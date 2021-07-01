The most prominent recent example of such disruption came last month when the department seized more than $2 million in bitcoin from the Colonial Pipeline ransomware hackers — effectively stealing back the ill-gotten gains of the Russian cybercriminals. In another example in April, the department removed backdoor access to thousands of computers that China-linked hackers had created using a devastating Microsoft bug.
Those are far more direct and harmful blows against hackers’ capabilities than the typical Justice Department tactic of indicting hackers — including from adversary governments' military and intelligence units — who are almost guaranteed to never face trial in a U.S. courtroom.
“It really arose from the question of what else can we do,” Demers told me. “The indictments on the criminal side have led to prosecutions, but on the national security side not so much. What else can we do that doesn’t just educate and enforce norms but actually disrupts malicious cyber activity?”
The department plans to launch more such disruptions as the pace of cyberattacks increases.
“I can’t provide much detail, but it will go beyond what we’ve seen now,” Demers told me. “And I’d also expect the operational tempo will continue to increase.”
In particular, Demers said he expects such operations to play a significant role as the Biden administration tries to put muscle behind the U.S. position that critical infrastructure such as pipelines, energy plants, airports and water systems should be off-limits from hacking.
President Biden staked out that position during his summit last month with Russian President Vladimir Putin, insisting such rules should apply not just to government hackers but to criminal ransomware gangs that operate on Russian territory with the Kremlin’s tacit approval.
The Biden administration probably will need to punch back against such hacks numerous times before the Kremlin backs down, analysts say. The slate of responses may include economic sanctions and retaliatory cyber strikes by the U.S. military and intelligence agencies.
One benefit of adding Justice cyber operations to the mix is they can be done in a comparatively public way.
Military and intelligence operations, on the other hand, might impose far more damage to the adversary but are typically highly classified.
“We don’t use these tools without laying out affidavits, without explaining what it is we’re doing,” Demers said. “There’s an important benefit to being transparent about what the government is doing in cyberspace.”
The Justice Department did some work disrupting criminal hackers as far back as during the Obama administration, but not at the scale it has recently. Much of the early work involved shutting down the operations of botnets — armies of zombie computers that criminals harness for cyberattacks.
Demers touted the department’s string of indictments against Russian, Chinese, Iranian and North Korean hackers during his tenure.
He acknowledged, however, that indictments had done little to deter those nations’ hacking operations. Instead, he said, the indictments helped educate the public about the nefarious activity and put a U.S. stake in the ground about what’s acceptable in cyberspace and what’s not.
“Education takes repetition,” he said. “Although it’s true that countries break these norms, it’s also true that people continue to commit murder even though since Cain and Abel we’ve had norms against murder. It’s still important to call that out and hold people accountable.”
Demers’s departure comes amid a new reckoning over several Justice Department actions during the Trump administration.
Demers has acknowledged that he and other top Justice leader were prepared to resign en masse when President Donald Trump was pressuring the department to investigate baseless claims of election fraud after the 2020 election. That was averted when Jeffrey Rosen, second-in-command at the department, convinced Trump not to proceed.
The department also revealed it secretly subpoenaed phone records from reporters at The Post, CNN and the New York Times as part of an investigation seeking sources for reporting early in the Trump administration.
Biden condemned the action after the department revealed it in May, and it’s now the subject of an inspector general investigation. Attorney General Merrick Garland has said he will rewrite the rules for obtaining reporters' records.
Demers said he supports the IG investigation and that it’s appropriate for Garland to rejigger such policies, but declined to comment further.
“The department, as a matter of policy, can legitimately take different positions on whether and when to use those kinds of authorities,” he said.
The Biden administration should study giving hacked companies the authority to hack back, two senators say.
A new bill from Sens. Steve Daines (R-Mont.) and Sheldon Whitehouse (D-R.I.) would direct Homeland Security Secretary Alejandro Mayorkas to conduct a study of whether private companies should be able to proportionally hack back “in response to an unlawful network breach.”
The lawmakers previously proposed adding the measure to bipartisan legislation to boost U.S. technology research. However, their amendment did not make it into the bill that the Senate ultimately passed.
The cybersecurity community has debated for years whether the U.S. government should give companies the authority to hack back. Whitehouse has long been a high-profile proponent of the idea. Government officials and experts, however, nearly unanimously oppose the idea, warning that companies could misfire and damage the well-being of innocent people or unwittingly involve the United States in a dangerous and escalating cyber conflict.
The New York City mayoral election turned chaotic after officials said they mistakenly added more than 100,000 test votes.
The apparent mistake only added to the confusion in the election, which used a ranked- choice system for the first time, John Wagner and Felicia Sonmez report. It’s another blow against public faith in elections, which has been battered with unfounded claims of fraud in the 2020 election by Trump and his supporters.
Brooklyn Borough President Eric Adams, the race’s front-runner, filed a preliminary lawsuit seeking to “have a judge oversee and review ballots, if necessary,” his campaign said.
The candidates, current Mayor Bill de Blasio (D) and even Trump himself weighed in on the mess, with Trump denouncing “vast irregularities” in the election. The counting “will go on forever,” Trump said, urging the city Board of Elections to “close the books and do it all over again, the old-fashioned way, when we had results that were accurate and meaningful.” De Blasio, who is not on the ballot, called for an “an immediate, complete recanvass,” a “complete explanation of what went wrong” and an overhaul of how the election board is structured.
A fresh count of ranked choice preferences issued by the board of elections on Wednesday indicated that the race had tightened. Around 125,000 absentee ballots still have to be counted.
An Iranian disinformation effort infiltrated Israeli messaging groups.
The campaign took advantage of small online groups and encrypted messaging apps to avoid detection by tech platforms, the New York Times’s Sheera Frenkel reports. The accounts were reported to FakeReporter, a group that tracks disinformation, after several users noticed that the accounts were evasive and used poor grammar.
“What was so smart and unprecedented about this was the way they moved through small group chats where no one would expect to find an Iranian agent,” said Achiya Schatz, the director of FakeReporter. “They really gained people’s trust and slipped under the radar of Facebook, Twitter and all the other tech companies.”
Facebook removed some of the accounts after the Times contacted it about FakeReporter’s report. A company spokeswoman said the accounts were tied to other Iranian activity identified by the company. A Twitter spokesman said the company regularly monitors and takes down state-backed information campaigns.
Republicans are planning an investigation into television host Tucker Carlson’s claim that the NSA spied on him.
House Minority Leader Kevin McCarthy (R-Calif.) said he asked Rep. Devin Nunes (Calif.), top Republican on the House Intelligence Committee, to investigate Carlson’s allegations that a whistleblower told him that the NSA was monitoring his communications and planning to leak them. The NSA said that Carlson “has never been an intelligence target of the agency and the NSA has never had any plans to try to take his program off the air.”
