February 17, 2022 was a busy day for the Department of Justice and its growing cyber portfolio. First, Deputy Attorney General Lisa O. Monaco delivered remarks at the Annual Munich Cyber Security Conference, stressing the Department’s efforts to confront cyber criminals and its increasing focus on disruption and prevention, even if doing so would limit criminal prosecutions. Additionally, the Department announced the appointment of the first Director of the National Cryptocurrency Enforcement Team, which was established to address criminal misuse of cryptocurrencies and digital assets.
Both developments reflect the Justice Department’s continuing efforts to adopt to the tactics used by cyber criminals and to confront the cyber-related threats faced by governments and businesses around the globe.
The Deputy Attorney General’s Munich Speech
Deputy Attorney General (“DAG”) Monaco opened her remarks at the Munich Cyber Security Conference by describing the threat from bad actors—including nation-states and criminal organizations—that leverage their cyber capabilities to exploit U.S. infrastructure and businesses. She stressed that cyber criminals enjoy safe haven in authoritarian countries and “wreak havoc in both the digital and physical worlds.”[i]
The bulk of DAG Monaco’s speech focused on three key areas of the Department’s efforts to combat “unprecedented” cyber threats: (1) continuing to develop investigative and deterrent capabilities; (2) fostering international partnerships; and (3) ramping up the Department’s proactive disruption of cyber incidents.
First, DAG Monaco stressed that the Department must “keep pace with the threat actors who exploit innovations as fast as the marketplace produces them.” In response to “the explosion of ransomware and the abuse of cryptocurrency,” the Department recently created a Ransomware and Digital Extortion Task Force, which is focused on attacking “the ecosystem that allows ransomware to flourish.” Separately, the Federal Bureau of Investigation has established a Virtual Asset Exploitation Unit (“VAXU”), a specialized team dedicated to cryptocurrency that will provide equipment and expertise in blockchain analysis and virtual asset seizure. The VAXU will work closely with the Department’s National Cryptocurrency Enforcement Team, discussed further below.
DAG Monaco highlighted some of the Justice Department’s recent successes in combatting cyber-enabled threats, including the takedown of the largest illegal marketplace of drugs and other illicit goods and services on the dark web; the seizure of millions of dollars from criminally controlled cryptocurrency wallets after the Colonial Pipeline ransomware attack; the disruption of the infamous ransomware group R-Evil; and the largest ever financial seizure in Department history, involving $3.6 billion in stolen bitcoin linked to the 2016 hack of virtual currency exchange Bitfinex.
Second, DAG Monaco promised that 2022 will bring increased cross-border partnerships with foreign governments. To this end, she announced the designation of a Cyber Operations International Liaison for the Justice Department, who will be responsible for working with U.S. prosecutors and European partners “to up the tempo of international operations against top-tier cyber actors.” Additionally, the Department is launching an International Virtual Currency Initiative, which will focus on tracking illicit payments through the blockchain and on promoting enhanced regulation and anti-money-laundering requirements to hold cryptocurrency companies accountable for rooting out criminal misuse of their services.
Finally, perhaps the most interesting policy development announced by DAG Monaco was the Department’s increased prioritization of disrupting cyber threats before they materialize—even at the expense of jeopardizing charges and arrests by tipping off cybercriminals. Adopting a ‘prevention first’ model seen most prominently in the counterterrorism context, DAG Monaco emphasized that the Department will make full use of the tools available to the U.S. government and its partners, including sanctions, export controls, and disruptive capabilities such as seizing servers used to commit cyber crimes or providing decryptor keys to ransomware victims that would allow them to unlock ransomed systems.
DAG Monaco also included a message to companies that are victimized by cyber criminals that “if you report to us, we can follow the money and not only help you, but hopefully prevent the next victim.” At the same time, however, she warned companies that deal with cryptocurrency and virtual current platforms that the government expects them to meet their legal obligations to “root out cryptocurrency abuses.” For those that fail in these obligations, the government will “hold [them] accountable.”
The Appointment of Director of the NCET
Also on February 17, the Department of Justice announced the selection and appointment of Eun Young Choi as the first Director of the Department’s National Cryptocurrency Enforcement Team (“NCET”). Choi previously served as Senior Counsel to the Deputy Attorney General and as the Cybercrime Coordinator at the U.S. Attorney’s Office for the Southern District of New York.
The Department of Justice created the NCET in October 2021 to “identify, investigate, support and pursue . . . cases involving the criminal use of digital assets, with a particular focus on virtual currency exchanges, mixing and tumbling services, infrastructure providers, and other entities that are enabling the misuse of cryptocurrency and related technologies to commit or facilitate criminal activity.”[ii] In particular, the NCET will develop strategic priorities for investigations and prosecutions involving cryptocurrency; identify areas for increased investigative and prosecutorial focus; coordinate with domestic and international law enforcement partners and regulatory agencies; and, importantly, work with private sector actors in the virtual currency space to further the criminal enforcement mission.
The NCET will draw upon the Department of Justice’s October 2020 Cryptocurrency Enforcement Framework, which “provides a comprehensive overview of the emerging threats and enforcement challenges associated with the increasing prevalence and use of cryptocurrency; details the important relationships that the Department of Justice has built with regulatory and enforcement partners both within the United States government and around the world; and outlines the Department’s response strategies.”[iii]
To further its work, the NCET will collaborate with other elements within the Department, including the Criminal Division’s Computer Crime and Intellectual Property Section and Money Laundering and Asset Recovery Section, the National Security Division, and the FBI’s specialized VAXU team, as well as with U.S. Attorney’s Offices around the country.
Recent developments at the Department of Justice reflect the agency’s (and the entire U.S. government’s) laser focus on cyber-enabled threats, including the explosion of ransomware attacks and other criminal misuse of cryptocurrencies and digital assets. Importantly, DAG Monaco stressed that ransomware, digital extortion, and other crimes fueled by cryptocurrency “only work if the bad guys get paid,” which means that successful prevention and mitigation requires “bust[ing] their business model.” This portends increased scrutiny for financial institutions and other private sector entities that are operating in or seeking entrance to the digital-asset space. Such entities should ensure they are meeting their anti-money-laundering, know-your-customer, recordkeeping, and other due diligence requirements, as well as any sanctions-related obligations.
At the same time, DAG Monaco stressed that the Justice Department and its partners can provide assistance to companies that are victimized by cyber criminals, including by, for example, tracking and potentially recovering money paid in ransom or helping to unlock compromised systems following a ransomware attack. While this might make it more difficult to prosecute the wrongdoers criminally, it is already difficult to do so in practice since many of the attackers are located outside of the United States. The Department appears to be recognizing that helping victimized companies to avoid paying ransom could undermine the profitability of future ransomware attacks. As a result, companies that are confronted with a cyber incident should strongly consider the benefits of working with government agencies like the Justice Department, the FBI, and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency.
[i] Deputy Attorney General Lisa O. Monaco Delivers Remarks at Annual Munich Cyber Security Conference, U.S. Dep’t of Justice (Feb. 17, 2022), https://www.justice.gov/opa/speech/deputy-attorney-general-lisa-o-monaco-delivers-remarks-annual-munich-cyber-security.
[ii] Justice Department Announces First Director of National Cryptocurrency Enforcement Team, U.S. Dep’t of Justice (Feb. 17, 2022), https://www.justice.gov/opa/pr/justice-department-announces-first-director-national-cryptocurrency-enforcement-team.
[iii] Attorney General William P. Barr Announces Publication of Cryptocurrency Enforcement Framework, U.S. Dep’t of Justice (Oct. 8, 2020), https://www.justice.gov/opa/pr/attorney-general-william-p-barr-announces-publication-cryptocurrency-enforcement-framework.