A barrage of hacking indictments released this week is part of a conscious effort to deter foreign hackers from prying into U.S. networks, Deputy Attorney General Rod Rosenstein said at a cybersecurity event yesterday.
Details in the back-to-back cyber crime indictments "reflect our capability, and I think that’s a really important point," Rosenstein said at the Georgetown University Law Center’s Cybercrime 2020 Conference. "Our goal is to send a message that we can catch you."
On Tuesday, the Justice Department unsealed a 13-count indictment alleging eight Russian and Kazakh nationals built "botnets" of hacked computers to conduct millions of dollars’ worth of digital ad fraud. The following day, another DOJ indictment accused two Iranian citizens of spreading "SamSam" ransomware across multiple U.S. city, hospital and school networks, causing more than $30 million in damage.
"If we can catch two people sitting in Iran, which is not exactly a friendly ally of the United States — if we can identify those people by name, and in one case we even published the suspect’s photograph — we can identify you anywhere in the world," Rosenstein said.
SamSam’s alleged architects, Mohammad Mansouri and Faramarz Savandi, remain at large in Tehran (Energywire, Nov. 29). In the separate botnet case, law enforcement officials were able to arrest three of the defendants, while five remain at large.
While neither case unveiled this week involved alleged state-sponsored hackers, Justice Department leaders under President Trump have had a propensity to name and shame foreign spies who attempt to hack U.S. companies or critical infrastructure. Just last month, DOJ tied Russian government hackers to a cyber espionage campaign against nuclear company Westinghouse Electric Co. and global anti-doping organizations, among other targets.
Rosenstein called the ability to unmask specific hackers "critical" to DOJ’s role in U.S. cybersecurity. "You cannot deter malicious uses of technology without having a credible capacity to impose punishment for committing fraud, hacking into information systems, stealing data and disabling computers," he said.
Experts have cautioned that the jury’s still out over the efficacy of the Trump administration’s cyber deterrence policy, which, in addition to naming and shaming foreign hackers, includes a "defend forward" mission for U.S. Cyber Command to strike back at hackers menacing America’s most vital networks, like the power grid.
Scale and scope of the threat
That aggressive approach to cyber deterrence could tamp down on the number of crippling cyberattacks — or it could exacerbate them. "We don’t know," Jason Healey, a senior research scholar at Columbia University, said at a cybersecurity conference yesterday. "There is no evidence, or there is not much evidence either way, to try to answer that."
Healey has pushed for a more rigorous assessment of U.S. cyber deterrence policies to ensure they play out as intended in the murky world of spies and hackers.
"When you’re trying to drive when your car is spinning on ice, it’s really easy to overcorrect," he said. "Any input you might make might push you farther and farther to the extreme."
The Justice Department detailed its approach to cyber deterrence in a July report, calling it a "key factor" for U.S. cybersecurity. Still, the report of the attorney general’s Cyber Digital Task Force concluded that "the reality is that identity-masking technologies and international investigative barriers pose unique challenges for deterring cyber threats."
Since Rosenstein signed off on that July 2 report, his status in the nation’s second-highest-ranking law enforcement post has come under pressure from Trump.
Trump retweeted an illustration Wednesday of Rosenstein sharing a jail cell with perceived foes of the current administration, from Hillary Clinton to special counsel Robert Mueller, who is investigating Trump’s possible ties to Russian efforts to interfere with the 2016 presidential election. Rosenstein appointed Mueller as special counsel in 2017 after then-Attorney General Jeff Sessions recused himself from the Russia investigation.
Rosenstein "should have never picked a special counsel," Trump told the New York Post in a recent interview.
Despite incurring Trump’s ire, Rosenstein has stayed on as deputy attorney general, even after Trump ousted Sessions from the top DOJ post earlier this month (E&E News PM, Nov. 7).
Rosenstein did not address Trump’s comments at the cyber crime conference yesterday. While fielding a question about what threats keep him awake at night, Rosenstein quipped that he "slept a lot better" in his last job as U.S. attorney for the District of Maryland.
"I’ve come to appreciate the scope and scale of the foreign threats that we face and the cyberthreats in particular," he said. "That’s something I certainly didn’t fully appreciate before I took this job."