US to attack cyber criminals first, ask questions later – if it protects victims

DoJ also creates two teams to prevent abuse of cryptocurrency – who knew that happens?


The United States Department of Justice (DoJ) has revealed new policies that may see it undertake pre-emptive action against cyber threats.

Revealed last week by deputy attorney general Lisa O. Monaco, in a speech at the Munich Cyber Security Conference, the policy will see prosecutors, agents and analysts assess "whether to use disruptive actions against cyber threats, even if they might otherwise tip the cybercriminals off and jeopardize the potential for charges and arrests."

Such actions will be undertaken if the DoJ feels that action can reduce risks for victims. Monaco mentioned "providing decryptor keys or seizing servers used to further cyberattacks" as possible interventions.

It's the rare cyber investigation that doesn't have an international dimension

Monaco also wants sanctions and export controls used when appropriate – and not just those the DoJ or even the US can wield. She hopes "our international and private sector partners" can weigh in, too, and also wants DoJ people to work "at US Cyber Command and elsewhere, to achieve unity of purpose and unity of action."

The deputy attorney general added that charging and apprehending cybercriminals "will still be a priority in cybercrime cases" but that different tactics are needed "when threat actors seek safe haven in rogue countries or work on behalf of a foreign government."

Another DoJ initiative will try to get ahead of cryptocurrency abuse.

"It's the rare cyber investigation that doesn't have an international dimension," Monaco said, announcing that prosecutors handling significant cyber investigations will henceforth be required to consult with DoJ's international and cybercrime specialists "to identify international actions that might be able to help stop a threat."

A new International Virtual Currency Initiative will therefore facilitate what Monaco described as "more joint international law enforcement operations – more eyes from multiple law enforcement agencies around the world – to track money through the blockchain." The Initiative's staff also get to do some education about financial regulations and anti-money laundering requirements, in the hope would-be abusers stay on the right side of the law.

Monaco also announced a Virtual Asset Exploitation Unit (VAXU) that "will combine cryptocurrency experts into one nerve center that can provide equipment, blockchain analysis, virtual asset seizure and training to the rest of the FBI." The Unit will work alongside the FBI's existing National Cryptocurrency Enforcement Team which, since its formation in late 2021, has grown to employ a dozen prosecutors and, as of last week, its first director – Eun Young Choi, who Monaco described as "a seasoned computer crimes prosecutor and a leader in the field."

VAXU was announced in the context of the February 8 arrest of "tech entrepreneurs" Ilya Lichtenstein, 34, and Heather Morgan, 31 – a husband and wife team accused of conspiring to launder $4.5 billion in cryptocurrency allegedly lifted from Hong Kong crypto exchange Bitfinex in 2016.

Monaco said the effort to arrest the pair was a modern adaptation of a very old law enforcement technique: following the money. She assured her audience that VAXU's formation shows the DoJ and the agencies it oversees are evolving to meet today's threats. ®


Other stories you might like

  • Cisco warns of security holes in its security appliances
    Bugs potentially useful for rogue insiders, admin account hijackers

    Cisco has alerted customers to another four vulnerabilities in its products, including a high-severity flaw in its email and web security appliances. 

    The networking giant has issued a patch for that bug, tracked as CVE-2022-20664. The flaw is present in the web management interface of Cisco's Secure Email and Web Manager and Email Security Appliance in both the virtual and hardware appliances. Some earlier versions of both products, we note, have reached end of life, and so the manufacturer won't release fixes; it instead told customers to migrate to a newer version and dump the old.

    This bug received a 7.7 out of 10 CVSS severity score, and Cisco noted that its security team is not aware of any in-the-wild exploitation, so far. That said, given the speed of reverse engineering, that day is likely to come. 

    Continue reading
  • Inverse Finance stung for $1.2 million via flash loan attack
    Just cryptocurrency things

    A decentralized autonomous organization (DAO) called Inverse Finance has been robbed of cryptocurrency somehow exchangeable for $1.2 million, just two months after being taken for $15.6 million.

    "Inverse Finance’s Frontier money market was subject to an oracle price manipulation incident that resulted in a net loss of $5.83 million in DOLA with the attacker earning a total of $1.2 million," the organization said on Thursday in a post attributed to its Head of Growth "Patb."

    And Inverse Finance would like its funds back. Enumerating the steps the DAO intends to take in response to the incident, Patb said, "First, we encourage the person(s) behind this incident to return the funds to the Inverse Finance DAO in return for a generous bounty."

    Continue reading
  • International operation takes down Russian RSOCKS botnet
    $200 a day buys you 90,000 victims

    A Russian operated botnet known as RSOCKS has been shut down by the US Department of Justice acting with law enforcement partners in Germany, the Netherlands and the UK. It is believed to have compromised millions of computers and other devices around the globe.

    The RSOCKS botnet functioned as an IP proxy service, but instead of offering legitimate IP addresses leased from internet service providers, it was providing criminals with access to the IP addresses of devices that had been compromised by malware, according to a statement from the US Attorney’s Office in the Southern District of California.

    It seems that RSOCKS initially targeted a variety of Internet of Things (IoT) devices, such as industrial control systems, routers, audio/video streaming devices and various internet connected appliances, before expanding into other endpoints such as Android devices and computer systems.

    Continue reading
  • Microsoft fixes under-attack Windows zero-day Follina
    Plus: Intel, AMD react to Hertzbleed data-leaking holes in CPUs

    Patch Tuesday Microsoft claims to have finally fixed the Follina zero-day flaw in Windows as part of its June Patch Tuesday batch, which included security updates to address 55 vulnerabilities.

    Follina, eventually acknowledged by Redmond in a security advisory last month, is the most significant of the bunch as it has already been exploited in the wild.

    Criminals and snoops can abuse the remote code execution (RCE) bug, tracked as CVE-2022-30190, by crafting a file, such as a Word document, so that when opened it calls out to the Microsoft Windows Support Diagnostic Tool, which is then exploited to run malicious code, such spyware and ransomware. Disabling macros in, say, Word won't stop this from happening.

    Continue reading
  • CISA and friends raise alarm on critical flaws in industrial equipment, infrastructure
    Nearly 60 holes found affecting 'more than 30,000' machines worldwide

    Updated Fifty-six vulnerabilities – some deemed critical – have been found in industrial operational technology (OT) systems from ten global manufacturers including Honeywell, Ericsson, Motorola, and Siemens, putting more than 30,000 devices worldwide at risk, according to private security researchers. 

    Some of these vulnerabilities received CVSS severity scores as high as 9.8 out of 10. That is particularly bad, considering these devices are used in critical infrastructure across the oil and gas, chemical, nuclear, power generation and distribution, manufacturing, water treatment and distribution, mining and building and automation industries. 

    The most serious security flaws include remote code execution (RCE) and firmware vulnerabilities. If exploited, these holes could potentially allow miscreants to shut down electrical and water systems, disrupt the food supply, change the ratio of ingredients to result in toxic mixtures, and … OK, you get the idea.

    Continue reading
  • 1Password's Insights tool to help admins monitor users' security practices
    Find the clown who chose 'password' as a password and make things right

    1Password, the Toronto-based maker of the identically named password manager, is adding a security analysis and advice tool called Insights from 1Password to its business-oriented product.

    Available to 1Password Business customers, Insights takes the form of a menu addition to the right-hand column of the application window. Clicking on the "Insights" option presents a dashboard for checking on data breaches, password health, and team usage of 1Password throughout an organization.

    "We designed Insights from 1Password to give IT and security admins broader visibility into potential security risks so businesses improve their understanding of the threats posed by employee behavior, and have clear steps to mitigate those issues," said Jeff Shiner, CEO of 1Password, in a statement.

    Continue reading
  • Inside the RSAC expo: Buzzword bingo and the bear in the room
    We mingle with the vendors so you don't have to

    RSA Conference Your humble vulture never liked conference expos – even before finding myself on the show floor during a global pandemic. Expo halls are a necessary evil that are predominatly visited to find gifts to bring home to the kids. 

    Do organizations really choose security vendors based on a booth? The whole expo hall idea seems like an outdated business model – for the vendors, anyway. Although the same argument could be made for conferences in general.

    For the most part, all of the executives and security researchers set up shop offsite – either in swanky hotels and shared office space (for the big-wigs) or at charming outdoor chess tables in Yerba Buena Gardens. Many of them said they avoided the expo altogether.

    Continue reading

Biting the hand that feeds IT © 1998–2022