Showing posts with label CYBERCRIME. Show all posts
Showing posts with label CYBERCRIME. Show all posts

Sunday, June 28, 2015

ASSISTANT AG CALDWELL'S REMARKS ON DIGITAL CURRENCIES LIKE BITCOM

FROM:  U.S. JUSTICE DEPARTMENT
Assistant Attorney General Leslie R. Caldwell Delivers Remarks at the ABA’s National Institute on Bitcoin and Other Digital Currencies
Washington, DC United States ~ Friday, June 26, 2015
Thank you Nina [Marino] for that kind introduction.

It is a pleasure to address today’s ABA National Institute on Bitcoin and Other Digital Currencies.  As head of the Justice Department’s Criminal Division, I am privileged to lead over 600 attorneys who investigate and prosecute federal crime, help develop criminal law and formulate law enforcement policy.  Our talented prosecutors perform crucial work in many of the areas relevant to today’s discussion, including the fight to combat money laundering, financial fraud, child exploitation and cybercrime.

This afternoon, I’d like to discuss the department’s approach to the emerging virtual currency landscape, our ongoing efforts to prosecute those who commit crimes by using virtual currency, and our view that compliance and cooperation from exchanges, companies and other market actors can ensure that emerging technologies are not misused to fund and facilitate illicit activities.

The department is aware of the many legitimate actual and potential uses of virtual currency.  It has the potential to promote a more efficient online marketplace.  It also potentially can lower costs for brick and mortar businesses, by removing the need to pay credit card-related costs.  And in theory, it can help speed and reduce the cost of cross-border transactions.  But we also have seen that criminals have been among the first to enthusiastically embrace the use of virtual currency, primarily in crime involving the internet.

Many of the inherent features of virtual currencies are exactly what makes them attractive to criminals.  Many criminals like virtual currency systems because these systems conduct transfers quickly, securely and with a perceived level of anonymity.  For others, the irreversibility of payments made in virtual currency and lack of oversight by a central financial authority is appealing.  Finally, the ability to conduct international peer-to-peer transactions that lack immediately available personally identifying information has made decentralized virtual currency attractive to those who wish to cover their money trail.

As a result, virtual currency facilitates a wide range of traditional criminal activities as well as sophisticated cybercrime schemes.

Much of the illicit conduct involving virtual currency occurs through online black markets such as the now-shuttered Silk Road, which operated on an anonymized “dark web” network that masked users’ physical locations, making them difficult to track.  Similar online black markets continue to operate, offering on a global scale, a wide selection of illicit goods and services.  While these have included more traditional crimes such as narcotics trafficking, stolen credit card information, and hit-men for hire, we have also seen a significant evolution in criminal activity.

For example, Bitcoin has been utilized to fund the production of child exploitation material through online crowd-sourcing – a development rarely seen before the prevalence of virtual currency.  It has also been used to buy and sell lethal toxins over the internet and as a payment method for virtual kidnapping and extortion, allowing near-instantaneous transactions across the globe between perpetrators of phishing and hacking schemes and their victims.

Despite the significant challenges in investigating, much less prosecuting, this activity, the department already has a strong record of bringing cases in which virtual currencies were used to facilitate criminal conduct.  While the burgeoning assortment of online exchanges, virtual currencies and virtual marketplaces has created a complex and evolving environment or “ecosystem” as this audience knows it, we too are keeping pace and will pursue those who exploit vulnerabilities in that ecosystem for illegal gain.

In this arena, we rely principally on money services business, money transmission and anti-money laundering statutes.  While individual users who are not acting as exchangers or transmitters are not required to register with FinCEN, many virtual currency systems, exchangers and related services are.  Additionally, most states also require money transmitters to obtain a state license in order to conduct business in that state, and some like New York have established virtual-currency specific licensing requirements.  Any failure to register or obtain a license may subject a money transmitter to criminal prosecution, and a money transmitter that knowingly moves funds connected to a criminal offense also faces prosecution for money laundering, regardless of licensing status.  Whether the currency involved is virtual or traditional, the department enforces these critical laws to prosecute money services businesses that engage in money laundering or facilitate crime by flouting registration and licensing requirements.

The department’s enforcement actions have evolved along with the virtual currency ecosystem.  Our first major action against a virtual currency service used for illicit purposes was in 2007, when the Criminal Division’s Asset Forfeiture and Money Laundering Section (AFMLS), together with our Computer Crime and Intellectual Property Section (CCIPS), spearheaded the prosecution against e-Gold and its owners on charges related to money laundering and operating an unlicensed money transmitting business.  E-Gold was a popular online currency exchange, and was a favored hub for cybercriminals in part because of the lack of account holder identity verification.  An e-mail address was the only information needed to set up an account, allowing global anonymous transactions.  After a multi-agency investigation, e-Gold and three associated individuals pleaded guilty in 2008 to charges of money laundering and operating an unlicensed money transmitting business.

In the wake of e-Gold’s demise, the virtual currency system Liberty Reserve was created.  As alleged in our pending indictment, Liberty Reserve was structured and operated to help users conduct illegal transactions anonymously and launder the proceeds of their crimes.

Liberty Reserve quickly became one of the principal money transfer agents used by cybercriminals around the world to distribute, store and launder the proceeds of their illegal activity.  Like e-Gold, any would-be account holder needed little more than a working email address to move funds around the globe.  Again, this virtual currency platform became a favorite of cybercriminals and other tech-savvy wrongdoers, enabling them to engage in anonymous financial transactions, all conducted in violation of BSA requirements.

Before the government shut down Liberty Reserve in 2013, it had accumulated more than one million users worldwide, including more than 200,000 in the United States, who conducted approximately 55 million transactions through its system totaling more than $6 billion in funds.  These funds included suspected proceeds of credit card fraud, identity theft, investment fraud, computer hacking, child pornography, narcotics trafficking and other crimes.

In a case jointly spearheaded by AFMLS and prosecutors from the Southern District of New York, several of Liberty Reserve’s top executives, including a co-founder of the company, the IT Manager and its Chief Technology Officer, have pleaded guilty to money laundering and operating an unlicensed money transmitting business and have been sentenced up to five years in prison.  The creator of Liberty Reserve was extradited to the United States from Spain in October 2014 and is currently awaiting trial, where he is, of course, presumed innocent.

The department has also taken action against a number of individuals and groups who sought to exploit decentralized systems such as Bitcoin and anonymized dark web servers to finance illicit trade and activity in online black markets.

The first major prosecution of a dark market website was by the Southern District of New York in a case against Ross Ulbricht, aka “Dread Pirate Roberts,” who was arrested in October 2013 and convicted by a jury for his role in creating and operating Silk Road, an online black market whose payment operations exclusively used Bitcoin.

Silk Road – designed to act as a black-market bazaar completely free from government regulation and oversight – attempted to enable its users to exchange illegal drugs and other unlawful goods and services anonymously and beyond the reach of law enforcement.  It emerged as one of the most extensive criminal marketplaces on the internet.  Before it was dismantled by law enforcement, Silk Road was used by thousands of drug dealers and other vendors to distribute hundreds of kilograms of illegal drugs and other unlawful goods and services to well over a 100,000 buyers, and has been linked to at least six overdose deaths around the world.  Further, Silk Road was also used to launder hundreds of millions of dollars derived from these unlawful transactions.  And just a few weeks ago, in a federal courtroom in New York City, Ulbricht was sentenced to a term of life in prison – a cautionary tale for all those who would use dark spaces on the internet to flout the law.

The Silk Road story, however, did not end with Ross Ulbricht.  Two federal agents, sworn to uphold the law, were also apparently lured by the perceived anonymity of virtual currency.  

Carl Force, a Special Agent with the Drug Enforcement Administration, and Shaun Bridges, a Special Agent with the U.S. Secret Service, were both assigned to the Baltimore Silk Road Task Force, which investigated illegal activity in the Silk Road marketplace.

Force served as an undercover agent.  According to court documents, Force went rogue and developed additional online personas to engage in complex bitcoin transactions to steal hundreds of thousands of dollars from the government and from the targets of the investigation.  Independently, Bridges also allegedly engaged in an even larger direct theft, illegally diverting over $800,000 in virtual currency to his personal account.

Both individuals have been charged by the Criminal Division’s Public Integrity Section and prosecutors from the Northern District of California with wire fraud, theft of government property and money laundering.  These investigations and prosecutions should send a strong message to those who would exploit technology to commit crimes: no matter how anonymous people might feel using virtual currency, their actions are not untraceable.  People should not assume that law enforcement will not notice when they act on the dark web, or that we are not keeping up with emerging technology.  Our successful prosecutions have shown that neither the supposed anonymity of the dark web nor the use of virtual currency is an effective shield from arrest and prosecution.

In addition to the operators of Silk Road and the drug traffickers who conducted their deals online in bitcoin, prosecutors from the Southern District of New York have also taken action against those who enabled this activity through the operation of Bitcoin currency exchanges.  We understand that there are legitimate exchanges, and many of those are working closely with FinCEN and other regulators to ensure compliance with the law.  But there are also many exchanges that don’t concern themselves with following the law.

From approximately December 2011 to October 2013, Robert Faiella ran an underground Bitcoin exchange on the Silk Road website under the alias “BTCKing,” and sold bitcoin to users to fund their purchases on the site.

Faiella would run bitcoin orders through Charlie Shrem, who operated a New York-based company that acted as a bitcoin to fiat currency exchange.  Although Shrem was the company’s Anti-Money Laundering Officer and had registered the company with FinCEN as a money services business, Shrem failed to report any of BTCKing’s activity, despite knowing it was being used for illegal purchases.  Shrem’s assistance enabled BTCKing to finance Silk Road transactions without collecting any personal identifying information from customers.  Faiella pleaded guilty to operating an unlicensed money transmitting business involving funds he knew were intended to support unlawful activity, and Shrem pleaded guilty to aiding and abetting Faiella’s operations.  Just this past winter, they were sentenced to four and two years in prison, respectively.

While these cases demonstrate that the criminal use of virtual currency has grown rapidly in recent years, its comparative scale versus traditional money laundering still pales in magnitude.  Few virtual systems currently can accommodate the hundreds of millions of dollars we have seen in certain large-scale money laundering schemes involving government-issued currency.  That said, as virtual currencies become more mature and better understood by criminals, we expect to see an increase in both individualized criminal activity and large-scale money laundering enterprises.

In some ways, companies and individuals operating in the virtual currency ecosystem are at a crossroads, and they have an opportunity to help virtual currency emerge from its association with criminal activities.  While there obviously are good and legitimate reasons to use these currencies, industry participants are now on notice that criminals too, make regular use of them.  So, to ensure the integrity of this ecosystem and prevent its penetration by crime, the industry must raise the level of its game on the compliance front.

That includes strict compliance with money services business regulations and anti-money laundering statutes.  I understand that you have heard from our partners at FinCEN this morning about our collaborative efforts to investigate and enforce anti-money laundering laws, and you’ll also hear more from Katie Haun this afternoon about the investigation of the virtual currency business Ripple Labs, which operated an unlicensed money transmitting business.

Ripple sold a virtual currency called “XRP,” but failed for a time to register with FinCEN as a money service business and failed to establish and maintain appropriate anti-money laundering protections.  Importantly, the department resolved this investigation after Ripple agreed to a number of substantial remedial measures.  This includes cooperation in other ongoing investigations, a change in business model and oversight by independent auditors, an extensive look-back through their previous activities and development of an extensive compliance framework.

The resolution with Ripple Labs underscores the importance of having a strong compliance program to ensure adherence to the law.  Virtual currency exchangers and other marketplace actors comprise the front line of defense against money laundering and other financial crime.  Robust compliance programs, such as those imposed on Ripple Labs, are essential to keeping crime out of our financial system.  If a money services business finds itself subject to a criminal investigation, we will look, as we do in all cases involving potential prosecution of a business entity, at the factors set forth in the Principles of Prosecution of Business Organizations, or Filip Factors.  Two of the Filip Factors in particular, the existence of an effective and well-designed compliance program and a company’s remedial actions, including steps to improve upon an existing compliance regime, are explicitly set forth as factors prosecutors should consider.

As you know, there is no “one-size-fits-all” compliance program.  Rather, effective anti-money laundering and other compliance programs must be tailored to meet the circumstances, size, structure and risks encountered by each entity.  And virtual currencies, with their perceived anonymity, pose compliance risks that money transmitters such as Western Union do not face. Industry participants must address those risks, even when it may be costly to do so.

Just as in any other corporate investigation, when reviewing the conduct of, for example, an exchange, the department will examine whether a company has meaningfully addressed compliance.  We have resolved cases against many financial institutions and other entities, and are deeply familiar with hallmarks of a genuine compliance program.

We expect virtual currency businesses to take compliance risk as seriously as they take any other business risk.  Now, we recognize that new entrants in emerging fields may find that compliance requires a significant expenditure of resources, and we will be context-specific in analyzing appropriate compliance frameworks including consideration of the size and scope of the business.  But a real commitment to compliance is a must, particularly given the significant risks in the virtual currency market.  In the long run, investment in effective compliance programs will be well worth it, especially in the event that a company has to interact with law enforcement.

In many ways, I think that is a message that everybody gathered here today can appreciate.  As the virtual currency markets attempt to move past their association with the Silk Roads and Liberty Reserves of the online world, are used to finance legitimate activity, and are becoming increasingly subject to regulation, robust compliance with existing anti-money laundering laws and regulations is necessary – indeed, critical – to bolster the reliability and value of virtual currency.

The challenges posed by the cases I’ve described are not unique to the virtual currency world.  Indeed, these dark web criminals are merely using new tools to conduct the same old crimes, committing what is essentially street crime like drug trafficking and extortion, but over computer networks.

For those investors, exchanges and compliance officers who deal in virtual currency, compliance is of paramount importance.  Adherence to regulations and state license requirements can reduce the liability of corporations who invest or deal in virtual currency.  As seen with Ripple Labs, compliance and remediation can lead to a more favorable resolution of criminal investigations and adhering to anti-money laundering guidelines allows the legitimate use of virtual currency to grow and be responsive to infiltration and abuse by criminal elements.  While the department will aggressively investigate and prosecute criminal activity that is funded through virtual currency, money services businesses that fall under the department’s scrutiny can also receive credit for meaningful and sincere compliance efforts.

 Your compliance and cooperation will make it more difficult for those who seek to operate illicit and underground marketplaces and will be a key element for law enforcement to shed light on these illegal virtual currency transactions.  It also will help to ensure the continued viability of virtual currency systems in the future.

Thank you for the opportunity to address this year’s National Institute on Bitcoin and Other Virtual Currencies.

Saturday, December 6, 2014

ASSISTANT AG CALDWELL MAKES SPEECH AT CYBERCRIME 2020 SYMPOSIUM

FROM:  U.S. JUSTICE DEPARTMENT 
Assistant Attorney General Leslie R. Caldwell Speaks at Cybercrime 2020 Symposium
Washington, DCUnited States ~ Thursday, December 4, 2014

Good morning and welcome to the Criminal Division’s inaugural symposium on cybercrime.  Before we start, I would like to thank Dean Treanor and the Georgetown Law Center for being such gracious partners in planning and holding this event.  

I would also like to thank the moderators and panelists for traveling from across the country to contribute their expertise to today’s discussions.  We have assembled an impressive array of experts from the private sector, academia, privacy groups, and all three branches of government, and I am looking forward to the diverse perspectives they will be sharing with us today.

A special welcome and thanks to Troels Orting, our keynote speaker, who has traveled the farthest to be with us today.  Troels is the Director of Europol’s European Cybercrime Center or “EC3,” which is headquartered at the Hague in the Netherlands.  In recent months, the Criminal Division, U.S. Attorneys’ Offices, federal investigators, and private companies have executed some of the most elaborate law enforcement operations ever attempted in the cybercrime arena.  Troels and EC3 have been instrumental to the success of those operations.

You’ll hear more about that in a moment, but I wanted to make sure I expressed my personal appreciation to him and EC3.  I believe that such robust cooperation within the international law enforcement community is the necessary future of cybercrime investigations.  I anticipate that the Department of Justice and EC3 will be allies for years to come.

Today’s symposium is focused on the future of technology and online crime, so I expect that you will be hearing a lot about “change” and “evolution.”  I want to briefly discuss the state of affairs today, and how I see cybercrime evolving over the coming years.

I also want to take this opportunity to talk about changes within the Criminal Division and our evolving efforts to deter, investigate, and prosecute cyber criminals and to protect the country’s computer networks from cyber threats in the first instance.

In that regard, I will highlight two ways in which we are addressing the growing threat:

First, we are mounting increasingly innovative and cooperative, international law enforcement operations to disrupt cyber criminal organizations across the globe;

Second, we are increasing our efforts to prevent cyber attacks by providing resources for our public and private partners to enhance cyber security across the board.  In furtherance of this effort, we are creating a dedicated Cybersecurity Unit within the Criminal Division, which I will discuss more in a moment.

As I mentioned, I will start with a few words about the Internet and technology, how they are influencing the crimes we see today, and how we anticipate they will shape the crimes of tomorrow.

By now it has become obvious not only to those of us who gather at events like this but to the entire world:  the Internet and related technologies have changed the way we work, play, and live.  Everyone in this room is carrying a cell phone, tablet, or some other device that is connected to the Internet right now.  The vast majority of Americans have made technology part of their everyday lives.

This boom in Internet-driven technology brings with it new opportunities for innovation, productivity, and entertainment.  It is helping people connect locally and globally through email, social networking, and various other forms of communication.  It is helping our businesses compete in expanding markets.  It is giving us ready access to a seemingly endless stream of information, resources, and services unlike anything that preceded it.  From big companies to tiny start-ups, innovation is taking place around the world at a dizzying pace.

Unfortunately, there is also a flip side to these advances.  A tool that has become so vital to families, consumers, businesses, and governments was also bound to become a target for criminals.  Not surprisingly, cyber criminals are taking advantage of the same advances in technology to perpetrate more complex and extensive crimes.  Indeed, according to data from the 2013 Norton Report, there will be more than 14,000 additional victims of online crime by the time I have finished this speech.

For the foreseeable future, cybercrime will increase in both volume and sophistication.  By exploiting technology, the most skilled cyber criminals will be capable of committing crimes on a scale that will result in more lost data, greater damage to the security of networks, and greater risk to Internet users.  We are already getting glimpses of this new criminal tide.

Last year, two cyber intrusions targeting the banking system inflicted $45 million in losses on the global financial system in a matter of hours.  Let me emphasize, that figure is not a speculative estimate or a projection.  That is the sum total of money that the perpetrators withdrew from banks around the world by breaking into bank computers and removing limits on the amount of money they could withdraw from ATM machines.  That crime dwarfed the biggest bank heists in U.S. history several times over, and the masterminds never had to worry about security guards, dye-packs, or silent alarms.  In fact, they never had to leave home.

Our dependence on technology is also ushering in a new era of online breaches.  Ever larger networks are processing more consumer data in an effort to make our purchases simpler and less time consuming.  These networks transmit vast amounts of personal and financial data, and enterprising hackers are targeting them to produce data breaches that dwarf anything we’ve seen before.  Individual breaches regularly put at risk the financial information of tens of millions of consumers.  This threatens consumer confidence and has devastating consequences for companies who have fallen victim.  

We have also witnessed the rise of another type of intrusion that causes harms less simple to quantify.  Rather than stealing money or valuable financial data, these breaches have robbed people of their privacy.  Some hackers have become virtual home invaders, using malware to tap into personal webcams located in homes around the world so they can spy on our most intimate moments.  Other hackers have broken into online storage accounts and personal devices to snatch personal photos or communications for money or prurient thrills.

So, how is the Department responding to these new types of online threats and challenges?  In the case of the $45 million dollar cyber heist I mentioned, we were able to promptly find, arrest and prosecute some of those responsible.  Thus far, 13 defendants have been convicted for their participation in the scheme.  The Criminal Division and U.S. Attorneys’ Offices are bringing the lessons of this successful prosecution and others to the investigations of recent breaches that have been in the news.

While arrests and prosecutions are our primary goal, we recognize that it is increasingly common for sophisticated cyber criminals to base themselves overseas in countries where they are not so easily reached.  Consequently, we have adjusted our tactics in two significant ways.  We are engaging in larger, international law enforcement operations to target criminals around the globe.  And, we are acting up front to stop the harm that these cyber criminals are causing, even before we can get them into custody.  A prime example of this has been our approach to “botnets.”

“Botnets” are networks of computers that have been secretly infected by malware and controlled by criminals.  Some botnets are millions of computers strong.  Once created, they can be used without a computer owner’s knowledge to engage in a variety of criminal activities, including siphoning off personal and financial data, conducting disruptive cyber attacks, and distributing malware to infect other computers.

One particularly destructive botnet—called Gameover Zeus—was used by criminals to steal millions of dollars from businesses and consumers and to extort additional millions of dollars in a “ransomware” scheme.  Ransomware is malware that secretly encrypts your hard drive and then demands payments to restore access to your own files and data.  Ransomware called “Cryptolocker” was distributed through the Gameover Zeus Botnet, which infected hundreds of thousands of computers, approximately half of which were located in the United States.  It generated more than $27 million in ransom payments for its creators, including Russian hacker Evgeniy Bogachev, in just the first two months after it emerged.

But through carefully choreographed international law enforcement coordination, we not only identified and obtained a 14-count indictment against Bogachev, but also obtained injunctions and court orders to dismantle the network of computers he used to orchestrate his scheme.  The Justice Department, U.S. law enforcement, numerous private sector partners, and foreign partners in more than 10 countries, as well as EC3, mounted court-authorized operations that allowed us to wrest control of the botnet away from the criminals, disable it, and start to repair the damage it caused.

This afternoon, you will hear from David Hickton, the U.S. Attorney for the Western District of Pennsylvania, whose office worked with CCIPS to spearhead this effort.  This case serves as a model of both international cooperation and our ability to mitigate the damage caused by cyber criminals even before making an arrest.

In another international operation, just a few weeks ago, we targeted so-called “dark market” websites selling illegal goods and services online.  These websites were operating on the “Tor” network, a special network of computers on the Internet designed to conceal the locations of individuals who use it.  The websites we targeted traded in illegal narcotics; firearms; stolen credit card data; counterfeit currency; fake passports and other identification documents; and computer-hacking tools and services.  Using court-authorized legal process and mutual legal assistance treaty requests, the Department, the FBI, and international partners from approximately 16 foreign nations working under the umbrella of EC3 seized over 400 Tor addresses associated with dozens of websites, as well as multiple computer servers hosting these websites.

Once again, international cooperation among the world’s law enforcement agencies was pivotal to the success of this global operation.  And, once again, we were able to disrupt cybercrime in manners other than traditional arrest and prosecution.

In addition to undertaking these innovative international operations and takedowns, the Criminal Division is also re-orienting itself to better address the complex nature of cyber threats on multiple fronts.

High-tech crimes are not new to the Criminal Division.  We have been investigating and prosecuting computer crimes since the Division created the Computer Crime and Intellectual Property Section, or “CCIPS,” in 1996.  As I have already described, CCIPS prosecutors have led complex computer crimes investigations for years, and this work will continue.

Through CCIPS, the Criminal Division has also supported and expanded our U.S. Attorneys’ Offices’ expertise and capacity to tackle the most complex cybercrimes.  CCIPS has worked over the last 12 years to build the Computer Hacking and Intellectual Property or “CHIP” Network with U.S. Attorneys’ Offices across the nation, which is now over 270 prosecutors strong.  That network has fostered a close partnership between CCIPS and the U.S. Attorneys’ Offices in addressing the nation’s most sophisticated computer crimes.  In addition, over the last two years, the CHIP Network was used as the model for the National Security Cyber Specialists’ network, a partnership among the National Security Division, the U.S. Attorneys’ Offices, and CCIPS that focuses on cyber threats to national security.

As the threats increase daily, however, I want to make sure that cyber security is receiving the dedicated attention it requires.  It is important that we address cyber threats on multiple fronts, with both a robust enforcement strategy as well as a broad prevention strategy.  I am, therefore, announcing today the creation of the Cybersecurity Unit within CCIPS.  The Cybersecurity Unit will have responsibility on behalf of the Criminal Division for a variety of efforts we are undertaking to enhance public and private cyber security efforts.

Given the growing complexity and volume of cyber attacks, as well as the intricate rubric of laws and investigatory tools needed to thwart the attacks, the Cybersecurity Unit will play an important role in this field.  Prosecutors from the Cybersecurity Unit will provide a central hub for expert advice and legal guidance regarding the criminal electronic surveillance statutes for both U.S. and international law enforcement conducting complex cyber investigations to ensure that the powerful law enforcement tools are effectively used to bring the perpetrators to justice while also protecting the privacy of every day Americans.  The Cybersecurity Unit will work hand-in-hand with law enforcement and will also work with private sector partners and Congress.  This new unit will strive to ensure that the advancing cyber security legislation is shaped to most effectively protect our nation’s computer networks and individual victims from cyber attacks.

As you know, the private sector has proved to be an increasingly important partner in our fight against all types of online crime, but particularly cyber security-related matters.  Prosecutors from the Cybersecurity Unit will be engaging in extensive outreach to facilitate cooperative relationships with our private sector partners.  This is a fight that the government cannot and will not wage alone.

As just one example of the kind of outreach we can do, earlier this year, we heard concerns expressed by communications service providers about uncertainty over whether the Electronic Communications Privacy Act prohibits sharing certain cyber threat information.  This uncertainty limited the lawful sharing of information that could better protect networks from cyber threats.  In response, we produced a white paper in May to address these concerns and publicly released our analysis of the issue.  We will continue to engage in this open dialogue about emerging issues and to clear roadblocks like this one.

Finally, we will be engaging with the public at-large about cyber security issues.  Over the past several years, but especially this past year, I have noticed a growing public distrust of law enforcement surveillance and high-tech investigative techniques.  This kind of mistrust can hamper investigations and cyber security efforts.  Most of this mistrust, however, comes from misconceptions about the technical abilities of the law enforcement tools and the manners in which they are used.  I hope to engage the public directly on these issues and to allay concerns.

CCIPS already plays an important role in this regard, and I expect that to expand with the Cybersecurity Unit.  CCIPS’s manuals on laws governing searching and seizing computers, electronic surveillance, and prosecuting computer crimes are probably the most comprehensive materials on those topics you will find anywhere.  To ensure transparency and wide access to this helpful information, those manuals are publicly available on CCIPS’s website, cybercrime.gov.  

I would like to start the public dialogue, however, by briefly addressing an overarching misconception:  the apparent belief that privacy and civil liberties are afterthoughts to criminal investigators.  In fact, almost every decision we make during an investigation requires us to weigh the effect on privacy and civil liberties, and we take that responsibility seriously.  Privacy concerns are not just tacked onto our investigations, they are baked in.  Privacy concerns are in the laws that set the ground rules for us to follow; the Departmental policies that govern our investigative and prosecutorial conduct; the accountability we must embrace when we present our evidence to a judge, a jury, and the public in an open courtroom; and in the proud culture of the Department.

We not only carefully consider privacy implications throughout our investigations, but we also dedicate significant resources to protecting the privacy of Americans from hackers who steal our financial and credit card information, online predators that stalk and exploit our children, and cyber thieves who steal the trade secrets of innovative American entrepreneurs.  As just an example our efforts, we recently announced the conviction of a Danish citizen who marketed and sold StealthGenie, a spyware application or “app” that could remotely monitor calls, texts, videos and other communications on mobile phones without detection.  This app was marketed to individuals who wanted to spy on spouses and lovers suspected of infidelity.

Additionally, earlier this year, the FBI and the U.S. Attorney for the Southern District of New York announced charges against the owner of “Blackshades,” which sold the Blackshades Remote Access Tool.  EC3 again played a substantial role in this worldwide takedown, which resulted in the arrests of more than 90 people across the globe.  The Blackshades tool was used by hackers to gain access to victims’ personal computers to secretly steal files and account information, browse personal photos, and even to monitor the victims through their own webcams.  This software tool illustrates one of the scariest capabilities of hackers to date, as the Blackshades product or a similar tool was used by one hacker to secretly capture naked photos of teens and young women, including Miss Teen USA.  The hacker then used the photos to extort his victims—with threats that he would post the photos on the Internet—into sending additional nude photos and videos.

These are just two examples of our work to investigate and prosecute criminals who invade the privacy of unsuspecting citizens.  We hope that continuing to host symposiums like this one—and other outreach efforts—will help combat misconceptions about the Department’s efforts to protect the privacy of Americans.  Outreach allows us to participate in the growing public debate about evolving technology.  The open debate will benefit from the information that we can contribute about how technology is being used by criminals, how we are leveraging technology to investigate and disrupt criminal activity, and how technology can be leveraged in the public and private sectors to enhance cyber security.  Without that information, misconceptions and inaccuracies can take root and hamper enforcement efforts as well as cyber security programs.

Georgetown and the Department designed today’s event to bring diverse viewpoints together.  Our aim is to make sure that a range of perspectives are presented.  Of course, there will be limits to what Department representatives can publicly discuss for a variety of reasons, including the potential of harming an ongoing investigation, the need to protect individuals who are the subjects of investigations, and statutory and Departmental restrictions on disclosure of certain information.  Regardless, we are excited to add our voice to the debate and grateful to Georgetown and to all of you for supporting this event.  We hope it will be the first of many.

Thank you.

Wednesday, July 16, 2014

ASSISTANT AG CALDWELL TESTIFIES BEFORE SENATE COMMITTEE ON "BOTNET" THREAT

FROM:  U.S. JUSTICE DEPARTMENT 
Assistant Attorney General Leslie R. Caldwell Testifies Before the Senate Committee on the Judiciary Subcommittee on Crime and Terrorism
Washington, D.C. ~ Tuesday, July 15, 2014

Good afternoon, Chairman Whitehouse, Ranking Member Graham, and Members of the Subcommittee.  Thank you for the opportunity to appear before the Subcommittee today to discuss the Department of Justice’s fight against botnets.  I also particularly want to thank the Chair for holding this hearing and for his continued leadership on this important issue.

The threat from botnets—networks of victim computers surreptitiously infected with malicious software, or “malware,” that are controlled by an individual criminal or an organized criminal group—has increased dramatically over the past several years.  The computers of American citizens and businesses are, as we speak, under attack by individual hackers and organized criminal groups using state-of-the-art techniques seemingly drawn straight from a science fiction movie.  Unfortunately, this cybercrime wave is all too real.  Botnet attacks are intended to undermine Americans’ privacy and steal from unsuspecting victims.  If left unchecked, they will succeed.

The Department of Justice, working through highly trained prosecutors and Federal Bureau of Investigation (FBI) agents, recognizes this threat, and is working day and night to protect our citizens, our national security interests, and our businesses.  We responsibly employ the investigative and remedial tools Congress has given us, and we leverage our strengths by teaming up with partners across the federal government and, where appropriate, in the private sector and foreign law enforcement.  As in the recent disruption of the Gameover Zeus botnet, which I will discuss more later, we find ourselves matched against increasingly sophisticated cyber criminals, and must evolve our tools and tactics minute-by-minute to prevent further harm to innocent victims.

Our successful effort to suppress the Gameover Zeus botnet should remind us that those who use botnets to cause harm are increasing in number and sophistication, and we cannot expect continued success if we merely rest on our laurels.  The Department is armed with the laws and resources that we have been granted, but those tools must be updated and enhanced.  If we want to remain effective in protecting our citizens and businesses, our laws and our resources must keep pace with the tactics and numbers of our adversaries.  Our adversaries are always adapting.  So must we.  In my testimony, I will outline several legislative proposals that will assist the Department in its efforts to counter the threat posed by botnets.  Finally, I will outline our resource needs—in particular the need for additional specialized criminal prosecutors.

Current DOJ Anti-Botnet Activities

Cybercrime overall has increased dramatically over the last decade, and caused enormous financial damage and innumerable invasions of Americans’ privacy.  The advances in computing technology that have powered our economy have also empowered those who seek to do us harm.  Today, cyber criminals can steal personal and financial information from tens of millions of citizens in a single breach.  To be sure, thefts of such information were committed long before the digital revolution.  But stealing ten million credit card numbers previously would have required burglarizing thousands of stores, whereas now it can be done from a basement with a laptop.  And some crimes have been uniquely adapted in the digital age.  For example, in a new, disturbing twist on extortion, hackers have secretly activated the cameras on victims’ laptop computers, taken compromising pictures or videos, and demanded payments not to expose those pictures or videos to the public.  All the while, technological advances, including advances designed to protect privacy, such as anonymizing software and encryption, are being used to frustrate criminal or civil investigations and, perversely, protect the wrongdoers.  Our cyber crimefighters must be equipped with the tools and expertise to compete with and overcome our adversaries.

Over the same time period, botnets have emerged as a major threat.  Sometimes called “botmasters” or “botherders,” cyber criminals who control botnets can use advances in communications technology to take control of thousands, or even hundreds of thousands, of victim computers, or “bots.”  They can then command the computers they control to, for example, deluge an internet site with junk data, overwhelming it and knocking it offline.  They may conduct such distributed denial-of-service (DDOS) attacks out of malice, as ideological attacks on those with whom they disagree, or even as a paid service to other criminals.  They can also use the infected bots to steal banking credentials, credit card numbers, and other financial information.  They can use them to send spam—email messages that range from advertising for illegal and dangerous pharmaceutical products, to fraud schemes aimed at artificially inflating the price of stocks, to “phishing” messages that gather sensitive information.  Moreover, cybercriminals can use botnets to engage in other online crime by using their networks of infected computers as “proxies.”  This activity allows such criminals to conceal their identity and location while they commit crimes that range from fraud and theft of data to drug dealing and the sexual exploitation of children.

Botnets pose a threat to the United States, our citizens, and our businesses that must not be underestimated.  By hijacking numerous victims’ identities, credit cards, and bank accounts, criminal groups already have stolen hundreds of millions of dollars.  And every day cyber criminals violate the privacy of Americans on a staggering scale, by stealing financial information, personally identifiable information, login credentials, and other information from victims who often do not even realize their computers have been compromised.  Because botnets can be so lucrative, their designers use sophisticated code, locate their servers in countries around the world, and employ the latest in encryption methods—all designed to frustrate personal and corporate cybersecurity efforts, and to prevent law enforcement from responding effectively.  Indeed, recent cases and ongoing investigations reveal that botnets are used by criminals halfway around the world to commit crimes of a scope and sophistication that was difficult to imagine only a few years ago.

To counter this significant and complex threat, the Justice Department is vigorously responding to botnets and other cybercrimes through the tenacious work of the Criminal Division’s Computer Crime and Intellectual Property Section, also known as CCIPS, and the Computer Hacking and Intellectual Property Coordinators and National Security Cyber Specialists in U.S. Attorneys’ Offices across the country.  These prosecutors, along with colleagues in the National Security Division (NSD), form a network of almost 300 Justice Department cybercrime prosecutors.  In addition, the FBI has made combating cyber threats one of its top national priorities, working through Cyber Task Forces in each of its 56 field offices and continuing to strengthen the National Cyber Investigative Joint Task Force.  The FBI has also moved aggressively to counter the botnet threat through Operation Clean Slate, a major FBI initiative designed to identify and eliminate the most significant criminal botnets.  The United States Secret Service also focuses on cyber threats to financial networks and the personal financial information of Americans.  Through a network of 35 Electronic Crimes Task Forces across the country and in key foreign countries, Secret Service investigations have resulted in the arrest and successful prosecution of the criminals responsible for some of the largest data breaches.  U.S. Immigration and Customs Enforcement, Homeland Security Investigations (HSI), through the HSI Cyber Crimes Center (C3), has also dedicated significant resources to equip its Special Agents with the tools and knowledge necessary to combat transnational cybercrime.

The Department’s response to botnets takes two tracks, often at the same time.  First, whenever possible, we seek to arrest, prosecute, and incarcerate the criminals who use botnets to victimize Americans.  For example, in January 2014, Aleksandr Andreevich Panin, a Russian national, pled guilty in federal court in Atlanta, Georgia to conspiracy to commit wire and bank fraud for his role as the primary developer and distributor of the malicious software known as “SpyEye.”  According to industry estimates, SpyEye has infected over 1.4 million computers in the United States and abroad.  SpyEye secretly infected victims’ computers and enabled cyber criminals to remotely control them through command and control servers.  Designed to automate the theft of confidential personal and financial information, such as online banking credentials, credit card information, usernames, passwords, PINs, and other personally identifying information, SpyEye was the preeminent malware toolkit used from approximately 2009 to 2011.  Panin sold versions of the SpyEye virus to other criminals for prices ranging from $1,000 to $8,500.  Panin is believed to have sold the SpyEye virus to at least 150 “clients” who, in turn, used it to set up their own botnets.  One of Panin’s clients alone was reported to have stolen over $3.2 million in a six-month period using SpyEye.  Panin is awaiting sentencing, and four of his clients and associates were arrested by foreign law enforcement agencies.

Similarly, in federal court in New York in May 2014, Michael Hogue pled guilty, and an indictment was unsealed against Alex Yucel, in connection with their development of a particularly insidious piece of computer malware known as Blackshades.  This malware was sold and distributed to thousands of people in more than 100 countries and was used to infect more than half a million computers worldwide.  Once installed on a computer, the malware could collect the user’s financial information and even turn on the computer’s camera to spy on the unsuspecting user.  An individual who helped market and sell the malware and two Blackshades users who bought the malware and then unleashed it upon unsuspecting computer users were also charged and arrested in the U.S.  The charges and guilty plea were part of a law enforcement operation involving 18 other countries.  More than 90 arrests have been made so far, and more than 300 searches have been conducted worldwide.  

Arresting and convicting key players can disrupt criminal enterprises, but such actions are not always sufficient to counter the threat, particularly given the transnational nature of cybercrime.  They also will not always remedy the harm caused by a botnet.  Accordingly, the Department has pursued a second approach to botnets:  the use of seizures, forfeitures, restraining orders, and other civil and criminal legal process to dismantle criminal infrastructure.  In cases such as Gameover Zeus, Blackshades, and a 2011 case involving the Coreflood botnet, the Department used these legal authorities, with judicial authorization and oversight, to wrest domains and servers from cyber criminals’ control, prevent infected computers from communicating with the criminals’ command and control infrastructure, and liberate hundreds of thousands of computers.

In May of this year, CCIPS, the United States Attorney for the Western District of Pennsylvania, and the FBI, in partnership with other federal and private-sector organizations, disrupted a botnet that illustrates the magnitude of the threat.  Before it was disrupted, the Gameover Zeus botnet was widely regarded as the most sophisticated criminal botnet in existence.  One common and sinister method used by Gameover Zeus was a “man-in-the-middle” attack, in which victims trying to access websites for purposes such as online banking were tricked into entering login credentials, passwords, and other personal information that communicated that information to criminals at the same time they were passed onto their destination.  With the click of a mouse, the botmasters then used this stolen information to rob small businesses, hospitals, and other victims, transferring funds from victim accounts to their own accounts.  From September 2011 through May 2014, Gameover Zeus infected between 500,000 and 1 million computers and caused more than $100 million in financial losses.  In one case alone, nearly $7 million was fraudulently transferred from a regional bank.  Other victims included an Indian tribe, a corporation operating assisted living facilities, and a composite materials company.

Gameover Zeus was also used to install Cryptolocker—a type of malware known as “ransomware”—on infected computers.  Cryptolocker enabled cyber criminals to encrypt key files on the infected computers.  Victims then saw a splash screen on their computer monitors, telling them that their files were encrypted and that they had three days to pay a ransom, usually between about $300 and $750, if they wanted to receive the decryption key.  The victims found themselves confronted with the loss of critical data, such as family photographs or essential business records.  In the short period between its emergence in mid-to-late 2013 and the disruption action in May 2014, the Cryptolocker malware infected more than 260,000 computers worldwide.  Many victims simply paid the ransom that was demanded of them.  These victims included the police department of Swansea, Massachusetts, which paid approximately $750 to recover its investigative files and arrest photographs.  Others refused to pay the ransom and tried to defeat the malware.  A Pittsburgh insurance company was eventually able to restore data from a backup, but only after incurring an estimated $70,000 in losses and sending employees home during remediation.  A Florida company lost critical files, which resulted in an estimated $30,000 in loss.  And a North Carolina business, whose main files and backup were both encrypted, lost its critical files despite engaging a computer forensics firm to try to restore its access.  That company has lost about $80,000, and the owner told the FBI that he may have to lay off employees as a result.

Disrupting and mitigating these threats requires determination, technical skill, and creativity.  In response to previous efforts to disable botnets, the creators of the Gameover Zeus botnet designed a novel and resilient structure, including three distinct layers of command and control infrastructure that rendered the botnet particularly difficult to overcome.  The Department’s successful disruption began with a complex international investigation conducted in close partnership with the private sector.  It continued through the Department’s use of an inventive combination of criminal and civil legal process to obtain authorization to stop infected computers from communicating with each other and with other servers around the world.  The operation simultaneously targeted all three command and control layers of Gameover Zeus, and stopped Cryptolocker from encrypting additional computers.  The investigation and court-authorized operation ultimately permitted the team not only to identify and charge one of the leading perpetrators, but also to stop the botnet and ransomware from functioning.  Moreover, the FBI was able to identify victims and, working with the Department of Homeland Security, foreign governments, and private-sector partners, facilitate the removal of malware from many victim computers.  Disclosure to, and engagement with, the public was critical to this remediation effort.  DOJ and DHS released a technical alert to raise awareness of the botnet and lay out resources available to help affected entities minimize the damage.

I cannot emphasize enough the importance to our anti-botnet efforts of the cooperation of foreign governments and our U.S. government and private-sector partners.  In every case I have mentioned, foreign law enforcement services took carefully coordinated steps worldwide to disrupt the scheme and investigate the offenders, by seizing servers, interviewing subjects, making arrests, and providing evidence to U.S. investigators.  The Department has devoted substantial resources to building the relationships with foreign law enforcement partners that made these coordinated efforts possible.  The FBI, for example, maintains more than 60 legal attachés in embassies around the world.  The Criminal Division’s Office of International Affairs provides immeasurable legal support to evidence collection and extradition.  CCIPS conducts training programs to help our allies develop cyber laws, and our federal law enforcement partners work to improve investigative capacities.  Due in large part to our extensive engagement with, and training of, foreign criminal prosecutors and law enforcement officers, we have developed highly productive international relationships that are critical to the success of our investigations and prosecutions.

One factor has harmed our relationships with foreign law enforcement agencies, however:  our inability to rapidly respond to foreign requests for electronic evidence located in the United States.  Our capacity to do so simply has not kept up with the demand.  The President’s budget for fiscal year 2015 requests additional prosecutors, together with support personnel, to be assigned to the Criminal Division and to United States Attorneys’ Offices to streamline and facilitate the process of handling Mutual Legal Assistance Treaty (MLAT) requests between the United States and its law enforcement partners around the world.  The FY 2015 request, if granted, will enable the Department to meet the Administration’s commitment to cut MLAT response times in half by the end of 2015 and reduce the amount of time to comply with legally sufficient requests to a matter of weeks, as well as to strengthen the Department’s relationships with our foreign law enforcement partners, particularly in regard to cyber investigations.

Like the value of our relationships with foreign law enforcement, the expertise, dedication, and cooperation of private-sector entities have been crucial to our success.  For example, security researchers develop highly specialized expertise in particular botnets and help develop countermeasures that match the botnets in sophistication.  Their technical contributions are truly astounding.  Private-sector companies also serve a critical function when they notify victims that their computers have been compromised and supply the tools needed to clean up those computers.  Because the vast majority of the internet is owned and operated by the private sector, we simply could not conduct anti-botnet operations without the firm commitment of network service providers to protecting their customers.

Proposals to Enhance Anti-Botnet and other Cyber Capabilities

The Department is dedicated to using innovative means to target increasingly complex botnet threats as they emerge.  But there is a lot more work to be done, and we ask that Congress continue its support of these critical efforts.  I would like to highlight some of the Department’s legislative and budgetary proposals that would enhance our ability to identify botnet perpetrators, bring them to justice, disrupt their criminal enterprises, and protect the security, privacy, and property of Americans.

Department prosecutors rely on criminal statutes to bring cyber criminals to justice and to halt their criminal activity.  One of the most important of these laws is the Computer Fraud and Abuse Act, also called the “CFAA.”  The CFAA is the primary Federal law against hacking.  It protects the public against criminals who hack into computers to steal information, install malware, and delete files.  The CFAA, in short, reflects our shared baseline expectation that people are entitled to have control over their own computers and are entitled to trust that the information they store in their computers remains safe.

The CFAA was first enacted in 1986, at a time when the problem of cybercrime was still in its infancy.  Over the years, a series of measured, modest changes have been made to the CFAA to reflect new technologies and means of committing crimes and to equip law enforcement with tools to respond to changing threats.  But the CFAA has not been amended since 2008, and the intervening years have again created the need for the enactment of modest, incremental changes.  The Administration’s May 2011 legislative proposal proposed revisions to keep Federal criminal law up to date.  We continue to support changes like these that will keep up with rapidly evolving technologies and uses.

In addition, our investigations of those responsible for creating and using botnets and our efforts to disrupt botnets rely substantially on the availability of legal investigative process pursuant to the Electronic Communications Privacy Act (“ECPA”).  ECPA governs the Department’s access to much of the electronic evidence necessary to investigate botnets, hold perpetrators accountable, and develop methods to free unsuspecting victims.  It is essential to the success of our anti-botnet initiatives, and to our efforts against cybercrime as a whole, that the government maintain the ability to obtain relevant electronic evidence in a responsible, timely and effective manner.

Selling Access to Botnets

In the years since 2011, experience has revealed additional shortcomings in the criminal law.  For example, while botnets can be used for various nefarious purposes, including theft of personal or financial information, the dissemination of spam, and DDOS attacks, the creators and operators of botnets do not always commit those crimes themselves.  Frequently they sell, or even rent, access to the infected computers to others.  The CFAA does not clearly cover such trafficking in access to botnets, even though trafficking in infected computers is clearly illegitimate, and can be essential to furthering other criminal activity.  We thus propose that section 1030(a)(6) of the CFAA be amended to cover trafficking in access to botnets.

In addition, section 1030(a)(6) presently requires proof of an intent to commit a financial fraud.  Such intent is often difficult—if not impossible—to prove because the traffickers of unauthorized access to computers often have a wrongful purpose other than the commission of fraud.  Indeed, sometimes they may not know or care why their customers are seeking unauthorized access to other people’s computers.  This reality has made it more challenging in many cases for our prosecutors to identify a provable offense, even when we can establish beyond a reasonable doubt that individuals are selling access to thousands of infected computers.  We therefore recommend that Congress amend section 1030(a)(6) of the CFAA to address this shortcoming.

Enhancing Judicial Authority to Disrupt Botnets and other Malware

Under current law, two federal statutes, 18 U.S.C. §§ 1345 & 2521, give the Attorney General the authority to bring civil suits against defendants who are engaged in or “about to” engage in wiretapping or the violation of specified fraud crimes. [1]   See 18 U.S.C. §§ 1345(a), 2521.  The court is then empowered to enjoin the violation, “or take such other action, as is warranted to prevent a continuing and substantial injury to the United States or to any person or class of persons for whose protection the action is brought.”  18 U.S.C. § 1345(b); see also 18 U.S.C. § 2521.  Due process is ensured by the balancing test applied by the court to determine whether an injunction is appropriate and by the applicable Federal Rules of Civil Procedure.

These authorities played a prominent role in the Department’s successful disruptions of the Coreflood botnet in 2011 and the Gameover Zeus botnet in 2014.  These botnets collected online financial account information as it was transmitted from infected computers, thus violating the Wiretap Act, and the criminals used their access to steal from victims’ bank accounts, which constitutes wire and bank fraud.  Because these botnets violated statutes against fraud and wiretapping, courts were authorized to issue orders under sections 1345 and 2521 that permitted the United States to take corrective action necessary to disrupt them.

No analogous statutory authority exists, however, for violations of the CFAA that do not involve fraud or the interception of communications.  As a result, the law does not provide a clear statutory remedy for the government to use against botnets or other types of malware that criminals employ for other purposes, such as DDOS attacks.  Similar to frauds and illegal wiretaps, these types of computer hacking—which are prohibited under section 1030—present serious threats that can cause severe and continuing damage as long as they persist.  We would welcome the opportunity to work with the Committee to ensure that the law appropriately addresses this challenge.

Criminalizing the Overseas Sale of Stolen U.S. Financial Information

To ensure that we can take action when cyber criminals acting overseas steal data from U.S. financial institutions, we also recommend a modification to what is known as the access device fraud statute, 18 U.S.C. § 1029.  One of the most common motivations for criminal hacking is to obtain financial information.  The access device fraud statute proscribes the unlawful possession and use of “access devices,” such as credit card numbers and devices such as credit card embossing machines.  Not only do lone individuals commit this crime, but, more and more, organized criminal enterprises have formed to commit such intrusions and to exploit the stolen data through fraud.

The Department of Justice recommends that the statute be expanded to enable prosecution of offenders based in foreign countries who directly and significantly harm United States financial institutions and citizens.  Currently, a criminal who trades in credit card information issued by a U.S. financial institution, but who otherwise does not take one of certain enumerated actions within the jurisdiction of the United States, cannot be prosecuted under section 1029(a)(3).  Such scenarios are not merely hypothetical.  United States law enforcement agencies have identified foreign-based individuals selling vast quantities of credit card numbers issued by U.S. financial institutions where there is no evidence that those criminals took a specific step within the United States to traffic in the data.  The United States has a compelling interest in prosecuting such individuals given the harm to U.S. financial institutions and American citizens, and the statute should be revised to cover this sort of criminal conduct.

Enhancing Resources to Combat Botnets and other Cyber Threats

This last May, the Department submitted to Congress a multiyear cyber threat strategic plan.  The report identified six strategic initiatives:

Ensure that all of DOJ's investigators and attorneys receive training on cybercrime and digital evidence.
Increase the number of digital forensic experts and the capacity of available digital forensic hardware.
Enhance DOJ's expertise in addressing complex cyber threats.
Improve information sharing efforts with the private sector.
Expand and strengthen relationships with international law enforcement and criminal justice partners on cybercrime to enhance the sharing of electronic evidence.
Enhance capacity in the area of cyber policy development and associated legislative work.
The plan repeatedly highlighted the disruption of botnets as a key priority.  In order to properly address the threat of botnets and other cybercrimes, components across the Department, such as CCIPS, NSD, and the United States Attorneys’ Offices, need additional resources.

The Department confronts an increasing demand for its anti-cybercrime expertise.  CCIPS, for example, conducts its own prosecutions, receives requests for consultation of its attorneys or digital investigative analysts, provides advice to law enforcement agencies, engages with the private sector regarding the implementation of investigative authorities, and delivers domesic and international training.  This escalation in activity is due in part to the ever-expanding nature of the cyber threat.  Prosecutorial needs have also resulted from the expansion of investigative efforts, as the FBI has increased its resources in support of the Next Generation Cyber Initiative to enhance the technical capabilities of investigative personnel, increase cyber investigations, and improve cyber collection and analysis.

The Department would like to thank the Senate for its continued support of our national security-related cyber efforts, including fiscal year 2014 funding increases that are allowing the Department to hire more than a dozen additional national security cyber professionals, including attorneys, in furtherance of our efforts to combat cyber-based terrorism and nation state-sponsored cyber intrusions.  Just this summer, thanks in part to your support, those efforts yielded historic results, with the indictment of five members of the Chinese military on charges of cyber-based economic espionage.  Cyber threats to the national security continue to evolve, and to outpace our growth, but the Department is committed to following the facts and evidence where they lead to detect, deter, and disrupt them.  We look forward to continuing to work with you on this front.

Conclusion

I very much appreciate the opportunity to discuss with you the Department’s efforts to combat botnets.  We are committed to using all available tools to disrupt these networks and bring perpetrators to justice, as we seek to protect Americans’ security, privacy, and property.    
Thank you for the opportunity to discuss the Department’s work in this area, and I look forward to answering any questions you might have.

Saturday, April 12, 2014

FTC, DOJ ANTITRUST STATEMENT ON SHARING CYBERSECURITY INFORMATION

FROM:  FEDERAL TRADE COMMISSION 

FTC, DOJ Issue Antitrust Policy Statement on Sharing Cybersecurity Information

Sharing Cyber Threat Information Can Help Secure Nation’s Networks and Improve Efficiency; Properly Designed Sharing Not Likely to Raise Antitrust Concerns
The Federal Trade Commission and the Department of Justice today issued a policy statement on the sharing of cyber-security information that makes clear that properly designed cyber threat information sharing is not likely to raise antitrust concerns and can help secure the nation’s networks of information and resources. The policy statement provides the agencies’ analytical framework for information sharing among private entities and is designed to reduce uncertainty for those who want to share ways to prevent and combat cyberattacks.

“Because of the FTC’s long experience promoting data security, we understand the serious threat posed by cyberattacks,” said FTC Chairwoman Ramirez. “This statement should help private businesses by making it clear that antitrust laws do not stand in the way of legitimate sharing of cybersecurity threat information.”

“The Department of Justice is committed to doing all it can to protect the security of our nation’s networks.  Through the FBI and the National Security and Criminal Divisions, the department plays a critical role in preventing and prosecuting cybercrime,” said Deputy Attorney General James M. Cole.  “Private parties play a critical role in mitigating and responding to cyber threats, and this policy statement should encourage them to share cybersecurity information.”

“Cyber threats are increasing in number and sophistication, and sharing information about these threats, such as incident reports, indicators and threat signatures, is something companies can do to protect their information systems and help secure our nation’s infrastructure,” said Assistant Attorney General Bill Baer in charge of the Department of Justice’s Antitrust Division. “With proper safeguards in place, cyber threat information sharing can occur without posing competitive concerns.”

In the policy statement, the federal antitrust agencies recognize that the sharing of cyber threat information has the potential to improve the security, availability, integrity and efficiency of the nation’s information systems. The policy statement also emphasizes that the legitimate sharing of cyber threat information is very different from the sharing of competitively sensitive information such as current or future prices and output or business plans, which may raise antitrust concerns. Cyber threat information is typically technical in nature and covers a limited type of information, and disseminating that information appears unlikely to raise competitive concerns.

The joint Department of Justice/Federal Trade Commission “Antitrust Guidelines for Collaborations Among Competitors” provide an overview of the agencies’ analysis of information sharing as a general matter. The agencies consider whether the relevant agreement likely harms competition by increasing the ability or incentive to raise price above or reduce output, quality, service or innovation below what likely would prevail in the absence of the relevant agreement.

Previous antitrust analysis on cyber threat information sharing was issued in October 2000, when the Antitrust Division issued specific guidance in a business review letter to Electric Power Research Institute Inc. Under the Justice Department’s business review procedure, an organization may submit a proposed action to the Antitrust Division and receive a statement as to whether the division will challenge the action under the antitrust laws. In that letter, the Antitrust Division confirmed that it had no intention of taking enforcement action against the company’s proposal to exchange certain cyber-security information, including exchanging actual real-time cyber threat and attack information. In that matter, the division concluded that as long as the information exchanged was limited to physical and cyber-security issues, the proposed interdictions on price, purchasing and future product innovation discussions should be sufficient to avoid any threats to competition. The legal analysis in that matter remains current.

Wednesday, November 20, 2013

JOINT STATEMENT FOLLOWING EU-US JUSTICE AND HOME AFFAIRS MINISTERIAL MEETING

FROM:  U.S. JUSTICE DEPARTMENT 
Monday, November 18, 2013
Joint Statement Following the EU-US Justice and Home Affairs Ministerial Meeting

Attorney General Eric Holder and Acting Department of Homeland Security (DHS) Secretary Rand Beers today hosted an EU/U.S. Justice and Home Affairs Ministerial with their counterparts in the European Union: Lithuanian Minister of Justice Juozas Bernatonis and Lithuanian Vice Minister of Interior Elvinas Jankevicius representing the Lithuanian Presidency of the Council of the EU; Greek Minister of Justice, Transparency and Human Rights Charalampos Athanasiou representing the incoming Greek Presidency of the EU; and European Commission Vice President Viviane Reding and Commissioner Cecilia Malmström representing the EU Commission.

The U.S. and EU together released the following statement on the meeting:

“Our meeting was constructive and productive.  We discussed a broad array of issues critical to the European Union and the United States, including: addressing the problem of sexual abuse of children online; coordinating work on counter-terrorism and security issues; countering violent extremism; expanding cooperation in criminal matters; joint efforts in the areas of cybercrime and cybersecurity; and mobility, migration and border issues.  In addition, we discussed the rights of victims of crime, the rights of persons with disabilities and the prosecution of hate crimes.

Of special note, we discussed the threat posed by foreign fighters going to third countries, in particular Syria, and the possible response to address it.  We intend to promote close information sharing between our respective agencies, as well as coordinated initiatives in third countries.  We also discussed efforts of the U.S. and the EU in countering violent extremism, and agreed to intensify our cooperation.

Our meeting also addressed data protection, and issues related to alleged activities of U.S. intelligence agencies.  We together recognize that this has led to regrettable tensions in the transatlantic relationship, which we seek to lessen.  In order to protect all our citizens, it is of the utmost importance to address these issues by restoring trust and reinforcing our cooperation on justice and home affairs issues.

The EU and the U.S. are allies.  Since 9/11 and subsequent terrorist attacks in Europe, the EU and U.S. have stepped up cooperation, including in the areas of police and criminal justice.  Sharing relevant information, including personal data, while ensuring a high level of protection, is an essential element of this cooperation, and it must continue.

We are therefore, as a matter of urgency, committed to advancing rapidly in the negotiations for a meaningful and comprehensive data protection umbrella agreement in the field of law enforcement.  The agreement would act as a basis to facilitate transfers of data in the context of police and judicial cooperation in criminal matters, by ensuring a high level of personal data protection for U.S. and EU citizens. We are committed to working to resolve the remaining issues raised by both sides, including judicial redress (a critical issue for the EU).  Our aim is to complete the negotiations on the agreement ahead of summer 2014.

We also underline the value of the EU-U.S. Mutual Legal Assistance Agreement.  We reiterate our commitment to ensure that it is used broadly and effectively for evidence purposes in criminal proceedings.  There were also discussions on the need to clarify that personal data held by private entities in the territory of the other party will not be accessed by law enforcement agencies outside of legally authorized channels.  We also agree to review the functioning of the Mutual Legal Assistance Agreement, as contemplated in the Agreement, and to consult each other whenever needed.

We take stock of the work done by the joint EU-U.S. ad hoc Working Group.  We underline the importance of the ongoing reviews in the U.S. of U.S. Intelligence collection activities, including the review of activities by the Privacy and Civil Liberties Oversight Board (PCLOB) and the President’s Review Group on Intelligence and Communications Technology (Review Group).  The access that has been given to the EU side of the ad hoc Working Group to officials in the U.S. intelligence community, the PCLOB, the Review Group, and U.S. congressional intelligence committees will help restore trust.  This included constructive discussions about oversight practices in the U.S.  The EU welcomes that the U.S. is considering adopting additional safeguards in the intelligence context that also would benefit EU citizens.

As these ongoing processes continue, they contribute to restoring trust, and to ensuring that we continue our vital law enforcement cooperation in order to protect EU and U.S. citizens.”

Sunday, November 11, 2012

GOVERNMENT, INDUSTRY, ALLIES NEED TO WORK TOGETHER FOR CYBERSECURITY

GEN Keith B. Alexander United States Army
FROM: U.S. DEPARTMENT OF DEFENSE

Cybersecurity Involves Federal, Industry Partners, Allies
By Cheryl Pellerin
American Forces Press Service

WASHINGTON, Nov. 8, 2012 - The $110 billion-a-year cyber economy has never been more vulnerable to crime and other threats, and securing the Internet against attacks demands the expertise of government agencies, industry and allies, the commander of U.S. Cyber Command said here yesterday.

Army Gen. Keith B. Alexander, Cybercom chief and director of the National Security Agency, spoke before a large audience at the Symantec 2012 Government Symposium.

The symposium examines a fundamental question: How to protect sensitive information while enabling collaboration across jurisdictions, nations, citizens and the private sector?

"Government ... operations depend on the network. If we lose that network we can't communicate, [and] ... what happens when [adversaries] disrupt our network or the power grid or our banking institutions?" Alexander said, adding that the U.S. must work with its partners in industry and its allies to solve the problem.

"Many will ask about the roles of [the National Security Agency and Cybercom] in this, and how can we ensure civil liberties and privacy [as well as] the security of cyberspace? We can do both," he said.

One of the first things industry and government must decide is how to make sure all companies involved in U.S. critical infrastructure -- including financial and information services and the defense industrial base -- institute the highest possible levels of computer security.

"How many companies in the United States and among our allies are at this level?" Alexander asked.

"We actually do inspections," he added. "We inspect our government networks to see how many are at 100 percent. And the answer is, very few."

Companies in some sectors, like banking and the high end of the defense industrial base, are "right there at the top" of computer security, the general said.

"Then you go out to some companies that are being [attacked by adversaries in cyberspace] and they don't know what the threat looks like nor what they should do, and some of them are in critical infrastructure," he added.

Nobody wants to make such an effort hard, costly or bureaucratic, Alexander said.

"The question is how do we help them?" he said. "What's the right forum for government and industry to work together to help those companies get to the right level of security?"

Another imperative for government-industry collaboration involves gaps in computer security exploited by what are called "zero-day" attacks -- those that exploit vulnerabilities in computer applications.

Eventually, patches are created to plug the security holes, but not before adversaries have entered and damaged the network or stolen intellectual property.

Alexander used an analogy to explain how Cybercom or the NSA could help industry identify what the general called "bad packets," or those that carry destructive payloads out on the Internet.

"Internet service providers see packets out there. We want them to be able to see bad packets and do something about them. We'll have [an examination process] for every packet. And we'll say, 'Did you see a bad packet in the network? Tell us where it's coming from and going to, and stop it because [it's carrying] a destructive payload,'" the general explained.

"When they see that bad packet, we don't need to know what was in the communications," he added. "All we need to know is a dangerous packet went from point A to point B right now, and that we may need to act."

The federal government "is not looking at the traffic," Alexander said.

"Industry is looking at the traffic and they have to do that to own and operate these networks. We're going to help them with signatures and other things, and they need to tell us when they need our help. But it's got to be done in time for us to help, and that's part of the key issue."

At Cybercom, the general said, experts are training the cyber workforce of the future, determining roles and responsibilities of the federal agencies involved in cybersecurity and exploring a defensible architecture for the Defense Department.

"The DOD architecture, in my opinion, is not defensible per se. We're doing our best to defend it, but we've made this really hard," Alexander said. The department has 15,000 enclaves, each run by separate system administrators and each with its own firewalls, he added.

"What that means is we need to come up with a defensible architecture," the general said, adding that "a ... virtual cloud is key to our success for a couple of areas for the Defense Department," including for a growing number of mobile users.

Cybercom and other agencies are also working on issues related to their authority to respond to a problem, Alexander said.

The key question, he added, is what can the Department of Homeland Security, the FBI, Cybercom and the NSA do to defend the country against a cyberattack, and when can they do it?

Alexander said that he, DHS Secretary Janet Napolitano, and FBI Director Robert S. Mueller III "have laid out lanes in the road for the government entities."

The FBI is responsible for investigation, attribution and domestic problems. DHS is responsible, along with partners like NSA, the National Institute for Standards and Technology and the SANS Institute, for cybersecurity standards.

NSA and Cybercom have a couple of roles and responsibilities, Alexander said, including foreign intelligence.

"NSA has the best folks in the world," the general said. "They have special skills and we want to leverage those skills to help secure cyberspace for our country and for our allies."

Cybercom's role "is not only to operate and defend DOD networks but to defend the country," he said, noting Cybercom would step in if America came under cyberattack.

In the meantime, the general said, he's concerned that attacks like the destructive August attack on computers at Saudi Arabia's government-owned oil company Aramco are happening and "we're spending a lot of time talking about what we should do and when we should do it."

While there is still time, he said, "while you're all in the room together with us ... we ought to argue it out just like we did in the election [on Tuesday], come to a solution and then get going."

Friday, June 15, 2012

TOP LAW ENFORCEMENT FROM U.S. CANADA, NEW ZEALAND, THE UNITED KINGDOM AND AUSTRALIA MEET


FROM:  U.S. DEPARTMENT OF JUSTICE
Attorney General Eric Holder was in Ottawa today for meetings with Attorneys General and Justice Ministers from Canada, New Zealand, the United Kingdom and Australia.

Today’s meeting of the Quintet of Attorneys General was the fourth to be held since the inaugural Quintet meeting in the United Kingdom in 2009 and the first to be hosted in Canada. The Attorneys General discussed legal issues of mutual interest, including cybercrime, national security and legal cooperation.
Continuing their discussion from last year’s Quintet meeting in Sydney, the Attorneys General discussed ways that law enforcement agencies could improve their ability to combat terrorism, cybercrime, and transnational organized crime — including through mutual legal assistance. The global nature of these crimes makes cooperation with our key allies a critical component of response efforts.

Discussions on cybercrime, forced marriages, digital copyright enforcement, data protection and deferred prosecution agreements were also held.
The 2012 Quintet was attended by:
  • Eric H. Holder, Jr. – Attorney General, United States of America        
  • Hon. Rob Nicholson P.C., Q.C., M.P. – Minister of Justice and Attorney General of Canada
  • Hon. Chris Finlayson – Attorney General, New Zealand
  • Rt. Hon. Dominic Grieve Q.C., M.P. – Attorney General, United Kingdom
  • Hon. Jason Clare, M.P. – Minister for Home Affairs and Justice, Australia, representing the Attorney-General of Australia

Search This Blog

Translate

White House.gov Press Office Feed