U.S. Assistant Attorney General for the Criminal Division Brian A. Benczkowski advocated for policies that facilitate the cross-border transfer of critical information among law enforcement agencies investigating multinational criminal cyber networks.
In remarks delivered at the "Justice in Cyberspace" Symposium in Washington, DC, AAG Benczkowski stated that the most serious cybersecurity threats are not from "lone wol[f]" hackers but sophisticated multinational groups of cybercriminals. Within these criminal ecosystems, elements work to develop malware designed to steal personal and financial information, while others function in parallel to hunt for vulnerabilities within computer systems or to design malware that is undetectable.
To disrupt these criminal cyber networks, AAG Benczkowski advocated for policies that facilitate the cross-border transfer of critical information among law enforcement. According to AAG Benczkowski, investigations into cybercrime rely on electronic evidence, but as companies increasingly store data abroad, this evidence becomes more difficult to collect. To address this, he said that the DOJ is working to facilitate international evidence collection. In October, Attorney General William Barr signed the CLOUD Act agreement with the UK, which, if approved, would enable U.S. or UK law enforcement to serve communication services in the other country with court orders for electronic evidence. The U.S. has also strengthened cybercrime enforcement and international capacity-building partnerships by coordinating with Eurojust and Europol's European Cybercrime Center (or "EC3"). Additionally, the DOJ recently placed an International Computer Hacking and Intellectual Property Attorney-Advisor in The Hague to address the growing threat of cybercrime emanating from Eastern Europe.
AAG Benczkowski also addressed the investigatory challenges posed by encryption. He said that default encrypted devices and services can slow down or prevent law enforcement from accessing crucial electronic evidence, even in instances where a warrant has been obtained. Although AAG Benczkowski did not propose a solution, he noted that the DOJ will "continue to highlight this problem until a solution is reached that respects the rule of law and our constitutional order."
AAG Benczkowski's speech focused on the challenges faced by law enforcement in investigating international criminal cybernetworks. There are several notable takeaways. One is the continued advancement in sophistication of overseas hackers, many of which have the financial and technological backing of foreign military or state security agencies. No longer content with identity theft or financial crimes, these groups are apt to focus on more ambitious goals such as industrial espionage, intellectual property theft, and disruption of critical infrastructure such as financial markets, utilities, and municipal governments.
U.S. companies should not only prepare for the worst but consider reaching out to law enforcement for support in the event of a hack or other malicious attack. While many U.S. firms remain wary of having the FBI or DHS looking over their shoulder, the reality is they can bring a degree of threat awareness and response resources that can help to level the playing field against a cyber opponent who may be operating with the support of a hostile foreign government such as China, Iran, North Korea or Russia.