While no security officer would rely on this alone, it’s good to know the U.S. Department of Justice is increasing efforts to fight cyber crime. According to a recent address in Munich by Deputy Attorney General Lisa Monaco, new efforts will focus on ransomware and cryptocurrency incidents. This makes sense since the X-Force Threat Intelligence Index 2022 named ransomware as the top attack type in 2021.

What exactly is the DOJ doing to improve policing of cryptocurrency and other cyber crimes? What kinds of cyber crime cases have they solved already? And how might this impact a company’s security strategy?

National Cryptocurrency Enforcement Team Appoints Director

Monaco’s announcement included the naming of Assistant U.S. Attorney Eun Young Choi as the first Director of the National Cryptocurrency Enforcement Team (NCET).

“With the rapid innovation of digital assets and distributed ledger technologies, we have seen a rise in their illicit use by criminals who exploit them to fuel cyberattacks and ransomware and extortion schemes,” said Assistant Attorney General Kenneth A. Polite Jr. of the Justice Department’s Criminal Division. “The NCET will serve as the focal point for the department’s efforts to tackle the growth of crime involving these technologies. Eun Young is an accomplished leader on cyber and cryptocurrency issues, and I am pleased that she will continue her service as the NCET’s inaugural Director, spearheading the department’s efforts in this area.”

New NCET Director’s Track Record

According to the Justice Department, Director Choi worked as an assistant U.S. attorney for the Southern District of New York. There, she served as the office’s cyber crime coordinator. She investigated and prosecuted cyber, complex fraud and money laundering crimes. In particular, she focused on network intrusions, digital currency, the dark web and national security investigations.

In January 2021, Choi spearheaded an investigation that led to the prosecution of the Russian threat actor Andrei Tyurin.

One of the largest Wall Street breaches ever, the Tyurin criminal operation ran from 2012 to 2015. The incident affected organizations such as JPMorgan Chase, ETrade and The Wall Street Journal. After exfiltrating personally identifiable information, the criminals then promoted stocks to individuals in an attempt to pump up stock prices.

Prosecutors said the breach of JPMorgan Chase resulted in data stolen from 80 million customers. According to the DOJ, Tyurin cashed in on $19 million from his illicit operations. Thanks to the efforts of Choi, the FBI and several other agencies, Tyurin was sentenced to 12 years in prison.

The Complex World of Fighting Crypto Crime

The new agency already has a high-profile case under its belt. In February 2022, the NCET looked into a case against Ilya Lichtenstein and his wife, Heather Morgan. They were arrested for conspiring to launder $4.5 billion worth of cryptocurrency. The funds were allegedly stolen during the 2016 Bitfinex cryptocurrency exchange breach. As part of the investigation, more than $3.6 billion in cryptocurrency was seized, the largest DOJ crypto coin recovery to date.

According to court documents, unauthorized Bitfinex transactions sent stolen Bitcoin to Lichtenstein’s crypto wallet. Over a span of five years, about 25,000 stolen Bitcoin were transferred out of Lichtenstein’s wallet via a complex money laundering process.

In a statement about the case, Monaco said, “Today’s arrests, and the department’s largest financial seizure ever, show that cryptocurrency is not a safe haven for criminals. In a futile effort to maintain digital anonymity, the defendants laundered stolen funds through a labyrinth of cryptocurrency transactions. Thanks to the meticulous work of law enforcement, the department once again showed how it can and will follow the money, no matter what form it takes.”

“Today, federal law enforcement demonstrates once again that we can follow money through the blockchain, and that we will not allow cryptocurrency to be a safe haven for money laundering or a zone of lawlessness within our financial system,” said Assistant Attorney General Polite.

More DOJ Action Against Cyber Crime

Monaco cited a list of recent activities and future plans the DOJ has in store for threat actors:

  • Using traditional search warrants to execute code and erase digital backdoors
  • Helped dismantle the Emotet botnet (although Emotet has since returned)
  • Took down the world’s largest illegal marketplace on the darknet and arrested at least 150 darknet traffickers
  • Investigated more than 100 different ransomware variants, and targeted dozens of ransomware groups estimated to have caused billions of dollars in damage
  • In the wake of the attack on Kaseya, the FBI obtained decryptor keys so victims could unlock ransomed systems
  • Disrupted the R-Evil ransomware group with five arrests and the seizure of $6.1 million in alleged ransom payments
  • Created the Virtual Asset Exploitation Unit which combines cryptocurrency experts into one nerve center to provide equipment, blockchain analysis, virtual asset seizure and training to the FBI
  • Launching an International Virtual Currency Initiative to allow for joint, international law enforcement operations to track money through the blockchain. This will foster regulation and anti-money laundering requirements to root out the abuse of virtual currency.

Crypto Crime Disruption Efforts

Moving forward, during any investigation DOJ prosecutors, agents and analysts will also assess whether to use disruptive actions against cyber threats. They could use this tactic even if it might tip off threat actors and jeopardize the chance of arrest. Agents will assess whether they can prevent or reduce the risk to victims, such as by providing decryptor keys or seizing servers used by threat actors.

Is the Internet Safe Now?

The efforts of law enforcement are certainly welcome. Of course, no business is relying on the DOJ alone to protect against cyber threats. A good place to further check your security posture is the CISA Incident and Vulnerability Response Playbooks.

In Munich, Deputy Attorney General Monaco summed up her comments, saying, “And my message to cybercriminals is equally clear: the long arm of the law can — and now will — stretch much farther into cyberspace than you think. If you continue to come for us, we will come for you.”

More from Government

NIST’s security transformation: How to keep up

4 min read - One thing that came out of the pandemic years was a stronger push toward an organization-wide digital transformation. Working remotely forced companies to integrate digital technologies, ranging from cloud computing services to AI/ML, across business operations to allow workers to keep up high production and efficiency standards. Now that businesses and consumers have adjusted to the new normal of digital transformation, it is time to develop a security transformation strategy. Coping with the speed of change A constantly evolving tech…

Cyber experts applaud the new White House cybersecurity plan

4 min read - First, there was a strategy. Now, there’s a plan. The Biden Administration recently released its plan for implementing the highly anticipated national cybersecurity strategy published in March. The new National Cybersecurity Strategy Implementation Plan (NCSIP) lays out specific deadlines and responsibilities for the White House’s vision for cybersecurity. The plan is being managed by the White House’s Office of the National Cyber Director (ONCD). Cybersecurity experts have applauded the Administration’s plan as well as the new implementation calendar. For example,…

How the FBI Fights Back Against Worldwide Cyberattacks

5 min read - In the worldwide battle against malicious cyberattacks, there is no organization more central to the fight than the Federal Bureau of Investigation (FBI). And recent years have proven that the bureau still has some surprises up its sleeve. In early May, the U.S. Department of Justice announced the conclusion of a U.S. government operation called MEDUSA. The operation disrupted a global peer-to-peer network of computers compromised by malware called Snake. Attributed to a unit of the Russian government Security Service,…

How NIST Cybersecurity Framework 2.0 Tackles Risk Management

4 min read - The NIST Cybersecurity Framework 2.0 (CSF) is moving into its final stages before its 2024 implementation. After the public discussion period to inform decisions for the framework closed in May, it’s time to learn more about what to expect from the changes to the guidelines. The updated CSF is being aligned with the Biden Administration’s National Cybersecurity Strategy, according to Cherilyn Pascoe, senior technology policy advisor with NIST, at the 2023 RSA Conference. This sets up the new CSF to…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today