Criminal indictments are major – but not only – tool of US cyber defense agencies


The FBI and other federal agencies are increasingly looking to counter cyber threats with tools other than criminal charges, the bureau’s cyber division chief said in an interview with The Associated Press.

Arrests and indictments of foreign cybercriminals are always appropriate in certain circumstances and something the FBI pursues “every day of the week,” Deputy Director Bryan Vorndran said. But as federal agencies seek to have the most disruptive impact on cybercrime possible, FBI officials are carefully considering how best to time an impeachment, or whether an impeachment is even the best course of action.

“We’re just a lot more mature in the workspace with our interagency partners, and we’re really keeping tabs on how we’re having the biggest impact,” Vorndran said.

The FBI, he said, is now “very open to being told” that when it comes to an adversary, “‘You know what, as a member of the team, this may not be a good time to deploy an indictment, but it’s fine this may be a good time to deploy,” an action by US Cyber ​​Command.

This development reflects the fact that multiple government agencies share responsibility and play a unique role in combating a cyber threat that has only worsened over the past decade. The Justice Department has long viewed indicting foreign hackers as a way to “name and humiliate” them and deter hostile governments that employ them. Other government agencies, however, bring their own powers to the table that may override the use of criminal charges or be seen as imposing greater cost or deterrence.

Department of Defense

Cyber ​​Command, a branch of the Department of Defense established in 2010, has become aggressive in its pursuit of hackers, conducting more than two dozen operations aimed at thwarting interference in the 2020 presidential election and most recently against ransomware gangs. The White House shared information about Russian hackers with the Kremlin to take action on its own. Last week, the Russian Federal Security Service, or FSB, announced the detention of members of the REvil ransomware gang.

The FBI itself used actions other than indictments. In June, he recovered the majority of a roughly $4.4 million ransom Colonial Pipeline had paid to hackers responsible for a ransomware attack that caused gas shortages for days. He obtained a court warrant in April that gave him remote access to hundreds of computers to counter a massive hack of Microsoft Exchange mail server software.

Vorndran spoke to the AP after appearing in a Silverado Policy Accelerator chat last week in which he said the FBI was moving “away from a first charge and arrest model, and the full costs imposed on our adversaries”.

“That’s probably a simple way of saying that we’re really trying to work with everyone, public and private sector partners, to understand the totality of capabilities and authorities that are out there…so that we have the greatest impact in this moment on the questions,” he said in the interview.

Indictments, a bread-and-butter law enforcement tactic, can lock up accused hackers in their home countries and warn adversaries that their actions have been detected. But their practical impact is often limited because there is generally little chance that a defendant will be brought to the United States for trial.

Chinese military hackers

Perhaps the first prominent example is a 2014 case against five Chinese military hackers accused of embezzling secrets from major US companies. In the years that followed, federal prosecutors charged North Korean computer programmers with hacking into Sony Pictures Entertainment; Russian intelligence agents in a Yahoo breach; Iranian hackers in an attack on a small dam outside New York; and Chinese agents targeting companies developing coronavirus vaccines.

The cases have all generated publicity splashes, although they have done little to curb piracy from foreign countries. And given the lack of extradition treaties with countries the United States considers the biggest cyber offenders, arrests of indicted hackers are exceedingly rare.

There have, however, been isolated exceptions when hackers wanted by the United States have traveled from their home countries and been arrested. This happened last fall when the Justice Department unveiled an indictment charging Yaroslav Vasinskyi in the Kaseya ransomware attack after the alleged Ukrainian hacker traveled to Poland.

The arrest prompted a Justice Department press conference with Attorney General Merrick Garland, a sure sign that prosecutors won’t drop their pursuit of indictments when they think it makes sense.

“It’s certainly a tool that the interagency and the FBI are ready to use and are working toward,” Vorndran said of the indictments, “but it’s not the only tool.”

Copyright 2022 Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

Fraud by cyber agencies in the United States

Interested in Agencies?

Receive automatic alerts for this topic.


About Author

Comments are closed.