While no security officer would rely on this alone, it’s good to know the U.S. Department of Justice is increasing efforts to fight cyber crime. According to a recent address in Munich by Deputy Attorney General Lisa Monaco, new efforts will focus on ransomware and cryptocurrency incidents. This makes sense since the X-Force Threat Intelligence Index 2022 named ransomware as the top attack type in 2021.

What exactly is the DOJ doing to improve policing of cryptocurrency and other cyber crimes? What kinds of cyber crime cases have they solved already? And how might this impact a company’s security strategy?

National cryptocurrency enforcement team appoints director

Monaco’s announcement included the naming of Assistant U.S. Attorney Eun Young Choi as the first Director of the National Cryptocurrency Enforcement Team (NCET).

“With the rapid innovation of digital assets and distributed ledger technologies, we have seen a rise in their illicit use by criminals who exploit them to fuel cyberattacks and ransomware and extortion schemes,” said Assistant Attorney General Kenneth A. Polite Jr. of the Justice Department’s Criminal Division. “The NCET will serve as the focal point for the department’s efforts to tackle the growth of crime involving these technologies. Eun Young is an accomplished leader on cyber and cryptocurrency issues, and I am pleased that she will continue her service as the NCET’s inaugural Director, spearheading the department’s efforts in this area.”

New NCET Director’s track record

According to the Justice Department, Director Choi worked as an assistant U.S. attorney for the Southern District of New York. There, she served as the office’s cyber crime coordinator. She investigated and prosecuted cyber, complex fraud and money laundering crimes. In particular, she focused on network intrusions, digital currency, the dark web and national security investigations.

In January 2021, Choi spearheaded an investigation that led to the prosecution of the Russian threat actor Andrei Tyurin.

One of the largest Wall Street breaches ever, the Tyurin criminal operation ran from 2012 to 2015. The incident affected organizations such as JPMorgan Chase, ETrade and The Wall Street Journal. After exfiltrating personally identifiable information, the criminals then promoted stocks to individuals in an attempt to pump up stock prices.

Prosecutors said the breach of JPMorgan Chase resulted in data stolen from 80 million customers. According to the DOJ, Tyurin cashed in on $19 million from his illicit operations. Thanks to the efforts of Choi, the FBI and several other agencies, Tyurin was sentenced to 12 years in prison.

The complex world of fighting crypto crime

The new agency already has a high-profile case under its belt. In February 2022, the NCET looked into a case against Ilya Lichtenstein and his wife, Heather Morgan. They were arrested for conspiring to launder $4.5 billion worth of cryptocurrency. The funds were allegedly stolen during the 2016 Bitfinex cryptocurrency exchange breach. As part of the investigation, more than $3.6 billion in cryptocurrency was seized, the largest DOJ crypto coin recovery to date.

According to court documents, unauthorized Bitfinex transactions sent stolen Bitcoin to Lichtenstein’s crypto wallet. Over a span of five years, about 25,000 stolen Bitcoin were transferred out of Lichtenstein’s wallet via a complex money laundering process.

In a statement about the case, Monaco said, “Today’s arrests, and the department’s largest financial seizure ever, show that cryptocurrency is not a safe haven for criminals. In a futile effort to maintain digital anonymity, the defendants laundered stolen funds through a labyrinth of cryptocurrency transactions. Thanks to the meticulous work of law enforcement, the department once again showed how it can and will follow the money, no matter what form it takes.”

“Today, federal law enforcement demonstrates once again that we can follow money through the blockchain, and that we will not allow cryptocurrency to be a safe haven for money laundering or a zone of lawlessness within our financial system,” said Assistant Attorney General Polite.

More DOJ action against cyber crime

Monaco cited a list of recent activities and future plans the DOJ has in store for threat actors:

  • Using traditional search warrants to execute code and erase digital backdoors
  • Helped dismantle the Emotet botnet (although Emotet has since returned)
  • Took down the world’s largest illegal marketplace on the darknet and arrested at least 150 darknet traffickers
  • Investigated more than 100 different ransomware variants, and targeted dozens of ransomware groups estimated to have caused billions of dollars in damage
  • In the wake of the attack on Kaseya, the FBI obtained decryptor keys so victims could unlock ransomed systems
  • Disrupted the R-Evil ransomware group with five arrests and the seizure of $6.1 million in alleged ransom payments
  • Created the Virtual Asset Exploitation Unit which combines cryptocurrency experts into one nerve center to provide equipment, blockchain analysis, virtual asset seizure and training to the FBI
  • Launching an International Virtual Currency Initiative to allow for joint, international law enforcement operations to track money through the blockchain. This will foster regulation and anti-money laundering requirements to root out the abuse of virtual currency.

Crypto crime disruption efforts

Moving forward, during any investigation DOJ prosecutors, agents and analysts will also assess whether to use disruptive actions against cyber threats. They could use this tactic even if it might tip off threat actors and jeopardize the chance of arrest. Agents will assess whether they can prevent or reduce the risk to victims, such as by providing decryptor keys or seizing servers used by threat actors.

Is the internet safe now?

The efforts of law enforcement are certainly welcome. Of course, no business is relying on the DOJ alone to protect against cyber threats. A good place to further check your security posture is the CISA Incident and Vulnerability Response Playbooks.

In Munich, Deputy Attorney General Monaco summed up her comments, saying, “And my message to cybercriminals is equally clear: the long arm of the law can — and now will — stretch much farther into cyberspace than you think. If you continue to come for us, we will come for you.”

More from Government

Updated SBOM guidance: A new era for software transparency?

3 min read - The cost of cyberattacks on software supply chains is a growing problem, with the average data breach costing $4.45 million in 2023. Since President Biden’s 2021 executive order, software bills of materials (SBOMs) have become a cornerstone in protecting supply chains.In December 2023, the National Security Agency (NSA) published new guidance to help organizations incorporate SBOMs and combat the threat of supply chain attacks.Let’s look at how things have developed since Biden’s 2021 order and what these updates mean for…

Roundup: Federal action that shaped cybersecurity in 2023

3 min read - As 2023 draws to a close, it’s time to look back on our top five federal cyber stories of the year: a compilation of pivotal moments and key developments that have significantly shaped the landscape of cybersecurity at the federal level.These stories highlight the challenges federal agencies faced in securing digital infrastructure in the past year and explore the evolving nature of cyber threats, as well as the innovative responses required to address them.New White House cybersecurity strategyThe White House’s…

ITG05 operations leverage Israel-Hamas conflict lures to deliver Headlace malware

12 min read - As of December 2023, IBM X-Force has uncovered multiple lure documents that predominately feature the ongoing Israel-Hamas war to facilitate the delivery of the ITG05 exclusive Headlace backdoor. The newly discovered campaign is directed against targets based in at least 13 nations worldwide and leverages authentic documents created by academic, finance and diplomatic centers. ITG05’s infrastructure ensures only targets from a single specific country can receive the malware, indicating the highly targeted nature of the campaign. X-Force tracks ITG05 as…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today