DOJ says its top priority is the hacked over the hackers

The Justice Department has a new plan for dealing with hacking investigations: More helping victims, less trying to prosecute hackers.

Going forward, investigators and prosecutors will supercharge efforts to prevent cyberattacks or to mitigate the damage they cause — even if that makes it harder to gather evidence to charge those hackers and prosecute them, Deputy Attorney General Lisa Monaco said during an address at the Munich Security Conference.

Here's the reasoning: a large share of the most damaging cyberattacks are committed by hackers who will never be extradited to face trial in the United States. Some are backed by foreign governments. Others are mere criminals but based in Russia or other nations that turn a blind eye to their activities.

The trade-off seems totally logical. But it’s a trade-off that’s been slow in coming for an institution whose bread and butter is putting lawbreakers behind bars.

For example: Prosecutors and FBI agents might share digital keys they’ve secretly obtained if that will help ransomware victims unlock their computers and get back to business.

The downside: That would likely tip off the ransomware gang that U.S. officials know a lot about their operations, and they could make changes that make gathering additional evidence tougher.

In other cases, the department may move faster to seize computer servers containing hacking victims’ data or money, Monaco said.

“This approach is not the first instinct for trial lawyers. … But my message to the department is clear: We should be looking for success both inside and outside the courtroom,” Monaco said.

She likened the shift to how the Justice Department approaches counterterrorism investigations.

“One of the key things I learned after September 11 … [is] that success is not prosecuting terrorists after an attack when families are grieving and their loved ones have been lost,” she said. “It may be necessary, to be sure, but success is preventing that attack in the first place.”

Switching focus

The department has taken flak in the past for being too slow to help hacking victims.

Last year, the FBI waited three weeks to share a decryption key with victims of the Kaseya ransomware attack, as Ellen Nakashima and Rachel Lerman reported — partly because the department wanted to launch an operation to take down the hacking group’s digital infrastructure.

That decision led to loud criticism from Democrats and Republicans, who charge the department could have helped hundreds of Kaseya victims recover faster and save some of the millions of dollars in recovery costs.

Ultimately, the planned takedown was thwarted because the hacking group REvil took itself offline before the Justice Department could do anything, reemerging several months later.

The crypto world

The Justice Department is also surging its efforts against cryptocurrency crime.

The department is forming a specialized team focused on cryptocurrency that will help claw back stolen funds from hackers and other criminals stored as virtual currency, Monaco announced.

The move comes after a handful of high-profile cryptocurrency seizures, including $2.3 million from the ransomware gang that hit Colonial Pipeline and a whopping $4.5 billion stolen from the cryptocurrency exchange Bitfinex.

The department is also appointing a new international cyber operations official who will be based in Europe and help coordinate joint operations with European law enforcement to disrupt and arrest cyber criminals.

“Ransomware and digital extortion — like many other crimes that are fueled by cryptocurrency — only work if the bad guys get paid — which means we have to bust their business model,” Monaco said.

The keys

One tiny mistake helped expose the vast reach of NSO spyware

Saudi women’s rights activist Loujain al-Hathloul asked Citizen Lab researchers to examine her phone when she received a warning from Google last year that hackers were trying to break into her email account. After six months of digging through the phone, researchers made a staggering discovery: Not only was the phone infected with spyware, but a malicious file accidentally left on the phone tied it directly back to the infamous Israeli spyware company NSO Group, Reuters’s Joel Schectman and Christopher Bing report.

“The discovery amounted to a hacking blueprint and led Apple to notify thousands of other state-backed hacking victims around the world, according to four people with direct knowledge of the incident,” they write.

An NSO spokesperson told Reuters the company’s clients operate its spyware and did not answer questions about whether its spyware was used to target activists including al-Hathloul.

The company told Reuters that some allegations were “contractually and technologically impossible,” but declined to offer specifics.

Two more Polish Pegasus targets: The father and assistant of a Polish opposition lawmaker were targeted by Pegasus, Haaretz’s Omer Benjakob reports. The lawmaker, Krzysztof Brejza, was himself hacked with Pegasus when he ran an opposition election campaign in the country. His assistant, Magdalena Losko, is now a member of Poland’s parliament. A spokesperson for the government body in Poland that is suspected of using Pegasus declined to comment on alleged targets to Haaretz and said reports that Pegasus was used for “political purposes” were false.

Meanwhile, in Israel: Lawyers for former prime minister Benjamin Netanyahu want prosecutors to turn over data that the country’s police hacked from the phone of a key witness in his corruption trial, the Times of Israel reports. Prosecutors say nothing valuable was extracted from the phone.

DOJ watchdog chastised a former prosecutor for Trump-era election investigation comments

The case stems from a November 2020 news conference in which a reporter asked U.S. attorney for the Western District of Pennsylvania Scott Brady about a report that 16 assistant U.S. attorneys — including one from his office — had asked Attorney General William P. Barr to rescind a memo allowing investigators to look into some “vote tabulation irregularities” before election results had been certified.

Brady insinuated that the prosecutor from his office had an ethical conflict and was potentially politically motivated, saying that he “was married to the former chief of staff of [Obama attorneys general] Eric Holder and Loretta E. Lynch.”

Justice Department Inspector General Michael Horowitz said Brady’s comments “constituted poor judgment … and reflected poorly on DOJ,” Reuters’s Sarah N. Lynch reports. Brady isn’t mentioned by name in Horowitz’s report, but details from the report match up with the incident, and our colleague, Matt Zapotosky, identified him:

It was Scott Brady. @DKaplanFox5DC covered the presser, and asked the question that sparked Brady's response: https://t.co/v3u8kUgaUs https://t.co/UQHjovqP9H — Matt Zapotosky (@mattzap) February 17, 2022

Brady didn’t respond to Lynch’s request for comment.

Critics have said Barr’s order was improper “because it gave credence to President Donald Trump’s false claims the election was stolen, and it prompted the department’s top lawyer overseeing voter fraud investigations at the time to resign from that position in protest,” Lynch writes. “Ultimately Barr concluded there was no evidence of wide-spread voter fraud.”

A cybersecurity lawyer is pushing to dismiss charges against him from a Trump-appointed special counsel

Cyber lawyer Michael Sussmann alerted the FBI in 2016 about suspicious Internet data flowing between the Trump organization and a Kremlin-linked Russian bank, but was later indicted for allegedly lying to the FBI about the fact he was working for Hillary Clinton’s campaign.

Now, Sussmann is asking to dismiss those charges, saying they could dissuade other tipsters from coming forward with important information for federal law enforcement, Matt Zapotosky reports.

Special counsel John Durham, who announced the indictment, was appointed in 2019 to look into the FBI’s role in the 2016 presidential campaign.

“This is a case of extraordinary prosecutorial overreach,” Sussmann’s lawyers wrote.

Sussmann’s motion came around a week after Durham raised fresh allegations, including that Sussmann passed along Internet traffic to a government agency that people familiar with the matter have identified as the CIA. The Internet traffic had been “exploited” by a tech executive, Durham said, and related to sensitive buildings like the executive office of the president and Trump Tower. Trump has dubiously claimed the data proves that Clinton was spying on him – and the story has blown up on right-wing media.

Sussmann’s lawyers and people who’ve examined the data have disputed Durham’s account. Sussmann’s team previously wrote that the special counsel was taking unnecessary actions “to further politicize this case, inflame media coverage, and taint the jury pool.” They also said some of his insinuations were false, and that the data Sussmann gave to the CIA was from when Obama was president.

