First Thing, Daily Maverick's flagship newsletter

Join the 230 000 South Africans who read First Thing newsletter.

We'd like our readers to start paying for Daily Maverick

More specifically, we'd like those who can afford to pay to start paying. What it comes down to is whether or not you value Daily Maverick. Think of us in terms of your daily cappuccino from your favourite coffee shop. It costs around R35. That’s R1,050 per month on frothy milk. Don’t get us wrong, we’re almost exclusively fuelled by coffee. BUT maybe R200 of that R1,050 could go to the journalism that’s fighting for the country?

We don’t dictate how much we’d like our readers to contribute. After all, how much you value our work is subjective (and frankly, every amount helps). At R200, you get it back in Uber Eats and ride vouchers every month, but that’s just a suggestion. A little less than a week’s worth of cappuccinos.

We can't survive on hope and our own determination. Our country is going to be considerably worse off if we don’t have a strong, sustainable news media. If you’re rejigging your budgets, and it comes to choosing between frothy milk and Daily Maverick, we hope you might reconsider that cappuccino.

We need your help. And we’re not ashamed to ask for it.

Our mission is to Defend Truth. Join Maverick Insider.

Support Daily Maverick→
Payment options

U.S. Department of Justice elevating investigations of...

Newsdeck

World

U.S. Department of Justice elevating investigations of ransomware

By Reuters
03 Jun 2021 1

WASHINGTON, June 3 (Reuters) - The U.S. Department of Justice is elevating investigations of ransomware attacks to a similar priority as terrorism in the wake of the Colonial Pipeline hack and mounting damage caused by cyber criminals, a senior department official told Reuters.

By Christopher Bing

Internal guidance sent on Thursday to U.S. attorney’s offices across the country said information about ransomware investigations in the field should be centrally coordinated with a recently created task force in Washington.

“It’s a specialized process to ensure we track all ransomware cases regardless of where it may be referred in this country, so you can make the connections between actors and work your way up to disrupt the whole chain,” said John Carlin, principle associate deputy attorney general at the Justice Department.

Last month, a cyber criminal group that the U.S. authorities said operates from Russia, penetrated the pipeline operator on the U.S. East Coast, locking its systems and demanding a ransom. The hack caused a shutdown lasting several days, led to a spike in gas prices, panic buying and localized fuel shortages in the southeast.

Colonial Pipeline decided to pay the hackers who invaded their systems nearly $5 million to regain access, the company said.

The DOJ guidance specifically refers to Colonial as an example of the “growing threat that ransomware and digital extortion pose to the nation.”

“To ensure we can make necessary connections across national and global cases and investigations, and to allow us to develop a comprehensive picture of the national and economic security threats we face, we must enhance and centralize our internal tracking,” said the guidance seen by Reuters and previously unreported.

The Justice Department’s decision to push ransomware into this special process illustrates how the issue is being prioritized, U.S. officials said.

“We’ve used this model around terrorism before but never with ransomware,” said Carlin. The process has typically been reserved for a short list of topics, including national security cases, legal experts said.

In practice, it means that investigators in U.S. attorney’s offices handling ransomware attacks will be expected to share both updated case details and active technical information with leaders in Washington.

The guidance also asks the offices to look at and include other investigations focused on the larger cybercrime ecosystem.

According to the guidance, the list of investigations that now require central notification include cases involving: counter anti-virus services, illicit online forums or marketplaces, cryptocurrency exchanges, bulletproof hosting services, botnets and online money laundering services.

Bulletproof hosting services refer to opaque internet infrastructure registration services which help cyber criminals to anonymously conduct intrusions.

A botnet is a group of compromised internet-connected devices that can be manipulated to cause digital havoc. Hackers build, buy and rent out botnets in order to conduct cyber crimes ranging from advertising fraud to large cyberattacks.

“We really want to make sure prosecutors and criminal investigators report and are tracking … cryptocurrency exchanges, illicit online forums or marketplaces where people are selling hacking tools, network access credentials – going after the botnets that serve multiple purposes,” said Carlin.

Mark Califano, a former U.S. attorney and cybercrime expert, said the “heightened reporting could allow DOJ to more effectively deploy resources” and to “identify common exploits” used by cybercriminals. (Reporting by Christopher Bing; Editing by Grant McCool)

Gallery

Comments - share your knowledge and experience

Please note you must be a Maverick Insider to comment. Sign up here or sign in if you are already an Insider.

Everybody has an opinion but not everyone has the knowledge and the experience to contribute meaningfully to a discussion. That’s what we want from our members. Help us learn with your expertise and insights on articles that we publish. We encourage different, respectful viewpoints to further our understanding of the world. View our comments policy here.

All Comments 1

  • Given that cybercrime (including ransomware specifically mentioned here) has been around for a while, why is it only getting attention now ? A case of trying to catch the horse after it has bolted ? OR … are the hackers just ‘way ahead’ of the authorities … always ?

Please peer review 3 community comments before your comment can be posted