U.S. Deputy Attorney General Lisa Monaco closed out day one of the RSA Conference in San Francisco by detailing the recent shift the Justice Department (DoJ) has taken to prioritize disruption when fighting cybercrime, and in the process to put victims at the center of its efforts.
“We did take a very intentional approach to shift our orientation,” Monaco said during her keynote session with former Cybersecurity and Infrastructure Security Agency (CISA) Director Chris Krebs.
“We took a hard look in the Justice Department and said, how can we maximize our tools and what we can bring to this fight from a Justice Department perspective? We did a whole comprehensive cyber review, and a few things came out of that,” Monaco said.
“One was, we needed to change our orientation – we needed to pivot to disruption and prevention and make that our focus,” she said. “And then the other issue was we needed to put victims at the center of our approach.”
“The direction we’ve given to our prosecutors and investigators is you’ve got to have a bias towards action, to disrupt and prevent,” Monaco said, adding, “and doing so will not always yield a prosecution – that’s tough for a prosecutor to say. That’s fine. We’re not measuring our success only with courtroom action or courtroom victories. This is about preventing and disrupting and putting the victims at the center.”
Monaco explained that the DoJ is best suited to take disruptive and preventative action “time and time again” because the victims work with the agency.
The DoJ official highlighted how her team was able to successfully recover millions of dollars worth of cryptocurrency paid to adversaries following the Colonial Pipeline attack in May 2021 – because the company came to department and asked for help.
Monaco praised Colonial Pipeline’s “brave decision to come forward to work with us” in “their darkest hour” after the attack, and urged other victim organizations to reach out to the DoJ to achieve similar outcomes.
“It’s good for the business,” she stated, “and it’s good for America because you’re helping us prevent that next attack.”
Monaco said the DoJ’s new cybercrime enforcement approach was also used earlier this year when law enforcement took down the Hive ransomware group – something she referred to as a “21st century cyber stakeout.”
“No arrests made there. In days gone by, that might have been heresy,” Monaco said. “We’re going to do this operation and there’s not going to be a prosecution at the end of the day.”
“What we did there was use our legal authorities, get into that network – a top five ransomware network – and patiently” waited and watched what was going on, she said. DoJ was able to swipe decryption keys from the Hive ransomware group and give them to the victims – preventing over $130 million in ransomware payments “that didn’t get made because those systems didn’t get locked up.”
“Doing more and more of that is what we’re all about because we have to send a message that we cannot get after this threat if we are not working together,” Monaco said.