and suspended Parliament over the weekend, many seem divided on whether to condemn his actions — or embrace them.
terrorism and the pandemic, Mr. Kaboub said.
overthrew the country’s authoritarian president of 23 years, Zine el-Abidine Ben Ali.
But Western officials were obsessively focused on the Islamists — namely the Ennahda, or Renaissance, party that swept early elections — and where they were going and what they represented.
“In conversations, those sorts of questions ate up almost all the oxygen in the room,” Ms. Marks said. “It was almost impossible to get anybody to ask another question.”
awarded the Nobel Peace Prize in 2015 — to the point that it became a “fetish,” she said.
After the 2011 revolution, Al Qaeda and other extremists were quick to mobilize networks of recruits.
Terrorism burst into the open in 2012 when the U.S. Embassy in Tunis came under attack from a mob. Over the years that followed, extremist cells carried out a string of political assassinations and suicide attacks that shattered Tunisians’ optimism and nearly derailed the democratic transition.
training and assisting Tunisian security forces, and supplying them with military equipment, but so discreetly that the American forces themselves were virtually invisible.
By 2019, some 150 Americans were training and advising their Tunisian counterparts in one of the largest missions of its kind on the African continent, according to American officials. The value of American military supplies delivered to the country increased to $119 million in 2017 from $12 million in 2012, government data show.
The assistance helped Tunisia defeat the broader threat of terrorism, but government ministers noted that the cost of combating terrorism, while unavoidable, burned a larger hole in the national budget.
But it is the structure of the economy that remains the root of the problem, Mr. Kaboub said. All of Tunisia’s political parties have identical economic plans, based on World Bank and International Monetary Fund guidelines. It was the same development platform used by the ousted president, Mr. Ben Ali, Mr. Kaboub said.
“Right now,” he said, “everybody in Tunisia is begging for an I.M.F. loan, and it is going to be seen as the solution to the crisis. But it is really a trap. It’s a Band-Aid — the infection is still there.”
Nearly a decade ago, the United States began naming and shaming China for an onslaught of online espionage, the bulk of it conducted using low-level phishing emails against American companies for intellectual property theft.
On Monday, the United States again accused China of cyberattacks. But these attacks were highly aggressive, and they reveal that China has transformed into a far more sophisticated and mature digital adversary than the one that flummoxed U.S. officials a decade ago.
The Biden administration’s indictment for the cyberattacks, along with interviews with dozens of current and former American officials, shows that China has reorganized its hacking operations in the intervening years. While it once conducted relatively unsophisticated hacks of foreign companies, think tanks and government agencies, China is now perpetrating stealthy, decentralized digital assaults of American companies and interests around the world.
Hacks that were conducted via sloppily worded spearphishing emails by units of the People’s Liberation Army are now carried out by an elite satellite network of contractors at front companies and universities that work at the direction of China’s Ministry of State Security, according to U.S. officials and the indictment.
like Microsoft’s Exchange email service and Pulse VPN security devices, which are harder to defend against and allow China’s hackers to operate undetected for longer periods.
“What we’ve seen over the past two or three years is an upleveling” by China, said George Kurtz, the chief executive of the cybersecurity firm CrowdStrike. “They operate more like a professional intelligence service than the smash-and-grab operators we saw in the past.”
China has long been one of the biggest digital threats to the United States. In a 2009 classified National Intelligence Estimate, a document that represents the consensus of all 16 U.S. intelligence agencies, China and Russia topped the list of America’s online adversaries. But China was deemed the more immediate threat because of the volume of its industrial trade theft.
But that threat is even more troubling now because of China’s revamping of its hacking operations. Furthermore, the Biden administration has turned cyberattacks — including ransomware attacks — into a major diplomatic front with superpowers like Russia, and U.S. relations with China have steadily deteriorated over issues including trade and tech supremacy.
China’s prominence in hacking first came to the fore in 2010 with attacks on Google and RSA, the security company, and again in 2013 with a hack of The New York Times.
breach of the U.S. Office of Personnel Management. In that attack, Chinese hackers made off with sensitive personal information, including more than 20 million fingerprints, for Americans who had been granted a security clearance.
White House officials soon struck a deal that China would cease its hacking of American companies and interests for its industrial benefit. For 18 months during the Obama administration, security researchers and intelligence officials observed a notable drop in Chinese hacking.
After President Donald J. Trump took office and accelerated trade conflicts and other tensions with China, the hacking resumed. By 2018, U.S. intelligence officials had noted a shift: People’s Liberation Army hackers had stood down and been replaced by operatives working at the behest of the Ministry of State Security, which handles China’s intelligence, security and secret police.
Hacks of intellectual property, that benefited China’s economic plans, originated not from the P.L.A. but from a looser network of front companies and contractors, including engineers who worked for some of the country’s leading technology companies, according to intelligence officials and researchers.
It was unclear how exactly China worked with these loosely affiliated hackers. Some cybersecurity experts speculated that the engineers were paid cash to moonlight for the state, while others said those in the network had no choice but to do whatever the state asked. In 2013, a classified U.S. National Security Agency memo said, “The exact affiliation with Chinese government entities is not known, but their activities indicate a probable intelligence requirement feed from China’s Ministry of State Security.”
announced a new policy requiring Chinese security researchers to notify the state within two days when they found security holes, such as the “zero-days” that the country relied on in the breach of Microsoft Exchange systems.
arrested its founder. Two years later, Chinese police announced that they would start enforcing laws banning the “unauthorized disclosure” of vulnerabilities. That same year, Chinese hackers, who were a regular presence at big Western hacking conventions, stopped showing up, on state orders.
“If they continue to maintain this level of access, with the control that they have, their intelligence community is going to benefit,” Mr. Kurtz said of China. “It’s an arms race in cyber.”
President Biden and President Vladimir V. Putin of Russia have agreed to meet on June 16 in Geneva for a face-to-face encounter that comes at a time of fast-deteriorating relations over Ukraine, cyberattacks and a raft of new nuclear weapons Mr. Putin is deploying. The summit is the first in-person meeting between the two leaders since Mr. Biden became president.
The one-day meeting is expected to focus on ways to restore predictability and stability to a relationship that carries a risk of nuclear accident, miscalculation and escalation. Geneva was also the site of the 1985 summit between Mikhail Gorbachev, the Soviet leader, and Ronald Reagan that was focused on the nuclear arms race.
The meeting comes at the worst point in Russian-American relations since the fall of the Soviet Union about 30 years ago. To say that the two leaders have a tense relationship is an understatement: Mr. Biden called Mr. Putin a “killer” in a television interview in March, leading Mr. Putin to dryly return the accusation and wish the new president “good health.”
Russia, despite its aggressive language toward the West, has shown optimism about the talks. For Mr. Putin, a high-profile presidential summit can help deliver what he has long sought: respect for Russia on the world stage. And he is sure to repeat his message that the United States must respect Russian interests — especially inside Russia, where the Kremlin claims Washington is trying to undermine Mr. Putin’s rule, and in Eastern Europe.
new round of financial sanctions against the country.
That list includes the prosecution and jailing of Aleksei A. Navalny, the opposition leader Mr. Putin’s intelligence services tried to kill with a nerve agent. And Mr. Biden plans to spend considerable time on cybersecurity in hopes of limiting the rising tide of cyberattacks directed at the United States.
Such attacks have dogged Mr. Biden since December, with the disclosure of SolarWinds, a sophisticated hack into network management software used by most of the United States’ largest companies and by a range of government agencies and defense contractors.
Mr. Biden vowed a full investigation and a proportionate response, though it is unclear whether those moves — which his aides said would be “seen and unseen” — are sufficient to deter the low-cost attacks.
Two weeks ago, Mr. Biden said he would raise with Mr. Putin the more recent ransomware attack on Colonial Pipeline, which shut down nearly half of the supply of gasoline, diesel and jet fuel to the East Coast. That attack was the work of a criminal group, the Biden administration said, but Mr. Biden accused Russia of harboring the ransomware criminals.
The summit will come at the end of Mr. Biden’s first international trip as president, to Europe, where he will meet with the Group of 7 allies — a group the Russians had been part of for several years when integration with the West seemed possible — and NATO allies.
All over the world, countries are confronting population stagnation and a fertility bust, a dizzying reversal unmatched in recorded history that will make first-birthday parties a rarer sight than funerals, and empty homes a common eyesore.
Maternity wards are already shutting down in Italy. Ghost cities are appearing in northeastern China. Universities in South Korea can’t find enough students, and in Germany, hundreds of thousands of properties have been razed, with the land turned into parks.
Like an avalanche, the demographic forces — pushing toward more deaths than births — seem to be expanding and accelerating. Though some countries continue to see their populations grow, especially in Africa, fertility rates are falling nearly everywhere else. Demographers now predict that by the latter half of the century or possibly earlier, the global population will enter a sustained decline for the first time.
A planet with fewer people could ease pressure on resources, slow the destructive impact of climate change and reduce household burdens for women. But the census announcements this month from China and the United States, which showed the slowest rates of population growth in decades for both countries, also point to hard-to-fathom adjustments.
spirals exponentially. With fewer births, fewer girls grow up to have children, and if they have smaller families than their parents did — which is happening in dozens of countries — the drop starts to look like a rock thrown off a cliff.
“It becomes a cyclical mechanism,” said Stuart Gietel Basten, an expert on Asian demographics and a professor of social science and public policy at the Hong Kong University of Science and Technology. “It’s demographic momentum.”
Some countries, like the United States, Australia and Canada, where birthrates hover between 1.5 and 2, have blunted the impact with immigrants. But in Eastern Europe, migration out of the region has compounded depopulation, and in large parts of Asia, the “demographic time bomb” that first became a subject of debate a few decades ago has finally gone off.
South Korea’s fertility rate dropped to a record low of 0.92 in 2019 — less than one child per woman, the lowest rate in the developed world. Every month for the past 59 months, the total number of babies born in the country has dropped to a record depth.
schools shut and abandoned, their playgrounds overgrown with weeds, because there are not enough children.
To goose the birthrate, the government has handed out baby bonuses. It increased child allowances and medical subsidies for fertility treatments and pregnancy. Health officials have showered newborns with gifts of beef, baby clothes and toys. The government is also building kindergartens and day care centers by the hundreds. In Seoul, every bus and subway car has pink seats reserved for pregnant women.
But this month, Deputy Prime Minister Hong Nam-ki admitted that the government — which has spent more than $178 billion over the past 15 years encouraging women to have more babies — was not making enough progress. In many families, the shift feels cultural and permanent.
projections by an international team of scientists published last year in The Lancet, 183 countries and territories — out of 195 — will have fertility rates below replacement level by 2100.
municipalities have been consolidated as towns age and shrink. In Sweden, some cities have shifted resources from schools to elder care. And almost everywhere, older people are being asked to keep working. Germany, which previously raised its retirement age to 67, is now considering a bump to 69.
Going further than many other nations, Germany has also worked through a program of urban contraction: Demolitions have removed around 330,000 units from the housing stock since 2002.
recently increased to 1.54, up from 1.3 in 2006. Leipzig, which once was shrinking, is now growing again after reducing its housing stock and making itself more attractive with its smaller scale.
“Growth is a challenge, as is decline,” said Mr. Swiaczny, who is now a senior research fellow at the Federal Institute for Population Research in Germany.
Demographers warn against seeing population decline as simply a cause for alarm. Many women are having fewer children because that’s what they want. Smaller populations could lead to higher wages, more equal societies, lower carbon emissions and a higher quality of life for the smaller numbers of children who are born.
But, said Professor Gietel Basten, quoting Casanova: “There is no such thing as destiny. We ourselves shape our lives.”
The challenges ahead are still a cul-de-sac — no country with a serious slowdown in population growth has managed to increase its fertility rate much beyond the minor uptick that Germany accomplished. There is little sign of wage growth in shrinking countries, and there is no guarantee that a smaller population means less stress on the environment.
Many demographers argue that the current moment may look to future historians like a period of transition or gestation, when humans either did or did not figure out how to make the world more hospitable — enough for people to build the families that they want.
Surveys in many countries show that young people would like to be having more children, but face too many obstacles.
Anna Parolini tells a common story. She left her small hometown in northern Italy to find better job opportunities. Now 37, she lives with her boyfriend in Milan and has put her desire to have children on hold.
She is afraid her salary of less than 2,000 euros a month would not be enough for a family, and her parents still live where she grew up.
“I don’t have anyone here who could help me,” she said. “Thinking of having a child now would make me gasp.”
Elsie Chen, Christopher Schuetze and Benjamin Novak contributed reporting.
HOUSTON — The Colonial Pipeline, which delivers nearly half the transportation fuel to the Southeast and New York area, resumed full operations on Saturday, eight days after it was shut down by a ransomware attack.
It will still take days before gasoline stations around Washington, D.C., and the Southeast return to normal service, since nearly 2,000 outlets ran out of fuel and it takes time to restock.
Prices at the pump have stabilized, though. Average prices of regular gasoline in Tennessee and South Carolina, two of the hardest hit states, rose by only a penny on Saturday, according to the AAA motor club. Nationwide, gasoline prices remained stable at $3.04, eight cents higher than a week ago. Prices in the states most affected by the shutdown rose by as much as 20 cents a gallon in the last week.
“We have returned the system to normal operations, delivering millions of gallons per hour to the markets we serve,” the operator of the pipeline said on Twitter.
nearly $5 million in Bitcoin to recover its stolen data.
On Friday, DarkSide said it was shutting down because of unspecified “pressure” from the United States.
Gasoline prices continued to rise across the Southeast on Thursday, but at a slower pace generally than in recent days, as the operator of Colonial Pipeline said it had made “substantial progress” in resuming the delivery of fuel along the East Coast.
“Product delivery has commenced to all markets we serve,” the pipeline’s operator said Thursday afternoon. “It will take several days for the product delivery supply chain to return to normal. Some markets served by Colonial Pipeline may experience, or continue to experience, intermittent service interruptions.”
The pipeline, which stretches from Texas to New Jersey and delivers nearly half of the transport fuels for the Atlantic Coast, was shut down because of a ransomware cyberattack on Friday. Operations have gathered momentum since the pipeline partially restarted late Wednesday.
Gasoline prices rose by roughly 3 cents in South Carolina and Georgia from Wednesday to Thursday, about half the amount of the increases of the previous few days. But prices in Tennessee, which depends on an offshoot of the pipeline, rose by 6 cents, to $2.87 for a gallon of regular. Nationwide, the average price for a gallon of regular increased by 2 cents to $3.03, according to the AAA auto club.
Gasoline supplies vary from state to state along the pipeline, in part because some places have more storage than others. In New Jersey, only 1 percent of gasoline stations lacked fuel early Thursday morning, while more than half of the stations in Virginia, North Carolina and South Carolina were out of fuel, according to GasBuddy, an app that monitors fuel supplies.
It is likely to take at least through the weekend for supply at all gasoline stations to return to normal functioning, because it takes time for fuel to pass through the pipeline.
President Biden, speaking on national television, urged motorists not to panic.
“They should be reaching full operational capacity as we speak, as I speak to you right now,” Mr. Biden said at the White House. “That is good news. But we want to be clear, we will not feel the effects at the pump immediately. This is not like flicking on a light switch.”
An internal assessment by the Departments of Energy and Homeland Security noted that the fuel “travels through the pipeline at 5 miles per hour” and would take “approximately two weeks to travel from the Gulf Coast to New York.” Supplemental supplies transported in tanker trucks and tanker vessels connecting the Gulf and Atlantic coasts also can take up to a week or more.
The Biden administration has temporarily eased the Jones Act, which prohibits foreign vessels from delivering goods from one domestic port to another. The administration said Thursday that a waiver had been granted to one company and that it would consider other waiver requests.
“This waiver will enable the transport of additional gas and jet fuel to ease supply constraints,” Jen Psaki, the White House press secretary, said in a statement. The Jones Act, which is over a century old and is designed to protect American shipping, is usually waived to compensate for supply interruptions during hurricanes.
Panic buying contributed to the fuel shortages. At some stations, people were filling up gasoline cans, forcing others to wait longer and causing shouting matches.
Friday is traditionally the biggest day for gasoline sales. But energy analysts were optimistic that the crisis would soon pass.
“The restart of the pipeline is very positive news for motorists,” said Jeanette McGee, the director for external communications for AAA. “While impact won’t be seen immediately and motorists in affected areas can expect to see a few more days of limited fuel supply, relief is coming.”
She said station pumps will be full in “several days,” ahead of the Memorial Day weekend, a heavy driving time.
The Federal Bureau of Investigation has identified an organized crime group called DarkSide as the attacker. The group is believed to operate from Eastern Europe, possibly Russia. While the attack was not on the pipeline itself, Colonial shut down both its information systems and the pipeline until it was sure it could safely manage the flow of fuel.
David E. Sanger and Michael D. Shear contributed reporting.
President Biden said on Monday that the United States would “disrupt and prosecute” a criminal gang of hackers called DarkSide, which the F.B.I. formally blamed for a huge ransomware attack that has disrupted the flow of nearly half of the gasoline and jet fuel supplies to the East Coast.
The F.B.I., clearly concerned that the ransomware effort could spread, issued an emergency alert to electric utilities, gas suppliers and other pipeline operators to be on the lookout for code like the kind that locked up Colonial Pipelines, a private firm that controls the major pipeline carrying gasoline, diesel and jet fuel from the Texas Gulf Coast to New York Harbor.
The pipeline remained offline for a fourth day on Monday as a pre-emptive measure to keep the malware that infected the company’s computer networks from spreading to the control systems that run the pipeline. So far, the effects on gasoline and other energy supplies seem minimal, and Colonial said it hoped to have the pipeline running again by the end of this week.
The attack prompted emergency meetings at the White House all through the weekend, as officials tried to understand whether the episode was purely a criminal act — intended to lock up Colonial’s computer networks unless it paid a large ransom — or was the work of Russia or another state that was using the criminal group covertly.
the Washington, D.C., Police Department, have also been hit.
The explosion of ransomware cases has been fueled by the rise of cyberinsurance — which has made many companies and governments ripe targets for criminal gangs that believe their targets will pay — and of cryptocurrencies, which make extortion payments harder to trace.
In this case, the ransomware was not directed at the control systems of the pipeline, federal officials and private investigators said, but rather the back-office operations of Colonial Pipeline. Nonetheless, the fear of greater damage forced the company to shut down the system, a move that drove home the huge vulnerabilities in the patched-together network that keeps gas stations, truck stops and airports running.
A preliminary investigation showed poor security practices at Colonial Pipeline, according to federal and private officials familiar with the inquiry. The lapses, they said, most likely made the act of breaking into and locking up the company’s systems fairly easy.
executive order in the coming days to strengthen America’s cyberdefenses, said there was no evidence that the Russian government was behind the attack. But he said he planned to meet with President Vladimir V. Putin of Russia soon — the two men are expected to hold their first summit next month — and he suggested Moscow bore some responsibility because DarkSide is believed to have roots in Russia and the country provides a haven for cybercriminals.
“There are governments that turn a blind eye or affirmatively encourage these groups, and Russia is one of those countries,” said Christopher Painter, the United States’ former top cyberdiplomat. “Putting pressure on safe havens for these criminals has to be a part of any solution.”
Colonial’s pipelines feed large storage tanks up and down the East Coast, and supplies seem plentiful, in part because of reduced traffic during the pandemic. Colonial issued a statement on Monday saying its goal was to “substantially” resume service by the end of the week, but the company cautioned that the process would take time.
mounted a not-so-secret effort to put malware in the Russian grid as a warning.
But in the many simulations run by government agencies and electric utilities of what a strike against the American energy sector would look like, the effort was usually envisioned as some kind of terrorist strike — a mix of cyber and physical attacks — or a blitz by Iran, China or Russia in the opening moments of a larger military conflict.
But this case was different: a criminal actor who, in trying to extort money from a company, ended up bringing down the system. One senior Biden administration official called it “the ultimate blended threat” because it was a criminal act, the kind the United States would normally respond to with arrests or indictments, that resulted in a major threat to the nation’s energy supply chain.
By threatening to “disrupt” the ransomware group, Mr. Biden may have been signaling that the administration was moving to take action against these groups beyond merely indicting them. That is what United States Cyber Command did last year, ahead of the presidential election in November, when its military hackers broke into the systems of another ransomware group, called Trickbot, and manipulated its command-and-control computer servers so that it could not lock up new victims with ransomware. The fear at that time was that the ransomware group might sell its skills to governments, including Russia, that sought to freeze up election tabulations.
On Monday, DarkSide argued it was not operating on behalf of a nation-state, perhaps in an effort to distance itself from Russia.
“We are apolitical, we do not participate in geopolitics, do not need to tie us with a defined government and look for our motives,” it said in a statement posted on its website. “Our goal is to make money and not creating problems for society.”
The group seemed somewhat surprised that its actions resulted in closing a major pipeline and suggested that perhaps it would avoid such targets in the future.
“From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future,” the group said, though it was unclear how it defined “moderation.”
DarkSide is a relative newcomer to the ransomware scene, what Ms. Neuberger called “a criminal actor” that hires out its services to the highest bidder, then shares “the proceeds with ransomware developers.” It is essentially a business model in which some of the ill-gotten gains are poured into research and development on more effective forms of ransomware.
The group often portrays itself as a sort of digital Robin Hood, stealing from companies and giving to others. DarkSide says it avoids hacking hospitals, funeral homes and nonprofits, but it takes aim at large corporations, at times donating its proceeds to charities. Most charities have turned down its offers of gifts.
One clue to DarkSide’s origins lies in its code. Private researchers note DarkSide’s ransomware asks victims’ computers for their default language setting, and if it is Russian, the group moves along to other victims. It also seems to avoid victims that speak Ukrainian, Georgian and Belarusian.
Its code bears striking similarities to that used by REvil, a ransomware group that was among the first to offer “ransomware as a service” — essentially hackers for hire — to hold systems hostage with ransomware.
“It appears this was an offshoot that wanted to go into business for themselves,” said Jon DiMaggio, a former intelligence community analyst who is now the chief security strategist of Analyst1. “To get access to REvil’s code, you’d have to have it or steal it because it’s not publicly available.”
DarkSide makes smaller ransom demands than the eight-figure sums that REvil is known for — somewhere from $200,000 to $2 million. It puts a unique key in each ransom note, Mr. DiMaggio said, which suggests that DarkSide tailors attacks to each victim.
“They’re very selective compared to most ransomware groups,” he said.
Russia has stationed nearly 80,000 troops on its border with Ukraine. Not far away, in the Donetsk region of eastern Ukraine, Russian-backed separatists have recently intensified their attacks. And yesterday, Secretary of State Antony Blinken visited Kyiv, to emphasize American support for Ukraine.
Blinken, holding a bouquet of roses, stood in a rainstorm to visit a memorial for Ukrainian soldiers killed in the fighting with Russia. He later said he had been emotionally moved “to pay tribute to those who lost their lives defending Ukraine’s democracy.”
Since President Biden took office — following Donald Trump, who was famously solicitous of President Vladimir Putin — tensions between Russia and the U.S. have been rising. This morning, we want to help you make sense of what’s going on.
What is Putin doing?
The buildup of troops since March is both a message to Ukraine as well as to the U.S. and the European Union.
over the Donetsk region, potentially giving Putin more control over eastern Ukraine.
The Times’s Helene Cooper and Julian Barnes wrote, “and to make clear to Kyiv the limits of Western support.”
It’s not just Ukraine
The troop deployment also seems to contain a message bigger than just Ukraine. It is a show of strength by Putin as he also takes steps to quash the protest movement led by Aleksei Navalny, which has inspired more dissent than Putin has faced in years. And it’s a reminder to Biden that if he becomes too aggressive toward Russia, Putin can create problems for him.
Biden has an ambitious foreign policy agenda, some of which has little to do with Russia and some of which requires Russian cooperation, such as climate change and Iran’s nuclear program. An escalating conflict over Ukraine would make all of that more difficult.
calling him a killer — but Biden’s actual policies have been more moderated. On the one hand, Blinken’s visit to Kyiv has been provocative, and last month the U.S. imposed sanctions on Russia, in response to hacking and election interference.
But the sanctions stopped far short of what the U.S. could have imposed. “I was clear with President Putin that we could have gone further, but I chose not to do so,” Biden said when announcing them. “The United States is not looking to kick off a cycle of escalation and conflict with Russia.”
Anton Troianovski, The Times’s Moscow bureau chief, describes the White House strategy as “a carefully choreographed carrot-and-stick approach.” Lara Jakes, who covers the State Department, points out that Biden and Putin have known each other for years and that their relationship, for all of the tension, is characterized by “pragmatism and a fair bit of predictability.”
Perhaps Biden’s biggest goal is to create a stable relationship in which Putin decides that he has more to lose than to gain from confrontation. And that’s not easy.
Russia, as The Economist recently wrote, is already “the single most prolific stoker of instability on Europe’s borders, and arguably the most energetic troublemaker in rich democracies, funding extremist parties, spreading disinformation and discord.” But of course Russia could still cause even more trouble, as Putin is now demonstrating in Ukraine.
made his mother a promise. Twenty years later, he made good.
Modern Love: A silly dance connects a mother and daughter.
A Times classic: Are you rich?
Lives Lived: After finally convincing her male editors that a female journalist could handle big news stories, Lucinda Franks became the first woman to win a Pulitzer Prize for national reporting. She died at 74.
ARTS AND IDEAS
Musk’s repeated tweeting of misinformation about the pandemic. Some cast members have expressed their displeasure, or as The Times’s Dave Itzkoff writes, “their befuddlement.”
The casting is an example of how “the ecosystem of fame has shifted,” the AV Club writes. Musk’s social media presence has earned him an unusual fan base for a C.E.O. It’s also a throwback to the early seasons of “S.N.L.,” when the show chose hosts based less on movie openings. Some of them also generated criticism, at the time or later:
In 1978, O.J. Simpson was not just a football player but also one of the country’s biggest stars. “Having him host an episode was a no-brainer,” Thrillist reports.
Rudy Giuliani hosted in 1997, when he was mayor of New York City. To this day, he is considered “one of its worst hosts,” Insider writes.
Lance Armstrong hosted in 2005 when he was facing doping allegations. The show later called him “the most despicable, vile human being ever to set foot on planet Earth.”
In 2015, Donald Trump, then a candidate for president, took the stage. “S.N.L.” staff members have since said they regret giving Trump the platform.
In Musk’s case, the polarized response is part of the appeal. Michael Che, one of the show’s head writers, said: “I like when the show has some edge.”
For a major arms merchant, Emilian Gebrev cuts the modest figure of a bemused grandfather, preferring soccer jerseys and polo shirts to suits and ties, driving his own car and insisting that he is of little importance outside his native Bulgaria.
But this week it became clear just how significant Mr. Gebrev is, at least to an elite squad of Russian operatives within the Kremlin’s military intelligence service.
Days after the Czech authorities accused the assassination team, known as Unit 29155, of being behind a series of 2014 explosions at weapons depots that killed two people, Mr. Gebrev acknowledged that his supplies were stored at the depots. And according to Czech officials, Mr. Gebrev’s stocks were the target.
The revelation is a new and startling development, given that the authorities say the group also twice tried to kill Mr. Gebrev. In 2015, the Bulgarian authorities say that officers with the unit traveled to Bulgaria and poisoned him with a substance resembling the same Novichok nerve agent used against former spies and obstinate critics of President Vladimir V. Putin of Russia. After the first attempt failed to kill him, they returned and poisoned him again.
many as 60 Russian diplomats on top of the 18 it had already kicked out of the country in response to the explosions, potentially dismantling Russia’s diplomatic presence in the country. Russia has vowed to respond accordingly, and has already expelled 20 officials from the Czech Embassy in Moscow.
impose sanctions as punishment for a huge breach of U.S. government computers systems that the White House blamed on Russia’s foreign intelligence agency. It also coincided with Russia massing troops on the Ukraine border, only to partly pull back this week.
For years, Unit 29155 operated in Europe before Western intelligence agencies even discovered it. A 2019 investigation by The New York Times revealed the purpose of the unit and showed that its officers had carried out the attempted assassination a year earlier of a former Russian spy named Sergei V. Skripal, who was poisoned in Salisbury, England.
Numerous other examples of the unit’s handiwork have since been exposed. Last year, the Times revealed a C.I.A. assessment that officers from the unit may have carried out a secret operation to pay bounties to a network of criminal militants in Afghanistan in exchange for attacks on U.S. and coalition troops.
Bulgarian prosecutors charged three officers from Unit 29155 with poisoning Mr. Gebrev in January 2020 and issued warrants for their arrest. They also released surveillance video of one of the assailants apparently smearing poison on the door handles of cars belonging to Mr. Gebrev, his son and a senior manager in a garage near their offices in Sofia, the Bulgarian capital.
But Mr. Gebrev questions whether the unit acted alone, suggesting that even if Russian assassins were responsible for his poisoning, they were likely in cahoots with his enemies in Bulgaria.
Bellingcat determined that Maj. Gen. Andrei V. Averyanov, the commander of Unit 29155, traveled undercover to Vienna days before the explosions and possibly drove into the Czech Republic to the town of Ostrava where, according to the Czech authorities, the men using the names Petrov and Boshirov stayed during the operation.
That Russian spies would carryout military-style sabotage operations outside wartime has shaken many in Europe.
“I think for public opinion, not only in the Czech Republic, but for others in the European Union, this is shocking,” said David Stulik, a senior analyst at the Prague-based European Values Center for Security Policy. “It sheds light on how Russia is treating our countries.”
Boryana Dzhambazova contributed reporting from Sofia, Bulgaria, and Hana de Goeij from Prague.