The US Department of Justice’s (DoJ) approach to disrupting and preventing cybercrime was laid bare by Lisa Monaco, Deputy Attorney General of the United States, during the opening keynote session at the RSA 2023 conference.
Monaco highlighted that in recent years the DoJ has evolved its approach to tackling surging cyber-threats to the government and wider economy. This has revolved around “putting the victims at the center” rather than measuring success by the prosecution of cyber-threat actors through the courts.
The DoJ’s successful recovery of millions of dollars’ worth of bitcoin paid to attackers following the Colonial Pipeline attack in May 2021 is an example of this approach, Monaco highlighted. In this case action was taken to follow the money paid in cryptocurrency, rather than placing blame on the victim of the incident.
Another example was the takedown of the Hive ransomware gang’s infrastructure in January 2023, following an international law enforcement operation. This enabled the government to gain access to the group’s computer networks, enabling agencies to capture decryption keys and distribute them to Hive victims globally. Monaco noted that this was a long and patient operation, a “modern-day cyber stakeout.”
Read more: #RSAC: Cyber Intrusion Campaign Against Three US Federal Agencies Thwarted
She emphasized that such operations are only possible through cooperation – between different government agencies globally and crucially, with victim organizations. Monaco praised Colonial Pipeline’s “brave decision to come forward to work with us” after the attack and urged other victim organizations to reach out to the DoJ to achieve similar outcomes.
“It’s good for the business, and it’s good for America because you’re helping us prevent that next attack,” she stated.
Speaking about the recent conviction of former Uber CISO Joe Sullivan, Monaco stressed that this prosecution was brought about by Sullivan’s intentional conduct in misleading the Federal Trade Commission (FTC) about the nature of the incident.
She said that it should not in any way put off CISOs from engaging with the federal government about incidents.