The emergence of cybercrime as a global phenomenon is causing the FBI and Justice Department to increasingly rely on international law enforcement collaboration, legal treaties and informal agreements in addition to cooperation from the private sector, Assistant Attorney General for the Criminal Division Leslie Caldwell described, Thursday.
“We have greatly increased our international cooperation with international law enforcement partners all around the world, including in countries that just two years ago we had no relationship with,” Caldwell said. “As cybercrime proliferates so too does our relationships with countries around the world. We’ve got to continue to do build those international relationships and grow them and improve them because they are going to be more and more critical every single day.”
In an effort to fight these criminals, Caldwell said the Justice Department will be pursuing new legislative remedies next year in the same vein as recent changes made to Rule 41, which became effective as of Dec. 1.
These changes to Rule 41 — a mandate first designed in the scope of wiretap authorization procedures — enables investigators to secure warrants during the course of computer crime cases even while the suspect’s actual location is hidden. Critics believe the rule change will cause the FBI to expand its use of hacking techniques to access evidence on computers.
“There are other laws that we look to fix and to change and to update. As I have said, most of these proposed fixes are very technical and very narrow and they are designed just like the Rule 41 change to address very specific issues that we have encountered,” said Caldwell.
The Assistant Attorney General provided no further information regarding proposed, future changes to existing federal rules of criminal procedures and was unavailable for questions follow her public speaking event.
Caldwell’s comments — which were made during a speech at the Center for Strategic and International Studies, a D.C.-based think tank — come just one week after european law enforcement authorities disclosed multiple arrested associated with the dismantling of an international cybercrime network known as Avalanche.
“We’ve really developed our capabilities to disrupt criminal networks both here and overseas … working hand in hand with international partners to address technical threat like botnets, bulletproof hosts, darknet markets and international hacking forums,” said Caldwell.
The downfall of Avalanche is being trumpeted as a sort case study, showing how domestic law enforcement can combat digital crime through multi-stakeholder cooperation.
The Avalanche takedown operation included help from prosecutors and investigators in 40 different countries. It is believed that the criminal network caused more than $100 million in damages to a wide array of both public and private sector organizations — largely through the deployment of ransomware and banking trojans.
Broadly speaking, the advent and proliferation of hacking tools and anonymizing software are allowing cybercriminal to cause greater damage with less effort while seeing more of a return on their investment, Caldwell explained.
“We’ve seen a growth in global, very sophisticated cyberthreats. And there are some very significant loopholes in terms of our legal authorities, many of which have not kept pace with changes in technology,” Caldwell said.
She added, “in recent years and frankly since I have been on this job, there has been a drastic increase in warrant-proof encryption … [also] our access to offshore data and cross border access to data is very inefficient and very haphazard,” Caldwell said of the Justice Department’s challenges in prosecuting cybercrime.
While Caldwell — who said she plans to leave public service before the President-elect’s inauguration on January 20 — spoke extensively about the Bureau’s challenges to prosecute computer crimes on Thursday, it is also true that U.S. law enforcement is undoubtedly getting better at tracking down these types of criminals.
Over just the last four months, the Justice Department has announced the arrest of multiple prominent hackers, including a series of individuals responsible for breaking into email accounts belonging to U.S. officials. Other recent prosecutions include the sentencing of 22-year-old Timothy French, an accomplished hacker who targeted multiple universities and telecommunications companies, and Ricardo Hill, best known for breaking into JPMorgan Chase & Co. in an operation that compromised more than 80 million records.