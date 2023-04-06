Comment on this story Comment Gift Article Share

Lisa Monaco talks ransomware, TikTok and more

A newly revealed crackdown on the Genesis Market cybercrime forum shows how the Justice Department is evoloving to disrupt malicious hackers, Deputy Attorney General Lisa Monaco told me in an interview.

Yesterday the department announced a coordinated international law enforcement takedown of the forum that featured arrests, as well as the FBI seizing the online marketplace and ultimately shuttering it. Genesis Market sold stolen account access credentials, such as usernames and passwords.

It comes one year after the department seized the Hydra dark-net marketplace and follows closely on an operation against the BreachForums marketplace.

“The Genesis Market disruption shows another evolution in us taking this disruptive-focused approach,” Monaco said. “It’s an interesting twist on this approach because it focuses on disrupting access brokers. … The access that they’re selling provides an avenue for the conduct of cybercrimes like ransomware attacks."

On Wednesday, Monaco and I discussed disruptive operations, ransomware, TikTok and drug sales on social media. Here are some highlights from our conversation.

Disruption and ransomware

The Biden administration’s recently released cyber strategy emphasizes disrupting malicious hackers. At the Justice Department, that has translated into operations like the one revealed Wednesday or successful efforts to take back ransomware payments made to crime gangs, or snatching decryption keys from ransomware operators to give to victims.

Speaking last week at the Aspen Verify conference, Monaco described operations like the decryption key seizure as a “21st-century cyber stakeout.”

The FBI’s handling of a similar situation with 2021’s Kaseya hack stirred some consternation on Capitol Hill. So how does the Justice Department decide when to sit patiently and collect intelligence or when to take action?

“My instruction to the U.S. attorneys around the country, to our cyber prosecutors, here in main Justice, has been, ‘Be looking for opportunities to disrupt,’” Monaco told me. “Because the critical other aspect of the kind of pivot we’ve made in our strategy is also putting victims at the center of our work.”

Overall, “there’s no hard and fast rule, and it’s going to change case-by-case,” she said.

At last week’s conference, Monaco said she was “heartened by the success we’ve seen” combating ransomware. While our Network experts said in a survey last week that law enforcement has made authentic gains in the fight against ransomware gangs, they also doubted that the decline in the ransomware threat in 2022 would last in 2023.

Monaco told me the key to making a lasting dent in ransomware is to “maintain our focus on disruptive activity, on putting victims front and center, because I think that will continue the virtuous cycle that I’ve talked about before.”

“We’ve got to make it less profitable for these guys,” she said, and “having victims work with us is one way to continue to maintain the gains that we’ve seen.”

Justice officials estimate that only 20 percent of ransomware victims report incidents to the department.

TikTok

The Justice Department is a member of the secretive Committee on Foreign Investment in the United States (CFIUS), which reviews the national security ramifications of transactions involving foreign acquisition of or investment in U.S. companies. For years, CFIUS has been reviewing the purchase of Musical.ly by China-owned ByteDance, the parent company of TikTok.

Monaco declined to answer questions about that review. She has cited support for the RESTRICT Act, which my colleague Drew Harwell described this way: The bill “would give Commerce officials the authority to evaluate and block technology deals involving companies from six ‘foreign adversary’ countries, including China, Russia, Iran, Cuba, Venezuela and North Korea.”

I asked Monaco about the First Amendment implications that civil libertarians have raised regarding the prospect of a TikTok ban.

“I made a statement on the Restrict Act, right, which would take a broader approach. And I think that’s important for two reasons. I think it’s important because I think it … would be on stronger legal footing, if actions under such a statute ultimately were challenged.” She said it’s also “responsive to the challenge that we face, which is from foreign sourced technologies. … We may be focusing on one or two today, but we have a broader challenge.”

Social media and drugs sales

Monaco, speaking at the conference, highlighted what she considered a critical issue: the availability of drugs for purchase on social media.

“We have a crisis of opioid poisonings,” Monaco said, citing last year’s U.S. death toll of more than 107,000. “Today, your kid doesn’t have to go find the dealer on the street corner. He or she is carrying that dealer around in his or her pocket, on their phone.”

The administrator of the Drug Enforcement Agency, she said, has tried to talk to social media platforms about the problem, but the response has been poor.

The department had invited CEOs of major social media platforms to attend a meeting on Tuesday this week. The CEOs sent other representatives to the meeting in place of them, Monaco told me.

“I think it was an important first step in our efforts to address what we see as an increasing use of social media by distributors and traffickers of deadly drugs,” she said.

The keys

Former NatSec officials say Trump had no authority to seize voting machines

Former national security officials testified that they informed former president Donald Trump that his administration was not authorized to seize voting machines after the 2020 election, Zachary Cohen reports for CNN.

Former acting homeland security secretary Chad Wolf and his former deputy, Ken Cuccinelli, testified to a federal grand jury that Trump’s Department of Homeland Security did not have the authority to make such a move, Cohen writes, citing a person familiar with the proceedings.

Cohen adds that “Trump’s former national security adviser, Robert O’Brien, in a closed-door interview with federal prosecutors earlier this year, also recounted conversations about seizing voting machines after the 2020 election, including during a heated Oval Office meeting that Trump participated in, according to a source familiar with the matter.”

Former Trump administration officials can be asked to testify about their interactions with the former president after the D.C. federal appeals court on Tuesday struck down a request from Trump’s legal team to block his advisers from testifying about him.

Trump has repeatedly called the 2020 results fraudulent and said voting machines in some states had malfunctioned, though those claims have been debunked.

Biden cyber official killed in car accident last week

Samantha Jennings-Jones, senior strategy and research adviser in the Office of the National Cyber Director, was killed last week.

A speeding Mercedes driver involved in a collision struck Jennings-Jones as she was walking on the sidewalk in Fairfax County, police said, according to a story by Zak Failla of the Alexandria Daily Voice.

Jennings-Jones, 36, was part of the team that developed the recent National Cybersecurity Strategy and was a leader on its implementation plan. She previously worked on cyber issues at the Coast Guard.

“We were profoundly shocked by the news of the death of our beloved colleague, Samantha Jennings-Jones,” said acting national cyber director Kemba Walden. “She is dearly missed by her ONCD colleagues. Our hearts, prayers, and deepest condolences remain with Sam’s family and loved ones.”

Dangerous alleged Spanish hacker arrested following high-profile cyber incidents

Police in Spain arrested 19-year-old José Luis Huertas, an alleged high-profile Spanish hacker, Bill Toulas reports for BleepingComputer.

Huertas, who has gone by the personas “Alcaseca,” “Mango” and “chimichuri,” is considered to be the vanguard of several headline-making cyberattacks and the creation of the Udyat search engine that allowed individuals to sell stolen sensitive information, Toulas writes.

The investigation for Huertas began last November. Police seized “large amounts of cash, documentation, and computers that will help discover the hacker's activity” upon his arrest.

Deemed one of Spain’s greatest threats to national security, he is accused of breaching Spain’s national council of the judiciary, as well as impersonating media CEO Paolo Vasile.

Daybook

Kemba Walden , Jen Easterly and other cybersecurity officials speak at and other cybersecurity officials speak at an Atlantic Council event discussing the implementation of the Biden administration’s national cyber strategy at 10:15 a.m.

The Center for a New American Security holds an event discussing the development of Iran’s nuclear program at 11 a.m.

Tom Hanks and former American Civil Liberties Union deputy legal director Jeffery Robinson called “How to Rig an Election” at 3 p.m. Washington Post Live holds an event with actorand former American Civil Liberties Union deputy legal directorcalled “How to Rig an Election” at 3 p.m.

