Feds Prioritizing Disruptions Over Arrests in Cyberattack Cases
The Department of Justice is urging its prosecutors and investigators to place less of an emphasis on prosecutions when it comes to cyberattacks and to focus more on disruption and prevention, US Deputy Attorney General Lisa Monaco told attendees at the RSA Conference.
Monaco backed having a "bias toward action to disrupt and prevent, to minimize harm if it's ongoing [...] and to take that action to prevent the next victim."
That "will not always yield a prosecution," said Monaco, who quipped that's hard for a prosecutor to say. "We're not measuring our success only with courtroom actions and courtroom victories."
The need for this shift comes as nation-states are increasingly working with criminal groups to enable cyberattacks around the world. "We took a hard look in the Justice Department and said, 'how can we maximize our tools and what we can bring to this fight from a Justice Department perspective?'" she said. "We needed to pivot to disruption and prevention. We needed to put victims at the center of our approach."
As an example, Monaco pointed to DOJ's response to the Colonial Pipeline attack. In that case, the operators of an oil pipeline paid ransomware operators in the hopes of unlocking their infected systems. The DOJ used existing tools—a forfeiture warrant, according to Monaco—to track down Colonial's payment in the blockchain and return that money to the company.
She also pointed to an operation where DOJ, the FBI, and European law enforcement infiltrated the Hive ransomware group for seven months before seizing the group's infrastructure. They were able to obtain the decryption keys to recover access to victims' files and machines but no arrests were made. "In days gone by, that might have been heresy,"
Read more on pcmag.com
