The US said it will now consider proactively disrupting cyber criminals’ operations even if doing so may impede the state’s ability to arrest and indict the alleged perpetrators.
Deputy Attorney General Lisa O. Monaco made the remarks while addressing delegates at the Munich Cyber Security Conference on Thursday. She said, going forward, US law enforcement could potentially deploy preventative measures to minimise the risk to victims of cyber attacks.
Such measures could include providing decryptor keys to ransomware victims or seizing servers used to launch cyber attacks.
The shift in policy comes following a year in which ransomware once again topped the charts of the most-used cyber attacks against businesses and critical organisations.
Monaco said that charging suspects in cyber crime cases will still be the priority, but taking a hybrid approach to disrupting cyber crime will make law enforcement authorities “nimbler” and more capable, she said.
“Now, as a former prosecutor, I can tell you that this approach is not the first instinct for trial lawyers who live in the courtroom,” said Monaco. “But my message to the department is clear: we should be looking for success both inside and outside the courtroom.
“And my message to cybercriminals is equally clear: the long arm of the law can — and now will — stretch much farther into cyberspace than you think. If you continue to come for us, we will come for you.”
In addition to directly disrupting attacks through decryptors and server seizures, Monaco also said the US will consider a broader range of disruptive techniques including sanctions and export controls.
She also announced the US is creating the Cyber Operations International Liaison - a unit that will see cross-border collaboration between the US and European agencies to expedite investigations into cyber criminal activity.
Collaboration between international law enforcement agencies and the relevant cyber crime institutions has yielded some high-profile results in the past year, including the takedown of the long-ruling Emotet botnet and the arrest of multiple REvil ransomware gang members.
The US and European agencies will also be launching an International Virtual Currency Initiative to combat the abuse of virtual currency, Monaco said. It will further the country’s own domestic unit, the National Cryptocurrency Enforcement Team, the launch of which was announced in 2021.
Cryptocurrency is used commonly in criminal operations to hide the identities of the criminals launching the attacks by obscuring blockchain transactions, making the tracking of funds more difficult for law enforcement.
The US announced its biggest ever seizure of cryptocurrency earlier this month. A total of $3.6 billion was seized from a married couple allegedly laundering money after the 2016 hack on currency exchange Bitfinix.
“We are issuing a clear warning to criminals who use cryptocurrency to fuel their schemes. We also call on all companies dealing with cryptocurrency: we need you to root out cryptocurrency abuses,” she said. “To those who do not, we will hold you accountable where we can.”
The US has been vocal about its mounting efforts against cyber crime since the high-profile ransomware attacks of 2021, including those affecting JBS Foods and Colonial Pipeline, the latter of which prompted such crime to be promoted to ‘terrorism’ status in the eyes of the US.
The Cybersecurity and Infrastructure Security Agency (CISA) also enforced a policy in 2021 that compelled all federal agencies to patch some of the most serious security vulnerabilities to improve the nation's cyber posture. It set different deadlines depending on how recently any given vulnerability was discovered.
