Fake identities, virtual private networks (VPNs), and thousands of miles are not enough to protect cybercriminals from the Department of Justice (DOJ). Complicated, precisely orchestrated initiatives, often in cooperation with other government agencies, have allowed the DOJ to penetrate cyberattackers’ infrastructures, catch them in their crimes, prosecute them, and even recover the funds they’ve stolen.
Top 3 of the Government’s Successful Takedowns of Cybercriminals
The DOJ’s approach to cybercrime combines several factors: advanced strategy, cooperation with other authorities and companies, and a more aggressive stance against cybercrime.
The following highlight some of the intricate methods that the DOJ and its partners have used. How they’re able to take down powerful underground organizations reveals a significant shift in the battle for the safety of online assets.
1. Recovering Billions in Stolen Cryptocurrency
Typically, when a cybercriminal gets caught, the amount recovered has one or two commas—at most. However, the DOJ managed to recover more than $3,600,000,000 ($3.6 billion) worth of stolen cryptocurrency from attackers who successfully filched the amount from a cryptocurrency exchange. This marks the largest financial seizure ever executed by the Department of Justice.
2. Taking Down a Darknet Marketplace
The DOJ also effectively shut down key cybercriminal resources. This was the case when they dismantled the oldest and biggest darknet marketplace in the world: Hydra Market. The effort, which involved collaboration with German authorities, significantly disrupted a central hub of online criminal activity. According to the DOJ, 80% of all cryptocurrency transactions in 2021 that were related to the darknet materialized through Hydra Market.
In addition, authorities seized $25 million in bitcoin, which had been illegally obtained and held in the marketplace. One of Hydra Market’s alleged operators, who had not only been executing online crime but was also involved in drug trafficking, was brought to justice.
3. Striking Back on Colonial Pipeline Attackers
The DOJ turned a much-publicized ransomware attack into a win for the good guys after recovering $2.3 million in cryptocurrency paid to hackers during the Colonial Pipeline attack. (The crypto had been worth significantly less when it was first taken, but due to the rise in the price of BTC, the 63.7 bitcoins were worth $2.3 million at the time of the seizure.)
Without giving away sensitive strategic details, Maddie Kennedy, senior director of communications at Chainalysis, the blockchain data platform that helped the DOJ track down the attackers, said, “The key to tackling ransomware is disrupting the ransomware supply chain, including identifying authors and developers, affiliates, infrastructure services providers, launderers, and cash-out points.”
What the DOJ Has Done Recently to Curb Cybercrime: The Hunt for NetWalker Criminals
NetWalker is ransomware created by cybercriminal group Circus Spider, and it’s one of the fastest-growing strands of malware—in March 2020, Circus Spider adopted a ransomware-as-a-service (RaaS) model to expand its affiliate network.
Using this “ransomware-for-hire” system, even novice hackers could use NetWalker to execute attacks and then coordinate crucial details after the assault, such as whom to send the money to, how much to keep for themselves, and how to make any necessary transfers. But their complex system wasn’t hidden deep enough in the dark web. The DOJ managed to sniff them out and take some key players down. One affiliate who walked away with $28 million has since been charged.
Key Steps the Government Is Taking to Promote Cybersecurity
Cybercrime falls under the jurisdiction of the Cybersecurity and Infrastructure Security Agency (CISA), which is a department under the DOJ. It works with the Department of Homeland Security (DHS), which also deals with other threats, both from within and outside the country.
To more vigorously promote cybersecurity, government agencies are bringing in a range of players from different organizations, as well as systematically attacking the systems hackers use to execute their crimes.
1. Partnering with Cybersecurity Companies and Other Countries
To magnify the efficiency of its initiatives, the DOJ is partnering with cybersecurity companies and other crime prevention officials from various countries. The partnership with leading security organizations enables access to top-tier tools and solutions to bring down attackers, and partnerships with authorities from different jurisdictions give it the leeway to go after foreign hackers, as well as operate within the cyberspace of other countries.
For example, tools such as:
- Cisco’s Secure Firewall provides top-of-the-line protection for a variety of network architectures
- Palo Alto Networks’ next-generation firewall can stop both known and zero-day threats
- Fortinet Security Fabric is known to reduce the number of cyberattacks by 90%
By partnering with other countries to bring down cybercriminals, the DOJ effectively extends its reach across the globe. For example, Vytautas Parfionovas had been accessing the computers and email servers of financial institutions in the United States from 2011 to 2018. After he was arrested in Ukraine in 2019, the DOJ partnered with foreign officials to extradite him to the U.S. Parfionovas now faces as many as 30 years in prison for his crimes.
2. Targeting the Systems Hackers’ Use
The DOJ is targeting the systems and funding resources that hackers use to launch assaults. To do this, authorities get in touch with low-level hackers and use them to get information about those pulling the strings. Even lower-level attackers have critical information regarding how money gets transferred and how their attack systems work. This has led to crucial intelligence authorities have been able to leverage to disrupt criminal infrastructures and bring down specific offenders.
For example, authorities were able to pinpoint specific dark web users involved in criminal activity, including NetWalker ransomware affiliates. This led to the understanding that, similar to business leaders that run legitimate enterprises, NetWalker higher-ups:
- Want people keen on quality vs. quantity
- Provide hackers they recruit with proven solutions, such as prepackaged ransomware
- Entice hackers to join their ransomware network by offering “prompt and flexible ransomware” and a “user-friendly admin panel in Tor, an automated service”
Because of significant disruptions to their online criminal systems, some attackers have been voluntarily backing down for fear of getting caught by the DOJ and its partners.
Common Challenges in Combating Cybercrime
Despite many notable wins against cybercriminals, the DOJ and its partner organizations still have significant challenges to overcome. These include:
People are more connected now than ever, resulting in unintentional interactions with cybercriminals—often due to the inherent trust people have in digital connections. In the past, for example, if someone you didn’t know, had never spoken to, and had never seen asked you for financial account information, you’d laugh at the idea.
But because so many users are connected to digital services and legitimate businesspeople, a ubiquitous atmosphere of trust permeates the air. This provides cybercriminals with various opportunities to dupe unsuspecting victims.
2. Technologically Advanced Attacks
To be successful against cybercriminals, a law enforcement officer has to have more than excellent intuition and a strong work ethic. They often need advanced computer and networking skills. Sourcing these kinds of professionals can be a challenge, particularly because they may already be invested in more linear, straightforward careers.
3. The Evolution of Online Attacks
Cybercrime techniques are advancing as quickly as the technologies that power them. This produces an ever-evolving threat landscape, and officials have to shift their tactics accordingly. If organizations and cybercrime fighters can’t keep up, a large number of smaller, lower-profile crimes may slink beneath the radar but not without impacting thousands of people.
Remaining Vigilant Against Cybercrime
According to the Malware and Ransomware Report 2021 by Forcepoint, “ransomware is on top of organizations’ minds,” with more than half of respondents (55%) citing ransomware and malware as an extreme threat. Given the stealthy manipulations criminals use to infiltrate networks, organizations and individuals alike would do well to take a close look at the cyber protections they have in place.
The approach of the DOJ, the companies it partners with, and other law enforcement officials around the world are worth emulating. By staying on top of cybersecurity trends and implementing the right tools, you can prevent and mitigate attacks before they impact your company. In this way, regardless of the tools cybercriminals use, you can minimize the possibility of suffering a breach.