Last week the U.S. Department of Justice (DoJ) took steps to crack down on ransomware with the creation of a National Cryptocurrency Enforcement Team (NCET) and the launch of the department’s Civil Cyber-Fraud Initiative.
The NCET will handle complex investigations and prosecutions of criminal misuses of cryptocurrency, Deputy Attorney General Lisa O. Monaco announced. Monaco added that the aim was to “root out abuse on these platforms and ensure user confidence in these systems.”
The enforcement team will also assist in tracing and recovery of assets lost to fraud and extortion, including cryptocurrency payments to ransomware groups, and includes a special focus on crimes committed by virtual currency exchanges, mixing and tumbling services and money laundering infrastructure actors.
DoJ Tackles Ransomware, Civil Cyberfraud
The DoJ’s Civil Cyber-Fraud Initiative will use the False Claims Act to pursue cybersecurity-related fraud by government contractors and grant recipients.
John Bambenek, principal threat hunter at Netenrich, a digital IT and security operations company, noted the False Claims Act dates back to Reconstruction and empowers private citizens to identify fraud against the government and to recoup those funds.
“This allows individuals or teams with specialized expertise to pursue fraud and be compensated for success,” he said. “It has been a successful model in other forms of fraud, such as Medicare and Medicaid fraud, for quite some time and has promise here, as well.”
The Civil Cyber-Fraud Initiative will hold accountable “entities or individuals that put U.S. information or systems at risk by knowingly providing deficient cybersecurity products or services, knowingly misrepresenting their cybersecurity practices or protocols, or knowingly violating obligations” to monitor and report cybersecurity incidents and breaches.
It also includes a whistleblower provision, which allows private parties to assist the government in identifying and pursuing fraudulent conduct and to share in any recovery as well as protects whistleblowers from retaliation if they bring these violations and failures to light.
Karl Steinkamp, director of PCI product and quality assurance at Coalfire, a provider of cybersecurity advisory services, said these initiatives should allow the DoJ to tackle some of the more difficult cryptocurrency and federal cybersecurity abuses seen today.
“Simply put, the NCET provides the tools and training to the DoJ while the cyberfraud initiative is the enforcement arm to hold government contractors accountable for cybersecurity lapses that put Americans at risk,” he explained.
He said that, given the visibility of most blockchains, which provide more transparency into transactions than traditional monetary networks, he would suspect that we would see, as a percentage of overall transactions, dramatically lower fraud due to illicit activities using these forms of a medium of exchange.
“Some regulation of exchanges is likely in the cards within the next year or so and will need to further strike a balance between the security and privacy of its users versus illicit activities,” Steinkamp added.
He said he thought the combination of the NCET and the Cyber-Fraud Initiative brings to bear an “impressive” amount of firepower to help companies and organizations deal with the ransomware threat.
“Due to the nature of crypto assets, funds recovery as a result of near-instant finality will likely still be problematic,” he cautioned. “The bad actors, in cases where their ransomware crypto-asset funds have been returned to the victim, had poor operational security, and I don’t expect this to persist for much longer.”
New Law Enforcement Challenges
Bambenek also noted that cryptocurrency creates new challenges for law enforcement and the enforcement of court orders in criminal matters.
“This requires new tools—and, potentially, new laws—to adapt to how to address these challenges that digital currency are bringing to the forefront,” he said. “Terrorist financing, ransomware and tax evasion are all issues that need to be thought about in a cryptocurrency world.”
From his perspective, ultimately, cryptocurrency will move to more privacy-centric assets, such as Monero, which will make our existing tools less useful.
“Once there is a direct cash-to-Monero pipeline that can operate at scale, much of how we track cryptocurrency will end,” he said. “This means we’ll have to come up with new tools or new enforcement or regulatory regimes on those exchanges.”
Bambenek said if the enforcement team is less concerned about punishing victims (by prohibiting ransom payments), they can focus their expertise on following the money to help expedite bringing operators to justice and to recover losses by companies.
“As long as the financial incentives are tipped in favor of ransomware operators, this threat will continue,” he said. “Having expertise following the money opens the possibility to hitting these criminals where it hurts and to change the game.”