The US said it will now consider proactively disrupting cyber criminals’ operations even if doing so may impede the state’s ability to arrest and indict the alleged perpetrators.
Deputy Attorney General Lisa O. Monaco made the remarks while addressing delegates at the Munich Cyber Security Conference on Thursday. She said, going forward, US law enforcement could potentially deploy preventative measures to minimise the risk to victims of cyber attacks.
Such measures could include providing decryptor keys to ransomware victims or seizing servers used to launch cyber attacks.
The shift in policy comes following a year in which ransomware once again topped the charts of the most-used cyber attacks against businesses and critical organisations.
Monaco said that charging suspects in cyber crime cases will still be the priority, but taking a hybrid approach to disrupting cyber crime will make law enforcement authorities “nimbler” and more capable, she said.
“Now, as a former prosecutor, I can tell you that this approach is not the first instinct for trial lawyers who live in the courtroom,” said Monaco. “But my message to the department is clear: we should be looking for success both inside and outside the courtroom.
“And my message to cybercriminals is equally clear: the long arm of the law can — and now will — stretch much farther into cyberspace than you think. If you continue to come for us, we will come for you.”
In addition to directly disrupting attacks through decryptors and server seizures, Monaco also said the US will consider a broader range of disruptive techniques including sanctions and export controls.
She also announced the US is creating the Cyber Operations International Liaison - a unit that will see cross-border collaboration between the US and European agencies to expedite investigations into cyber criminal activity.
Collaboration between international law enforcement agencies and the relevant cyber crime institutions has yielded some high-profile results in the past year, including the takedown of the long-ruling Emotet botnet and the arrest of multiple REvil ransomware gang members.
The US and European agencies will also be launching an International Virtual Currency Initiative to combat the abuse of virtual currency, Monaco said. It will further the country’s own domestic unit, the National Cryptocurrency Enforcement Team, the launch of which was announced in 2021.
Cryptocurrency is used commonly in criminal operations to hide the identities of the criminals launching the attacks by obscuring blockchain transactions, making the tracking of funds more difficult for law enforcement.
The US announced its biggest ever seizure of cryptocurrency earlier this month. A total of $3.6 billion was seized from a married couple allegedly laundering money after the 2016 hack on currency exchange Bitfinix.
Moving forward in a work from anywhere world
A gorilla guide
“We are issuing a clear warning to criminals who use cryptocurrency to fuel their schemes. We also call on all companies dealing with cryptocurrency: we need you to root out cryptocurrency abuses,” she said. “To those who do not, we will hold you accountable where we can.”
The US has been vocal about its mounting efforts against cyber crime since the high-profile ransomware attacks of 2021, including those affecting JBS Foods and Colonial Pipeline, the latter of which prompted such crime to be promoted to ‘terrorism’ status in the eyes of the US.
The Cybersecurity and Infrastructure Security Agency (CISA) also enforced a policy in 2021 that compelled all federal agencies to patch some of the most serious security vulnerabilities to improve the nation's cyber posture. It set different deadlines depending on how recently any given vulnerability was discovered.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2023.
Connor Jones has been at the forefront of global cyber security news coverage for the past few years, breaking developments on major stories such as LockBit’s ransomware attack on Royal Mail International, and many others. He has also made sporadic appearances on the ITPro Podcast discussing topics from home desk setups all the way to hacking systems using prosthetic limbs. He has a master’s degree in Magazine Journalism from the University of Sheffield, and has previously written for the likes of Red Bull Esports and UNILAD tech during his career that started in 2015.