Arrow-right Camera
The Spokesman-Review Newspaper

The Spokesman-Review Newspaper The Spokesman-Review

Spokane, Washington  Est. May 19, 1883
Clear Day 56° Clear
News >  Nation/World

FBI, US agencies look beyond indictments in cybercrime fight

UPDATED: Tue., Jan. 18, 2022

FILE - This June 14, 2018 file photo shows an FBI seal on a podium before a news conference at the agency's headquarters in Washington. The FBI and other federal government agencies are increasingly looking to counter cyber threats through tools other than criminal indictments. That's according to the bureau’s top cyber official.  (Jose Luis Magana)
FILE - This June 14, 2018 file photo shows an FBI seal on a podium before a news conference at the agency's headquarters in Washington. The FBI and other federal government agencies are increasingly looking to counter cyber threats through tools other than criminal indictments. That's according to the bureau’s top cyber official. (Jose Luis Magana)
By Eric Tucker Associated Press

WASHINGTON – The FBI and other federal agencies are increasingly looking to counter cyberthreats through tools other than criminal indictments, the bureau’s top cyber official said in an interview with The Associated Press.

Arrests and indictments of foreign cybercriminals are still appropriate in certain circumstances and something the FBI pursues “every day of the week,” said Assistant Director Bryan Vorndran. But as federal agencies look to have the most disruptive impact possible on cybercrime, FBI officials are thinking carefully about how best to time an indictment, or whether an indictment is even the best action.

“We’re just much more mature in the space of working with our interagency partners, and really keeping an eye down the road in terms of how we have the biggest impact,” Vorndran said.

The FBI, he said, is now “very open to being told that when it comes to an adversary, ‘You know what, as a team member, it may not be the right time to deploy an indictment, but it very much may be the right time to deploy’” an action from U.S. Cyber Command.

The evolution reflects that multiple government agencies share responsibility for, and have unique roles in, countering a cyberthreat that has only deepened over the last decade. The Justice Department has long regarded indictments of foreign hackers as a way to “name-and-shame” them and deter the hostile governments that employ them. Other government agencies, though, are bringing their own powers to the table that may trump the use of criminal charges or impose greater costs or deterrence.

Cyber Command, an arm of the Defense Department established in 2010, has grown aggressive in its pursuit of hackers, conducting more than two dozen operations intended to thwart interference in the 2020 presidential election and more recently against ransomware gangs. The White House has shared information about Russian hackers with the Kremlin for it to take action. Last week, Russia’s Federal Security Service, or FSB, announced the detention of members of the REvil ransomware gang.

The FBI itself has used actions other than indictments. In June, it recovered most of a roughly $4.4 million ransom that Colonial Pipeline paid to hackers that carried out a ransomware attack. It secured a court warrant in April that gave it remote access to hundreds of computers to counter a massive hack of Microsoft Exchange email server software.

Vorndran spoke to the AP after participating last week in a Silverado Policy Accelerator discussion in which he said the FBI was moving away from “an indictment and arrest first model, and to the totality of imposing costs on our adversaries.”

“That probably is a simple way of saying we’re really trying to work with everybody, public and private sector partners, to understand the totality of the capabilities and the authorities that exist … so that we have the biggest impact at the moment in matters,” he said in the interview.

Indictments, a bread-and-butter tactic of law enforcement, can lock accused hackers inside their home countries and put adversaries on notice that their actions have been detected. But their practical impact is often limited since there’s generally minimal chance of a defendant being brought to the U.S. for trial.

Perhaps the first prominent example was a 2014 case against five Chinese military hackers accused of siphoning secrets from major American corporations. In the years since, federal prosecutors have charged North Korean computer programmers in hacks of Sony Pictures Entertainment; Russian intelligence agents in a breach of Yahoo; Iranian hackers in an attack on a small dam outside New York City; and Chinese operatives with targeting firms developing vaccines for the coronavirus.

The cases have all generated publicity splashes, though they’ve hardly curbed hacking from foreign countries. And given the absence of extradition treaties with countries the U.S. regards as the biggest cyber offenders, arrests of indicted hackers are exceedingly rare.

There have, however, been isolated exceptions when hackers wanted by the U.S. have traveled from their home countries and been arrested. That happened last fall when the Justice Department unsealed an indictment charging Yaroslav Vasinskyi in the Kaseya ransomware attack after the suspected Ukrainian hacker traveled to Poland.

The arrest produced a Justice Department press conference with Attorney General Merrick Garland, a sure sign that prosecutors won’t abandon their pursuit of indictments when they think it makes sense.

“That’s certainly a tool that the interagency and the FBI are prepared to use and are working towards,” Vorndran said of indictments, “but it’s not the only tool.”

The Spokesman-Review Newspaper

Local journalism is essential.

Give directly to The Spokesman-Review's Northwest Passages community forums series -- which helps to offset the costs of several reporter and editor positions at the newspaper -- by using the easy options below. Gifts processed in this system are not tax deductible, but are predominately used to help meet the local financial requirements needed to receive national matching-grant funds.

Active Person

Subscribe now to get breaking news alerts in your email inbox

Get breaking news delivered to your inbox as it happens.