As part of the federal government’s broad effort to disrupt ransomware operators and other cybercrime groups, the FBI is forming a new unit dedicated to investigating abuses of cryptocurrencies, and the Department of Justice is launching a new International Virtual Currency Initiative to work with law enforcement, prosecutors, and cryptocurrency platforms to trace ransom payments and develop regulations and anti-money laundering legislation.
The new initiatives mark a further escalation of the U.S. government’s campaign against ransomware groups, which has accelerated quite a bit in the last year. In October, the Justice Department announced the formation of the National Cryptocurrency Enforcement Team (NCET), a group that now comprises 12 attorneys. On Thursday, Deputy Attorney General Lisa Monaco announced that Eun Young Choi, a highly experienced cybersecurity prosecutor, has been appointed the director of the NCET, which will work closely with the new Virtual Asset Exploitation unit at the FBI.
Monaco pointed to the department’s seizure last week of more than $3.6 billion in Bitcoin that was stolen during the hack of Bitfinex several years ago as the type of work that the new teams can do.
“We’re focusing our collective efforts on the abuse of cryptocurrencies. A unified effort on things like money laundering requires our combined efforts and multiple eyes from law enforcement on these issues,” Monaco said during a keynote at the Munich Security Conference.
“Given what we did last week, we are sending the clear message that cryptocurrencies should not be considered a safe haven.”
The FBI’s new unit will include agents who have specialized cryptocurrency and blockchain expertise, and will be focused on the task of digging into abuses of cryptocurrencies and exchanges, tracing cybercrime profits, and working with other law enforcement agencies on cryptocurrency investigations. Monaco stressed that even with all of the resources at the disposal of the Justice Department and FBI, cybercrime investigations require cooperation from agencies around the world.
“Ransomware, like many other crimes fueled by cryptocurrency, only works if the bad guys get paid. Which means we have to bust their business model. We call on all companies dealing with cryptocurrency to root out all abuses. To those who don’t, we will hold you accountable,” she said.
“If you report to us, we can follow the money and not only help you, but hopefully prevent the next victim. Our efforts are so much more powerful when combined with our international partners. We cannot do this alone. Cooperation will not be an afterthought.”
"If you continue to come for us, we will come for you.”
To that end, Monaco said the department will be naming a new cyber operations international liaison who will work with law enforcement agencies in Europe and elsewhere on joint investigations.
“This person will work with our partners to up the tempo against top tier cyber actors,” Monaco said.
On the technical side of things, Monaco said the FBI and Justice Department are aiming to do more to disrupt cybercrime operations before investigations are complete, even if that means alerting suspects. That could mean more server seizures, releasing decryption tools for ransomware when possible, or using other technical means to stop or prevent attacks.
“Going forward, we will now assess at each stage of an investigation whether to use disruptive actions. Before we bring charges, we will assess whether there are steps we can take to prevent attacks. We should consider the use of all available tools,” she said.
“Combining these with other tools makes us nimbler in disrupting the cyber threat and this is especially true when criminals seek safe haven in hostile countries. If you continue to come for us, we will come for you.”
This is a significant shift for a department that by necessity has been reactive rather than proactive. Monaco said the new thinking is similar to the shift that happened on a national security level in the early 2000s.
“It is a cultural change in some respects. We’ve done that shift on the national security side. The first approach needs to be one of preventing the first attack. It’s one we know how to do and can employ,” she said.