“At the Justice Department, keeping the American people safe from all threats, foreign and domestic, is an essential part of our mission. It’s in fact, the core of that mission,” she said. And confronting cyberthreats, she said, is a critical component of that work.
To that end, Monaco announced that the U.S. recently seized approximately $500,000 in ransom payments demanded by North Korean state-sponsored cyber attackers via ransomware known as Maui. The funds were returned to a medical center in Kansas that was attacked with the ransomware, which targeted U.S. medical facilities and other public health sector organizations. A medical provider in Colorado was able to recover funds as well. From their investigation, they were able to release a cybersecurity advisory to “empower network defenders everywhere.”
The victim-centered approach, she said, “uses all the tools we have at our disposal and focuses on the reporting we received from private sector companies to maximize our ability to take down bad actors and importantly, to prevent the next victim.”
The deputy attorney general, a veteran of ICCS, last spoke at the conference in 2016 when she was assistant for homeland security and counterterrorism under President Barack Obama. Since that time, she said, the challenges of cybersecurity have evolved to a point where “malicious actors [are]becoming more aggressive, more sophisticated, and more belligerent and brazen.”
Cooperation Leads to Justice
Monaco said that the North Korean action represents a line that has become blurred between state sponsored actors and criminal groups.
She stressed that the investigation was a success because the hospital reported the attack early and cooperated with the bureau.
“The hospital’s leadership paid the ransom, but they also notified the FBI, which was the right thing to do for themselves and for future victims,” she said.
The FBI and the justice department prosecutors immediately got to work on what was then a never-before-seen ransomware variant, she said. The team traced the laundered crypto payments through the blockchain allowing them to return the stolen funds to the victims.
Another example of this cooperation at work, she said, was when the FBI and Justice Department prosecutors disrupted a global botnet known as Cyclops Blink—which was under the control of the GRU, Russia’s military intelligence agency.
They were able to disable the GRU’s control over victim devices before they could be used to initiate an attack, she said, by working closely with WatchGuard, the manufacturer of the network devices targeted by the malware, and drawing on their own cyber talent.
Monaco said the department is “increasingly using our law enforcement tools in new and innovative ways.”
“Last year, we used our civil and criminal forfeiture authorities to turn the tables on ransomware attackers and to follow the money and seize back a significant portion of the proceeds from the ransom paid to DarkSide, the group that attacked the Colonial Pipeline, disrupting fuel transport on the east coast last summer,” she said, adding that details on other successes, as well as challenges, could be found in a comprehensive review that was released today by the Justice Department.
A Modern Yet Ancient Threat—With More Sophisticated Enemies
In an opening statement, Tania Tetlow, president of Fordham—herself a former federal prosecutor—underscored the importance of sharing information between sectors of government, academia, and private industry. She noted that while such threats may seem “supremely modern,” similar threats can be found in the nation’s history. She pointed out that President Thomas Jefferson faced similar extortion threats from pirates in the First Barbary War.
“That is what we face today with an enemy ever more elusive, ever more difficult, and the only way we do it is to do what you are here doing today, which is to come together, from around the world, to partner across sectors, [including]law enforcement and national security, higher education, and industry,” said Tetlow.
Indeed, in his opening remarks and on a panel discussion he moderated later, Fordham Trustee and former FBI agent Ed Stroz also stressed the importance of pan-sector cooperation.
“Whether you’re from the private sector, academia, law enforcement—these conversations are crucial to reaching a level of cybersecurity that we need in order to function today [and]these conversations only happen when each of you are at the table,” said Stroz, a 1979 graduate of the Gabelli School who helped found the event and chaired the planning committee for this year’s conference.
Stroz noted that the conference, which began in 2009, has grown to become one of the premier events of its kind in part because of its blended approach. In addition to spawning Fordham’s Center for Cybersecurity, which sponsors master’s degrees and an undergraduate minor, this year’s event also offered continuing education credits.
“This is some of the most valuable content for everybody who is in business and working in any institutional context so they can get to know what the risks are and how to manage those risks,” he said. “You can’t eliminate them, but you can manage them.”