The U.S. government is intensifying efforts to combat the criminal use of cryptocurrencies as federal prosecutors continue to target the business models and logistics of cybercrimes such as ransomware, Deputy Attorney General Lisa Monaco said Thursday.
Speaking at the Munich Cyber Security Conference to announce several key developments in the government’s approach, Monaco said that the National Cryptocurrency Enforcement Team (NCET) — unveiled in October as part of an overall U.S. government to focus its resources on combatting ransomware operators — is getting its first director: Eun Young Choi.
Choi is a seasoned federal cybersecurity prosecutor who most recently led the prosecution of Andrei Tyurin, a Russian national convicted of computer intrusion, wire fraud and other charges related to the theft of personal data from over 100 million customers of major U.S. financial firms. He was sentenced to 12 years in prison in January 2021.
“Ransomware and digital extortion — like many other crimes that are fueled by cryptocurrency — only work if the bad guys get paid,” Monaco said. “Which means we have to bust their business model.”
The team is now up to a dozen prosecutors, Monaco said, some of whom are involved in the case against the New York City couple arrested and accused of conspiring to launder $4.5 billion worth of cryptocurrency stolen in 2016 during the hack of cryptocurrency exchange Bitfinex. The Department of Justice said it had seized more than $3.6 billion in cryptocurrency as part of the case, its largest recovery to date.
In announcing the arrests on Feb. 8, U.S. Attorney for the District of Columbia Matthew Graves said cryptocurrency and virtual currency exchanges are “an expanding part of the U.S. financial system, but digital currency heists executed through complex money laundering schemes could undermine confidence in cryptocurrency.” As such, he said, the DOJ needs to use “21st century investigative techniques to recover the stolen funds and to hold the perpetrators accountable.”
Monaco also said that the DOJ would more proactively think about disrupting cybercrimes in action, even if it meant foregoing prosecution.
“Moving forward, prosecutors, agents, and analysts will now assess — at each stage of a cyber investigation — whether to use disruptive actions against cyber threats, even if they might otherwise tip the cybercriminals off and jeopardize the potential for charges and arrests,” she said.
Monaco further announced that the FBI is forming the Virtual Asset Exploitation Unit, an effort to combine cryptocurrency experts in areas such as equipment, blockchain analysis and virtual asset seizure in one place to work investigations and provide training to the rest of the FBI. The group will work closely with the NCET, she said.
Additionally, the DOJ will launch an International Virtual Currency Initiative to foster international law enforcement operations to track money through the blockchain, and work to regulate and beef up anti-money laundering requirements regarding cryptocurrency, she said.
Monaco also said that she was “absolutely concerned” about potential cyberattack “spillover” if the Russian government launches serious cyberattacks against Ukraine as part of any military incursion there, likening it to the 2017 NotPetya attack that was targeted against Ukraine but affected networks around the world and causing billions in damages.
Monaco said any attacks on critical infrastructure are “unacceptable and will be met with response.” Additionally, given the “very high tensions we are experiencing,” companies of any size would be “foolish not to be preparing right now,” to increase defenses, install patches and monitor for cybersecurity defenses and incidents.
In response to a question about the Russian government’s recent crackdown on Russian-based cybercriminals, Monaco said that “in the complex geopolitical environment we’re in, I think we need to consider the timing of those actions.” The U.S. government welcomes the arrests, she said, but “whatever the signal intended,” the U.S. government’s signal is “clear” in that it will continue to aggressively target international cybercriminals.
Update, 2/17/2022: With Monaco’s answers to questions about the ongoing crisis in Ukraine and Russian government crackdown on cybercrime.