DOJ didn’t ask for Russia’s help tracking down Colonial Pipeline hackers, senior official says

John Demers equated such an ask to a waste of time.
John Demers Department of Justice DOJ
Assistant Attorney General for National Security John Demers speaks May 31, 2018, at the Cyber Threat Intelligence Forum presented by FireEye and produced by CyberScoop and FedScoop. (CyberScoop)

The U.S. Justice Department did not ask Russian law enforcement for help in tracking down the perpetrators of the Colonial Pipeline ransomware attack because Moscow’s history of harboring cybercriminals essentially makes it a waste of time, according to a senior department official.

“I think we’ve reached the stage, today, where there’s very little point in doing so,” said John Demers, the assistant attorney general for national security. “We have made those requests in the past.”

The Russian government is “not just tolerating this,” Demers said at CyberTalks, presented by CyberScoop. “They’re actively getting in the way of U.S. law enforcement efforts to combat this type of hacking,” he added, referring to previous Russian efforts to block U.S. requests to extradite accused hackers from other countries.

The remarks were pre-recorded on June 3. The Justice Department did not answer follow-up questions about possible Russian cooperation in the weeks since.


The Russian Embassy in Washington, D.C., did not respond to a request for comment on Demers’ allegations.

Demers, who is stepping down as assistant attorney general later this month, spoke as President Joe Biden planned to raise the issue of safe harbor for cybercriminals during a Wednesday meeting with Russian President Vladimir Putin. Demers’ comments underscore how little optimism some U.S. officials have that Russia will change its behavior without an intense pressure campaign from the U.S. and allies.

Colonial Pipeline, which transports some 45% of fuel consumed on the East Coast, shut down for several days in early May following a ransomware intrusion that the FBI blamed on a Russian-speaking criminal syndicate known as DarkSide. Biden said that, while there was no evidence of Russian government involvement in the incident, Moscow had “a responsibility to deal with this.” Putin has balked at the idea, saying any talk of Russian involvement in ransomware attacks are meant to “provoke some new conflicts” with Biden.

Just weeks after the Colonial Pipeline incident, ransomware disrupted JBS, the world’s biggest meat processor, forcing the temporary shutdown of facilities in Australia, Canada and the U.S. The FBI blamed another set of Russian-speaking hackers for that incident.

U.S. officials have long railed against what they see as Russian intransigence on cybercrime. In a speech to Interpol in November 2018, then-Deputy Attorney General Rod Rosenstein threatened to “expose” attempts by other governments “to manipulate the extradition process,” singling out Russia.


As an example of the problem, U.S. officials have cited the case of Aleksey Belan, a dual Latvian-Russian national who was charged in 2012 with hacking major U.S. e-commerce companies. After a U.S. arrest warrant was issued for Belan, he reportedly escaped from a hideout in Greece and returned to Russia. From there, U.S. officials alleged, Belan and others breached 500 million Yahoo email accounts at the behest of Russian intelligence agents.

Belan is still wanted by the FBI.

While U.S. complaints against Russian tolerance of criminal hackers are nothing new, they have reached a fever pitch in the wake of the JBS and Colonial Pipeline hack, which made cybersecurity a tangible issue for many Americans as gas stations ran low on fuel.

Demers said the U.S. and its allies in Europe, Asia and elsewhere needed to “put pressure on the Russian government to … at least make good-faith efforts to prevent the intrusions that are taking place from its own borders.”

Amid a spate of ransomware attacks that have disrupted hospitals and other critical infrastructure during the coronavirus pandemic, ransomware has become a top diplomatic issue. After an April meeting, law enforcement officials from Australia, Canada, New Zealand, the U.K. and the U.S. announced an agreement to “more closely [align] our policies” to combat ransomware.


U.S. officials have successfully encouraged other governments to denounce alleged Russian hacking in recent years. Whether that will translate into any coordinated push against the Kremlin’s alleged feet-dragging on cybercrime remains to be seen.

Meanwhile, the Justice Department is in the midst of a wholesale review of its approach to cybersecurity, including ransomware. The department also formed a task force in April to dedicate more resources and training for officials to investigate ransomware gangs.

“Certainly, the events of the last six months have taught us we need to move faster and we need to move in ways that we haven’t moved in the past,” Demers said of the Justice Department initiatives.

“I think that what you’re going to see is really a much more coordinated approach at dealing with the problem of ransomware,” he added. “You’re going to see more disruptions [of criminal hackers] taking place.”

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts