Hackers beware: Justice Department doubles down on efforts to thwart global cybercrime

Fresh off its largest financial seizure ever, the Justice Department said Thursday it is doubling down on U.S. efforts to combat the sharp rise in ransomware attacks worldwide and will now prioritize disrupting cybercriminals before they act.

In a speech to attendees at the annual Munich Cyber Security Conference, Deputy Attorney General Lisa Monaco unveiled several new initiatives by the Justice Department and FBI that she said will speed up their transformations into the kind of high-tech law enforcement agencies required to go after today’s hyperconnected and globalized cybercriminals.

Feds say "majority" of $4.4 million Colonial Pipeline cryptocurrency ransom recovered
Feds say "majority" of $4.4 million Colonial Pipeline cryptocurrency ransom recovered

By doing so, she said, the U.S. government is sending a clear message to hackers, crackers and other digital bad actors everywhere: “The long arm of the law can and now will stretch much farther into cyberspace than you think. If you continue to come for us, we will come for you.”

More: A Russian invasion could reach farther than Ukraine. How a cyberattack could affect you.

As part of that transformation, Monaco said, federal agents and prosecutors will focus far more intensively on the use of bitcoin and other cryptocurrencies in a wide array of malicious activities targeting American citizens and corporations.

“Ransomware and digital extortion – like many other crimes that are fueled by cryptocurrency – only work if the bad guys get paid,which means we have to bust their business model,” Monaco said.

The Justice Department and FBI also will expand their international operations and country-to-country partnerships to better thwart cybercriminals where they live and work, Monaco told the assembled group of security leaders.

In recent years, U.S. efforts to apprehend – and even identify – the perpetrators of massive cyberattacks against U.S. interests have been stymied by their ability to operate in countries like Russia, China and Iran, including at times with those countries’ consent or cooperation.

Deputy Attorney General Lisa Monaco speaks to The Associated Press during an interview at the Department of Justice in Washington on Nov. 2, 2021. Two suspected hackers accused of ransomware attacks resulting in 5,000 infections have been arrested as part of a global cybercrime crackdown, according to an announcement Monday by Europol.
Deputy Attorney General Lisa Monaco speaks to The Associated Press during an interview at the Department of Justice in Washington on Nov. 2, 2021. Two suspected hackers accused of ransomware attacks resulting in 5,000 infections have been arrested as part of a global cybercrime crackdown, according to an announcement Monday by Europol.

“Unfortunately,” Monaco said, “we continue to confront cyber criminals who enjoy safe haven in authoritarian countries, and who wreak havoc in both the digital and physical worlds.”

More: The next big cyberthreat isn't ransomware. It's killware. And it's just as bad as it sounds.

Just hours before Monaco spoke, the FBI and Department of Homeland Security issued a fresh warning that Russian state-sponsored cyber actors continue to regularly target U.S. defense contractors.

And in response to a question, she confirmed she is “absolutely concerned” that any Russian cyberwarfare campaign against Ukraine could have a devastating spillover effect around the world, and at home in the United States. She cited the notorious NetPetya attacks in 2017, when Russian targeted government agencies, banks and private companies doing business in Ukraine – and ended up creating a virus that caused over $10 billion in damage worldwide in what has been described as the most destructive cyberattack ever.

Monaco acknowledged shifting from a primary focus on prosecution to disruption will be jarring for many FBI agents and Justice Department lawyers. But she said it is every bit as necessary now against cybercrime as it was two decades ago when the 9/11 attacks exposed huge weaknesses in the U.S. effort to thwart terrorist attacks before they occurred.

“One of the things, the key things, I learned after September 11… is that success is not prosecuting terrorists after an attack when families are grieving and their loved ones have been lost,” said Monaco, who played key roles in the post-9/11 response while at the FBI, Justice Department and White House. “It may be necessary to be sure, but success is preventing that attack in the first place. We need to apply that same thinking to our cyber investigations.”

Monaco said that under the new approach, prosecutors, agents, and analysts will now assess – at each stage of a cyber investigation – whether to use disruptive actions against cyber threats, even if they might otherwise tip the cybercriminals off and jeopardize the potential for charges, arrests, prosecutions and convictions.

Going forward, the Justice Department will assess whether there are steps it can take to prevent or reduce the risk to victims before it contemplates criminal charges. Those could include providing decryption keys to unlock data that is being held for ransom, Monaco said, and seizing computer network servers that are being used to facilitate cyberattacks.

More: JBS, Colonial Pipeline ransomware attacks are just a fraction of what US is up against, DOJ official warns CEOs

Federal authorities will consider the use of any and all available tools and disruptive capabilities, she added, including financial sanctions and export controls that target nation states involved in cybercriminal activity.

Most of the new initiatives outlined by Monaco came in response to a comprehensive cyber review that she launched last year in response to a series of attacks. She said the review, headed by her chief deputy John Carlin, found that the Justice Department needed to adapt old tools to use in new ways, “while also designing novel techniques to use in our major cyber investigations.”

Over the past year, Justice prosecutors have used traditional search warrants to execute code and erase digital backdoors, making hundreds of victim computers safe, Monaco said. And in an unprecedented cooperative effort, the FBI worked with international partners including Canada, France, Germany, the Netherlands, the United Kingdom, Lithuania, Sweden, and Ukraine, to dismantle the Emotet botnet – dubbed the world’s most dangerous malware – and release its grip on victim computers.

U.S. authorities also took down the world's largest illegal marketplace on the DarkNet, Monaco said, and arrested at least 150 cyber-traffickers in a joint action with European partners.

JBS says it was the target of an “organized cybersecurity attack."
JBS says it was the target of an “organized cybersecurity attack."

To help with the transformation that Monaco announced, the FBI is establishing a Virtual Asset Exploitation Unit that will combine cryptocurrency experts into one nerve center providing equipment, blockchain analysis, virtual asset seizure, and training to the rest of the FBI.

More: Local governments are more vulnerable to cyberattacks than ever before. DHS wants mayors to step up.

That unit will work closely with the Justice Department’s National Cryptocurrency Enforcement Team, which was announced last fall after a spate of ransomware attacks. Monaco said that team is now staffed with a dozen prosecutors, several of whom were integral to the record-breaking seizure of $3.6 billion in bitcoin last week that stemmed from the 2016 digital heist of currency exchange Bitfinex.

The NCET, as it is known, combines prosecutors with expertise in money laundering, computer crimes, forfeiture, and regulatory policy to go after those who abuse cryptocurrency to commit crime.

It's time to worry about the next big cyber threat: killware.
It's time to worry about the next big cyber threat: killware.

More: New to cryptocurrency? Know these terms: Talking Tech podcast

Monaco on Thursday announced the team’s first director, Eun Young Choi, describing her as a veteran cyber expert and lead prosecutor on the J.P Morgan Chase hack.

Also Thursday, DOJ announced it is launching an International Virtual Currency Initiative to foster more and better regulation of cryptocurrency and anti-money laundering requirements to root out the abuse of these technologies. The initiative, Monaco said, would allow for "more eyes from multiple law enforcement agencies around the world" to work together to track money transfers in cyberspace.

“We are issuing a clear warning to criminals who use cryptocurrency to fuel their schemes. We also call on all companies dealing with cryptocurrency; we need you to root out cryptocurrency abuses. To those who do not, we will hold you accountable where we can."

This article originally appeared on USA TODAY: Cybercrime focus of Justice Department crackdown on global hackers