Federal agencies have begun arming themselves for war against cybercrime. By the nanosecond, the ubiquitous Internet and related technology offer endless opportunities for wrongdoing. Notorious Russian hackers meddled in companies that manufactured and sold voter registration software and voting equipment to influence last year’s Presidential election. In September 2017, credit reporting company Equifax announced that sensitive financial data of over 143 million consumers had been hacked, exposing customers to identity theft. A Brooklyn man has been sued for operating a bitcoin Ponzi scheme to acquire $600,000 in unregistered fraudulent investments. The share prices of publicly traded companies have been manipulated through fake news shared and tweeted on social media. The speed of online innovation and the increase of online engagement makes it increasingly difficult to keep track of the latest digital developments, let alone any potential misuse of such technology. The annual cost of global cybercrime is predicted to double from $3 trillion in 2015 to $6 trillion in 2021, according to Cybersecurity Ventures. In response, federal regulators have started new units and initiatives to combat misconduct in the cyber world.

A Congressional Resource Services report issued in August 2017 stated, “In cyberspace, criminals can compromise financial assets, hacktivists can flood websites with traffic—effectively shutting them down, and spies can steal intellectual property and government secrets.” The federal government and agencies have recognized the need to be equipped to respond to these incidents. Although the FBI’s Cyber Division has been up and running for 15 years now, the Securities and Exchange Commission and Commodities Futures Trading Commission recently have announced the development of new units focused exclusively on cyber-based threats.

In September 2017, the SEC announced two new initiatives to address misconduct through the cyber world and to insure that the agency is as up-to-date with technology as are those who seek to abuse it. The agency created a Cyber Unit focused on targeting cyber-related misconduct. According to the press release issued by the agency, the Unit will investigate market manipulation schemes involving false information spread through electronic and social media and hacking to obtain material non-public information.

The SEC’s Cyber Unit also will focus on possible securities law violations involving crypto or digital currencies, such as Bitcoin, and the sale of such currencies through Initial Coin Offerings (ICOs). The creation of the Cyber Unit came in the wake of guidance from the SEC on the risks of investing in ICOs and a detailed report on its investigation into potential securities law violations within the context of an initial coin offering by an Internet-based organization that operated as a decentralized venture capital fund.

The SEC is losing no time making its mark. In SEC v. REcoin Group Foundation, LLC et al., a lawsuit filed in September in the Eastern District of New York, the agency alleges that the defendants illegally raised funds from hundreds of investors by offering nonexistent digital “tokens” or “coins” supposedly backed by investments in real estate and diamonds. According to the SEC, the defendants styled certain ICOs as sales in club memberships in order to evade securities laws, including registration requirements. The Cyber Unit also will investigate misconduct perpetrated using the dark web where cryptocurrencies are used to pay for illicit goods. This is likely to be an area of great activity given that the number of cryptocurrencies being traded is at an all-time high and their financial value reached a historic peak in 2017.

SEC Enforcement Division co-director, Stephanie Avakian, during the Securities Enforcement Forum last week, emphasized that “Blockchain technology presents many interesting issues and can of course present legitimate opportunities for raising capital. But, like many legitimate ways of raising capital, the popular appeal of virtual currency and Blockchain technology can be an attractive vehicle for fraudulent conduct. We think that creating a permanent structure for the consideration of these issues within the Cyber Unit will ensure continued focus on protecting both investors and market integrity in this space.” In targeting these areas, the agency said it would rely on the “substantial experience” its Enforcement Division has garnered in recent years in detecting fraudulent conduct in an ”increasingly technological and data-driven landscape.”

Not to be left behind, the CFTC also is working to combat cyber threats in the futures and options markets. In September 2016, the agency approved amendments to its rules requiring designated contract markets, swap execution facilities, swap data repositories and derivatives clearing organizations to have in place cybersecurity programs of risk analysis and oversight. These entities are now required to conduct testing and review sufficient to ensure that their automated systems are reasonably reliable and secure and have adequate scalable capacity.

The CFTC also has established LabCFTC, a financial technology (FinTech) initiative tasked with supporting the growth of the FinTech industry by ferreting out and punishing wrongdoers. Last month, LabCFTC released a “Primer on Virtual Currencies,” the first of a series of releases dedicated to understanding emerging financial technologies and identifying regulatory issues that arise as a result. The Primer aims to advise consumers to be mindful of the potential risks of cryptocurrencies.

Like the SEC, the CFTC has moved quickly. In September 2017, the agency announced that it had filed charges in the Southern District of New York charging a Brooklyn individual and company with fraud, misappropriation and issuing false account statements in connection with solicited investments in Bitcoin. Specifically, the CFTC complaint alleges that the defendants operated a Bitcoin Ponzi scheme in which they solicited more than investments, created false performance reports, and paid out “profits” that were actually other customers’ misappropriated funds.

These new initiatives join ongoing federal law enforcement efforts to combat cyber incidents. The FBI’s Cyber Division focuses on “high level intrusions by state-sponsored hackers and global cyber syndicates, and the most prolific botnets” and has been particularly focused on proactively preventing malicious cyber events rather than just reacting to them after the fact. The National Cyber Investigative Joint Task Force also was established to serve as a multi-agency national focal point for coordinating, integrating and sharing pertinent information related to cyber threat investigations.

For its part, the Department of Justice has long been a forerunner in combating cyber-crime. Over the past 20 years, its Computer Crime and Intellectual Property Section has focused on investigating the theft of information via computer hacking, ransomware and digital piracy. The section has also participated in international investigations involving illegal activity conducted on the “dark web.” For instance, in July 2017, the Justice Department seized and shut down the “dark net” site AlphaBay which was used by hundreds of thousands to illegally and anonymously purchase fentanyl and heroin. Most recently, the CCIPS began a new initiative with a Cybersecurity Unit to provide guidance on best practices for victim response and reporting of cyber incidents, analysis of the implications of emerging technological changes like the Internet of Things, and white papers on topics such as information sharing and reports on active defense.

Although the federal government recognizes the power of digital technology and the accompanying advancements, it nevertheless is aware of, and is taking up arms to address, the accompanying danger that these rapidly advancing and ever-changing technologies pose as a vehicle for fraud. Entities and individuals operating in the digital space must make sure that online transactions or efforts are compliant with evolving federal agency rules and applications.

From The Insider Blog:  White Collar Defense & Securities Enforcement