The US Division of Justice’s (DoJ) method to disrupting and stopping cybercrime was laid naked by Lisa Monaco, Deputy Legal professional Normal of the USA, through the opening keynote session on the RSA 2023 convention.
Monaco highlighted that lately the DoJ has developed its method to tackling surging cyber-threats to the federal government and wider financial system. This has revolved round “placing the victims on the middle” somewhat than measuring success by the prosecution of cyber-threat actors by means of the courts.
The DoJ’s profitable restoration of thousands and thousands of {dollars}’ price of bitcoin paid to attackers following the Colonial Pipeline assault in Could 2021 is an instance of this method, Monaco highlighted. On this case motion was taken to observe the cash paid in cryptocurrency, somewhat than inserting blame on the sufferer of the incident.
One other instance was the takedown of the Hive ransomware gang’s infrastructure in January 2023, following a world regulation enforcement operation. This enabled the federal government to realize entry to the group’s laptop networks, enabling businesses to seize decryption keys and distribute them to Hive victims globally. Monaco famous that this was an extended and affected person operation, a “modern-day cyber stakeout.”
Learn extra: #RSAC: Cyber Intrusion Marketing campaign In opposition to Three US Federal Businesses Thwarted
She emphasised that such operations are solely doable by means of cooperation – between completely different authorities businesses globally and crucially, with sufferer organizations. Monaco praised Colonial Pipeline’s “courageous resolution to come back ahead to work with us” after the assault and urged different sufferer organizations to succeed in out to the DoJ to realize comparable outcomes.
“It’s good for the enterprise, and it’s good for America since you’re serving to us forestall that subsequent assault,” she acknowledged.
Talking concerning the latest conviction of former Uber CISO Joe Sullivan, Monaco burdened that this prosecution was led to by Sullivan’s intentional conduct in deceptive the Federal Commerce Fee (FTC) concerning the nature of the incident.
She mentioned that it shouldn’t in any means postpone CISOs from participating with the federal authorities about incidents.
