While no security officer would rely on this alone, it’s good to know the U.S. Department of Justice is increasing efforts to fight cyber crime. According to a recent address in Munich by Deputy Attorney General Lisa Monaco, new efforts will focus on ransomware and cryptocurrency incidents. This makes sense since the X-Force Threat Intelligence Index 2022 named ransomware as the top attack type in 2021.

What exactly is the DOJ doing to improve policing of cryptocurrency and other cyber crimes? What kinds of cyber crime cases have they solved already? And how might this impact a company’s security strategy?

National cryptocurrency enforcement team appoints director

Monaco’s announcement included the naming of Assistant U.S. Attorney Eun Young Choi as the first Director of the National Cryptocurrency Enforcement Team (NCET).

“With the rapid innovation of digital assets and distributed ledger technologies, we have seen a rise in their illicit use by criminals who exploit them to fuel cyberattacks and ransomware and extortion schemes,” said Assistant Attorney General Kenneth A. Polite Jr. of the Justice Department’s Criminal Division. “The NCET will serve as the focal point for the department’s efforts to tackle the growth of crime involving these technologies. Eun Young is an accomplished leader on cyber and cryptocurrency issues, and I am pleased that she will continue her service as the NCET’s inaugural Director, spearheading the department’s efforts in this area.”

New NCET Director’s track record

According to the Justice Department, Director Choi worked as an assistant U.S. attorney for the Southern District of New York. There, she served as the office’s cyber crime coordinator. She investigated and prosecuted cyber, complex fraud and money laundering crimes. In particular, she focused on network intrusions, digital currency, the dark web and national security investigations.

In January 2021, Choi spearheaded an investigation that led to the prosecution of the Russian threat actor Andrei Tyurin.

One of the largest Wall Street breaches ever, the Tyurin criminal operation ran from 2012 to 2015. The incident affected organizations such as JPMorgan Chase, ETrade and The Wall Street Journal. After exfiltrating personally identifiable information, the criminals then promoted stocks to individuals in an attempt to pump up stock prices.

Prosecutors said the breach of JPMorgan Chase resulted in data stolen from 80 million customers. According to the DOJ, Tyurin cashed in on $19 million from his illicit operations. Thanks to the efforts of Choi, the FBI and several other agencies, Tyurin was sentenced to 12 years in prison.

The complex world of fighting crypto crime

The new agency already has a high-profile case under its belt. In February 2022, the NCET looked into a case against Ilya Lichtenstein and his wife, Heather Morgan. They were arrested for conspiring to launder $4.5 billion worth of cryptocurrency. The funds were allegedly stolen during the 2016 Bitfinex cryptocurrency exchange breach. As part of the investigation, more than $3.6 billion in cryptocurrency was seized, the largest DOJ crypto coin recovery to date.

According to court documents, unauthorized Bitfinex transactions sent stolen Bitcoin to Lichtenstein’s crypto wallet. Over a span of five years, about 25,000 stolen Bitcoin were transferred out of Lichtenstein’s wallet via a complex money laundering process.

In a statement about the case, Monaco said, “Today’s arrests, and the department’s largest financial seizure ever, show that cryptocurrency is not a safe haven for criminals. In a futile effort to maintain digital anonymity, the defendants laundered stolen funds through a labyrinth of cryptocurrency transactions. Thanks to the meticulous work of law enforcement, the department once again showed how it can and will follow the money, no matter what form it takes.”

“Today, federal law enforcement demonstrates once again that we can follow money through the blockchain, and that we will not allow cryptocurrency to be a safe haven for money laundering or a zone of lawlessness within our financial system,” said Assistant Attorney General Polite.

More DOJ action against cyber crime

Monaco cited a list of recent activities and future plans the DOJ has in store for threat actors:

  • Using traditional search warrants to execute code and erase digital backdoors
  • Helped dismantle the Emotet botnet (although Emotet has since returned)
  • Took down the world’s largest illegal marketplace on the darknet and arrested at least 150 darknet traffickers
  • Investigated more than 100 different ransomware variants, and targeted dozens of ransomware groups estimated to have caused billions of dollars in damage
  • In the wake of the attack on Kaseya, the FBI obtained decryptor keys so victims could unlock ransomed systems
  • Disrupted the R-Evil ransomware group with five arrests and the seizure of $6.1 million in alleged ransom payments
  • Created the Virtual Asset Exploitation Unit which combines cryptocurrency experts into one nerve center to provide equipment, blockchain analysis, virtual asset seizure and training to the FBI
  • Launching an International Virtual Currency Initiative to allow for joint, international law enforcement operations to track money through the blockchain. This will foster regulation and anti-money laundering requirements to root out the abuse of virtual currency.

Crypto crime disruption efforts

Moving forward, during any investigation DOJ prosecutors, agents and analysts will also assess whether to use disruptive actions against cyber threats. They could use this tactic even if it might tip off threat actors and jeopardize the chance of arrest. Agents will assess whether they can prevent or reduce the risk to victims, such as by providing decryptor keys or seizing servers used by threat actors.

Is the internet safe now?

The efforts of law enforcement are certainly welcome. Of course, no business is relying on the DOJ alone to protect against cyber threats. A good place to further check your security posture is the CISA Incident and Vulnerability Response Playbooks.

In Munich, Deputy Attorney General Monaco summed up her comments, saying, “And my message to cybercriminals is equally clear: the long arm of the law can — and now will — stretch much farther into cyberspace than you think. If you continue to come for us, we will come for you.”

More from Government

CIRCIA feedback update: Critical infrastructure providers weigh in on NPRM

3 min read - In 2022, the Cyber Incident for Reporting Critical Infrastructure Act (CIRCIA) went into effect. According to Secretary of Homeland Security Alejandro N. Mayorkas, "CIRCIA enhances our ability to spot trends, render assistance to victims of cyber incidents and quickly share information with other potential victims, driving cyber risk reduction across all critical infrastructure sectors."While the law itself is on the books, the reporting requirements for covered entities won't come into force until CISA completes its rulemaking process. As part of…

Important details about CIRCIA ransomware reporting

4 min read - In March 2022, the Biden Administration signed into law the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). This landmark legislation tasks the Cybersecurity and Infrastructure Security Agency (CISA) to develop and implement regulations requiring covered entities to report covered cyber incidents and ransomware payments.The CIRCIA incident reports are meant to enable CISA to:Rapidly deploy resources and render assistance to victims suffering attacksAnalyze incoming reporting across sectors to spot trendsQuickly share information with network defenders to warn other…

Unpacking the NIST cybersecurity framework 2.0

4 min read - The NIST cybersecurity framework (CSF) helps organizations improve risk management using common language that focuses on business drivers to enhance cybersecurity.NIST CSF 1.0 was released in February 2014, and version 1.1 in April 2018. In February 2024, NIST released its newest CSF iteration: 2.0. The journey to CSF 2.0 began with a request for information (RFI) in February 2022. Over the next two years, NIST engaged the cybersecurity community through analysis, workshops, comments and draft revision to refine existing standards…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today