In fighting cybercrime, the U.S. Justice Department will focus more on preventing further harm to victims, even if it means tipping off suspects and jeopardizing arrests, U.S. Deputy Attorney General Lisa Monaco explained. Law enforcement must keep pace with the cybercriminals who exploit innovations as fast as the marketplace produces them. Today, the FBI is investigating more than 100 different ransomware variants. Consequently, prosecutors and law enforcement are targeting dozens of ransomware groups estimated to have caused billions of dollars in damage to victims.
Largest ever financial seizure
As FinTelegram reported, Monaco announced the seizure of over $3.6 billion in cryptocurrency linked to the Bitfinex hack in 2016. It was the largest ever financial seizure in the U.S. Justice Department’s history. This would demonstrate that even in cyberspace, the U.S. Department of Justice is able to follow the money successfully.
Bust cybercrime business model
Cybercriminals received more than $1.2 billion in ransom payments in 2020 and 2021 combined, according to cryptocurrency-tracking firm Chainalysis. Monaco said that ransomware and other digital extortion “only work if the bad guys get paid, which means we have to bust their business model,” Monaco said.
She said the department needed to apply the “same thinking” that enabled thwarting terrorist attacks to blunt the impact of damaging hacking incidents, such as ransomware. Prosecutors, agents, and analysts will weigh whether to take disruptive action against cyber threats at each stage of a cyber investigation, even if it alerts cybercriminals and thus prevents possible arrests, Monaco said at the Munich Cyber Security Conference.
Rethinking the approach
The greater focus on victims follows a case last year in which, according to a Washington Post report, the FBI withheld a decryption key for nearly three weeks that could have unlocked the computer systems of hundreds of businesses infected with ransomware. The FBI was planning to carry out an operation to disrupt the hackers, a group known as REvil, and the bureau did not want to tip them off. However, the planned takedown never occurred because, in mid-July, REvil‘s platform went offline — without U.S. government intervention — and the hackers disappeared before the FBI had a chance to execute its plan, according to the current and former officials.
This episode highlights the trade-offs law enforcement officials face between trying to damage cyber criminal networks and promptly helping the victims of ransomware.
New cybercrime unit
The FBI is forming the Virtual Asset Exploitation Unit (VAXU), a specialized team dedicated to cryptocurrency. VAXU will combine cryptocurrency experts into one nerve center that can provide equipment, blockchain analysis, virtual asset seizure, and training to the rest of the FBI. This unit will join the work of the National Cryptocurrency Enforcement Team (NCET), which combines prosecutors with expertise in money laundering, computer crimes, forfeiture, and regulatory policy to go after those who abuse cryptocurrency to commit crime.
