For the past several years, Federal Bureau of Investigation (FBI) agents have been discussing how to turn the tide of today’s rampant hacking by remotely accessing breached computer networks and capturing the hackers.
The FBI got its chance earlier this year after the hack of the Microsoft Exchange e-mail server. An FBI agent filed a petition in federal court in Houston on April 9 seeking authorization to remotely access hundreds of hacking victims to find the attackers’ digital footprints.
While some civil liberties advocates fear that the right could be abused in the future, the FBI’s action at least marks the unveiling of a more aggressive, government-level cybersecurity initiative. Elvis Chan, assistant special agent for cyber investigations in the FBI’s San Francisco field office, said in an interview, “The FBI has made a positive decision, and our modus operandi hasn’t changed. It’s just a few more tools to assist.”
The FBI has also had recent joint operations with the National Security Agency to disrupt Russian cyber espionage, as well as the recent success in recovering bitcoin paid to hackers after the ransomware attack on Colonial Pipeline Co.
Eight months after the election, a series of innovations began to emerge after the U.S. government found its vital backbone industry was being exposed to apparent security breaches amid a series of devastating hacks, including the Colonial Pipeline breach and a ransomware attack against meat processing giant JBS SA. It also reflects a growing recognition that previous efforts to thwart cyberattacks, such as criminal prosecutions and legal sanctions, have done little to mitigate them.
In an interview with Bloomberg, Anne Neuberger, deputy national security adviser for cyber and emerging technologies, said the effort is not limited to the FBI, but is a priority for the “entire government sector. Neuberger’s former employer, the National Security Agency, for example, recently opened a collaboration center designed to facilitate information sharing with the private sector.
The government’s efforts to fast-track cybersecurity operations stemmed from the 2018 bust of a malicious hacking operation called VPNFilter by the FBI and the Department of Justice. The VPNFilter case was one of the first major operations to use legal tools to identify and disrupt malicious Russian networks, according to Chad Hunt, an FBI special agent who helps run the Atlanta Cybersecurity Group.
As the epidemic spreads, work-at-home has led to a steady increase in ransomware attacks. Elvis Chan said, “If there was a silver lining last year, it was that we had to be more aggressive and creative in our approach due to the emergence of the epidemic and the fact that cybercrime almost never stops.”
In September, FBI Director Christopher Wray announced a new cyber strategy to move away from what he described as the old “whack-a-mole” game. The FBI’s new goal, he said, is to “make it harder and more painful for hackers and criminals to do what they’re doing.”
But some civil liberties experts say this bolder tactic could lead to abuse. kurt Opsahl, deputy executive director and general counsel of the Electronic Frontier Foundation, said that executing warrants to access computer networks remotely raises questions about how to notify network administrators and how such tools could be abused. The issue of how to notify network administrators and how such tools can be misused. In the Microsoft Exchange case, FBI agents told the court that they planned to send an e-mail to the address each victim provided when he or she last registered a domain name with a network registrar, but would do so within 30 days of entry.
Jennifer Stisa Granick, a surveillance and cybersecurity consultant with the American Civil Liberties Union (ACLU), said this bolder tactic raises concerns about “the limits of the government’s power to disrupt private property.” In the history of new surveillance technologies, she said, “law enforcement starts using them in a compelling case, then eventually uses them in a more problematic case, and once a fixed pattern and comfort zone is created, public power expands further.
After the successful execution of the anti-hacking operation in the Microsoft Exchange case, in May the FBI launched another campaign to recover 63.7 of the 75 bitcoins (then worth $4.4 million) that Colonial Pipeline paid as ransom to the hackers on May 8. While federal officials say this is not the first time they have recovered cryptocurrency from criminals, it is one of the first known cases involving ransomware.
After Colonial Pipeline paid the hackers, its ransom was split between two digital cryptocurrency wallets. Over the next 19 days, it was shuffled and shunted a dozen times, a tactic often used by ransomware operators to hide their tracks when trying to launder their digital loot, according to court documents.
According to court documents, an FBI agent tracked all of the cryptocurrency’s footprints until it finally landed on a crypto wallet holding 63.7 bitcoins on May 27. During that time, the FBI in San Francisco was given encryption passwords, also known as private keys, to access the funds inside that particular wallet. The FBI’s Chan declined to explain how the agents got their hands on the private key. A federal judge issued a warrant for the agents to seize the funds within hours of the FBI’s request, according to court documents.
Cybersecurity experts say ransomware has long been viewed as merely malware, which hackers may use to make a quick buck, but is not considered a threat to national security. In addition, victims of ransomware attacks are often slow to report vulnerabilities, making it difficult for the FBI and U.S. government to track them down, according to a former U.S. intelligence community official.
With hackers attacking gas pipelines, food production and water supplies, bureaucratic bottlenecks are now less likely to prevent federal agents from coming up with aggressive measures to defend U.S. cybersecurity, said Milan Patel, a former FBI cyber agent and now head of global managed security services at cybersecurity firm BlueVoyant.
The reality, he said, “is that the FBI is under extreme pressure to use existing laws and regulations to find ways to thwart these attacks.”
Photo credit: Web
Posted by:CoinYuppie，Reprinted with attribution to:https://coinyuppie.com/a-blessing-in-disguise-colonial-pipeline-bitcoin-ransom-case-accelerates-u-s-cybersecurity/
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.