US Offering $10 Million Reward for Cyberthreat InformationState Department, DHS Focus on Ransomware Threats to Critical Infrastructure
The U.S. Department of State is now offering rewards of up to $10 million for information about cyberthreats to the nation's critical infrastructure.
Meanwhile, the Department of Homeland Security and the Justice Department have unveiled a website called StopRansomware, which is described as a central hub for consolidating ransomware-fighting resources from all federal government agencies.
The reward money for cyberthreats information is being administered through the State Department's Rewards for Justice program, which is overseen by the Diplomatic Security Service bureau. The money will be awarded "for information leading to the identification or location of any person who, while acting at the direction or under the control of a foreign government, participates in malicious cyber activities against U.S. critical infrastructure in violation of the Computer Fraud and Abuse Act," according to the State Department.
The Rewards for Justice program was created in the 1980s to help gather information that could be used to help counter terrorism threats. Now, the program is being expanded to offer cash rewards for information about attackers who target or attempt to target critical infrastructure.
"Violations of the statute may include transmitting extortion threats as part of ransomware attacks; intentional unauthorized access to a computer or exceeding authorized access and thereby obtaining information from any protected computer; and knowingly causing the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causing damage without authorization to a protected computer," according to the State Department's announcement.
The department has established a darknet, Tor-based site to receive confidential tips and information.
More Work to Do
Although offering rewards could prove helpful in tracking down cyberthreats, the government should find ways to further expand the project, says Phil Reitinger, the president and CEO of the Global Cyber Alliance.
"The Rewards for Justice program offer only relates to threats to critical infrastructure and only to hackers operating under the direction or control of a foreign government," says Reitinger, who formerly served as the director of the National Cyber Security Center within the U.S. Department of Homeland Security. "The program would be much broader if it included hackers who operate with tacit consent of a government versus receiving actual direction. In addition, it is generally likely that hackers operating under state control are not heavily influenced by the possibility of criminal prosecution."
But the new rewards program could lead to government officials becoming overwhelmed with tips as well as misinformation about ransomware and other attacks, says Austin Berglas, who formerly was an assistant special agent in charge of cyber investigations at the FBI's New York office.
"The difficulty is the number of resources that will be necessary to separate the 'signal' from the 'noise' and identify the legitimate tips," Berglas says.
The tips could prove useless if cybercrime gangs continue to operate from safe havens in Russia and other countries, Berglas notes.
"We still have to overcome the safe harbor provided by Russia and others - there are numerous existing cases where warrants are obtained and red notices are disseminated for criminals residing in these countries," says Berglas, now the global head of professional services at cybersecurity firm BlueVoyant.
The U.S. government has previously tried to use financial incentives to help gather information about nation-state groups that pose a threat, including a $5 million reward for details about North Korean cyber activity (see: US Offers $5 Million Reward for N. Korea Hacker Information).
Focus on Ransomware and Russia
The reward program comes as the Biden administration is attempting to step up its response to a series of ransomware attacks that have targeted U.S. critical infrastructure over the past several months, including incidents targeting Colonial Pipeline Co., which supplies fuel to about 45% of the U.S. East Coast, and JBS - a major meat processor.
On July 2, software developer Kaseya was hit by ransomware that infected about 60 managed service providers that use the company's Virtual System Administrator technology as well as up to 1,500 of those MSPs' customers. The Russian-speaking cybercriminal gang REvil is suspected of carrying out this attack (see: Kaseya Says Software Fully Patched After Ransomware Attack).
Earlier this week, the darknet website and infrastructure of the REvil gang went offline, although it's not clear if operators shut down operations or were forced to relocate their servers (see: REvil's Infrastructure Goes Offline).
Biden and Putin
Following the attacks on Kaseya, President Joe Biden spoke to Russian President Vladimir Putin on July 9, and repeated the same demands that he made during their June summit in Geneva: that the Russian government needs to crack down on cybercriminal activity within its borders.
Biden added that the U.S. government is prepared to take "any necessary action to defend its people and its critical infrastructure in the face" of these attacks, according to the official readout posted by the White House.
Rep. Jim Langevin, D-R.I., who is the chairman of the House Armed Services Committee’s Subcommittee on Cyber, Innovative Technologies, and Information Systems, says the Biden administration needs to do more to make cybersecurity part of its diplomacy and back that up with additional support for agencies such as the U.S. Cybersecurity and Infrastructure Agency to counter ransomware attacks.
"We also need to push back on criminals and the nations that harbor them, so I'm glad that President Biden has made diplomatic engagement on cybersecurity a top priority in his conversations with other heads of state," Langevin tells Information Security Media Group. "However, policy changes can only get us so far."
Other Biden Administration Initiatives
The Biden administration is working on other measures to disrupt ransomware attacks, including faster sharing of information with organizations and the potential launching of disruptive campaigns targeting these criminal gangs, according to Politico.
Anne Neuberger, the deputy national security adviser for cyber and emerging technology, briefed some lawmakers about these efforts on Wednesday, Politico reports.
The Justice Department has already created a Ransomware and Digital Extortion Task Force, which includes DOJ officials as well as representatives from the FBI and the Executive Office for United States Attorneys, as a way to coordinate investigations into attacks (see: DOJ Launches Task Force to Battle Ransomware Threat).
All the ongoing government efforts are an attempt to make it easier for the U.S. to bring criminal cases against those wielding ransomware and help with attack attribution, says Mike Hamilton, a former vice chair of the Department of Homeland Security's State, Local, Tribal, and Territorial Government Coordinating Council.
"If the U.S. government can incentivize someone to provide evidence of such an attack, paying out $10 million is probably a good deal considering the resources we bring to bear with the intelligence community for the same outcome," says Hamilton, now the CISO for Critical Insights.