The Federal Bureau of Investigation (FBI) this past week revealed it has developed a substantial hacking capability that it is now employing broadly in its pursuit of justice.
First came the disclosure that the FBI has been able to recover the bulk of the ransomware payment made in bitcoin by the Colonial Pipeline to cybercriminals that shut down its gasoline pipeline. Bitcoins are hard to recover because while there is a public record of these transactions the funds are usually stored in a large number of digital wallets. Apparently, the cybercriminals made the mistake of reaggregating much of their ill-gotten booty in a single digital wallet that the FBI happened to have a copy of the private key to access.
As it turns now the FBI has also been able to hack into the Anom encrypted phone network used by criminals around the world.
Working in collaboration with law enforcement agencies in Australia, the FBI revealed it intercepted more than 27 million messages sent from 12,000 devices. That led to the seizure of $45 million in international currency, 250 firearms, and more than 32 tons of illegal drugs. The FBI apparently turned an Anon developer into an informant that deployed an application that relayed every Anon message back to the FBI.
There’s no indication whether law enforcement agencies will be able to recover the $11 million ransom that the meatpacking conglomerate JBS paid to recover access to its files, but it’s clear law enforcement agencies around the world are stepping up their efforts. The Biden administration during a G7 Summit is also encouraging U.S. allies to “speak with one voice” to countries that are suspected of harboring cybercriminals. At the same time, calls to ban ransomware payments continue to grow louder. The argument is that the payment of ransom only encourages cybercriminals to launch additional attacks.
It’s not clear to what degree additional legislation might be required to enable law enforcement agencies to target the assets of individuals that are citizens of another country that are perceived to be waging a sustained ransom campaign. Countries that harbor these individuals essentially claim they have broken no laws within their borders that they can enforce. Nevertheless, the individuals launching these attacks in many cases are well known to local authorities.
Regardless of legal niceties, it’s clear law enforcement agencies around the world are using a mix of new digital technologies and old-fashioned techniques such as employing informers to identify and track the individuals launching these attacks. The issue now is determining what to next. Tracking their whereabouts and how their funds are transferred isn’t going to deter them from launching attacks. Options on the table range from finding ways to encourage the countries that provide sanctuary for these cybercriminals to rein in their activity to providing incentives to organizations that operate in an extrajudicial fashion to surreptitiously address the issue more directly with individual cybercriminals.
Regardless of how the issue is addressed, it’s clear cybercrime has entered a new phase. Not only are organizations going to be expected to mount a better defense in the national interest; governments around the world are gearing up to more forcibly respond to what has become an economic scourge of unprecedented proportion.
Mike Vizard has covered IT for more than 25 years and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet, and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb, and Slashdot. Mike also blogs about emerging cloud technology for SmarterMSP.