The Justice Department is increasingly aiming to disrupt adversaries' hacking activity rather than just call it out in indictments. That's the message from John Demers, the recently departed assistant attorney general for Justice's national security division. Demers, the highest-ranking holdover from the Trump administration, left his post last week after three years on the job. The most prominent recent example of such disruption came last month when the department seized more than $2 million in bitcoin from the Colonial Pipeline ransomware hackers — effectively stealing back the ill-gotten gains of the Russian cybercriminals. In another example in April, the department removed backdoor access to thousands of computers that China-linked hackers had created using a devastating Microsoft bug. Those are far more direct and harmful blows against hackers' capabilities than the typical Justice Department tactic of indicting hackers — including from adversary governments' military and intelligence units — who are almost guaranteed to never face trial in a U.S. courtroom. "It really arose from the question of what else can we do," Demers told me. "The indictments on the criminal side have led to prosecutions, but on the national security side not so much. What else can we do that doesn't just educate and enforce norms but actually disrupts malicious cyber activity?" Demers was assistant attorney general of the Justice Department's National Security Division. (Andrew Harnik/Pool/AP) | The department plans to launch more such disruptions as the pace of cyberattacks increases. "I can't provide much detail, but it will go beyond what we've seen now," Demers told me. "And I'd also expect the operational tempo will continue to increase." In particular, Demers said he expects such operations to play a significant role as the Biden administration tries to put muscle behind the U.S. position that critical infrastructure such as pipelines, energy plants, airports and water systems should be off-limits from hacking. President Biden staked out that position during his summit last month with Russian President Vladimir Putin, insisting such rules should apply not just to government hackers but to criminal ransomware gangs that operate on Russian territory with the Kremlin's tacit approval. The Biden administration probably will need to punch back against such hacks numerous times before the Kremlin backs down, analysts say. The slate of responses may include economic sanctions and retaliatory cyber strikes by the U.S. military and intelligence agencies. One benefit of adding Justice cyber operations to the mix is they can be done in a comparatively public way. Military and intelligence operations, on the other hand, might impose far more damage to the adversary but are typically highly classified. "We don't use these tools without laying out affidavits, without explaining what it is we're doing," Demers said. "There's an important benefit to being transparent about what the government is doing in cyberspace." The Justice Department did some work disrupting criminal hackers as far back as during the Obama administration, but not at the scale it has recently. Much of the early work involved shutting down the operations of botnets — armies of zombie computers that criminals harness for cyberattacks. Justice Department officials announce an operation to retrieve ransom money that Colonial Pipeline paid to Russia-based criminal hackers to unlock their computer systems (Jonathan Ernst/Pool/AFP/Getty Images) | Demers touted the department's string of indictments against Russian, Chinese, Iranian and North Korean hackers during his tenure. He acknowledged, however, that indictments had done little to deter those nations' hacking operations. Instead, he said, the indictments helped educate the public about the nefarious activity and put a U.S. stake in the ground about what's acceptable in cyberspace and what's not. "Education takes repetition," he said. "Although it's true that countries break these norms, it's also true that people continue to commit murder even though since Cain and Abel we've had norms against murder. It's still important to call that out and hold people accountable." Demers's departure comes amid a new reckoning over several Justice Department actions during the Trump administration. Demers has acknowledged that he and other top Justice leader were prepared to resign en masse when President Donald Trump was pressuring the department to investigate baseless claims of election fraud after the 2020 election. That was averted when Jeffrey Rosen, second-in-command at the department, convinced Trump not to proceed. The department also revealed it secretly subpoenaed phone records from reporters at The Post, CNN and the New York Times as part of an investigation seeking sources for reporting early in the Trump administration. Biden condemned the action after the department revealed it in May, and it's now the subject of an inspector general investigation. Attorney General Merrick Garland has said he will rewrite the rules for obtaining reporters' records. Demers said he supports the IG investigation and that it's appropriate for Garland to rejigger such policies, but declined to comment further. "The department, as a matter of policy, can legitimately take different positions on whether and when to use those kinds of authorities," he said. Share The Cybersecurity 202 | | | | | |
No comments:
Post a Comment