{ "id": "IN11257", "type": "CRS Insight", "typeId": "INSIGHTS", "number": "IN11257", "active": true, "source": "EveryCRSReport.com", "versions": [ { "source": "EveryCRSReport.com", "id": 620356, "date": "2020-03-19", "retrieved": "2020-03-20T18:01:33.614898", "title": "COVID-19: Cybercrime Opportunities and Law Enforcement Response", "summary": "Opportunistic criminals and other malicious actors exploit the internet and rapidly evolving technology to their advantage. Criminals can compromise financial assets; hacktivists can flood websites with traffic, effectively shutting them down; and spies can steal intellectual property and government secrets. And, they capitalize on ever changing world events. Federal officials have cautioned about scams relating to the outbreak of disease caused by a previously unidentified strain of coronavirus, designated Coronavirus Disease 2019, or COVID-19. They have noted that \u201c[c]yber actors may send emails with malicious attachments or links to fraudulent websites to trick victims into revealing sensitive information or donating to fraudulent charities or causes.\u201d\nIndeed, analysts and officials have reported criminals using public interest in COVID-19 to their advantage. For instance, the Department of Justice (DOJ) cites \u201creports of individuals and businesses selling fake cures for COVID-19 online and engaging in other forms of fraud, reports of phishing emails from entities posing as the World Health Organization or the Centers for Disease Control and Prevention, and reports of malware being inserted onto mobile apps designed to track the spread of the virus.\u201d In one scheme reported by security experts, hackers sold a malware infection kit that used an interactive map of coronavirus infections produced by Johns Hopkins University. The kit was designed to spread malware to steal passwords.\nCybercrime Investigations\nFederal law enforcement has the principal role in investigating and attributing cyber incidents, including those that may take advantage of heightened public interest in the COVID-19 pandemic, to specific perpetrators, and this responsibility has been codified within the broader framework of federal cyber incident response. Specifically, DOJ\u2014through the Federal Bureau of Investigation (FBI) and National Cyber Investigative Joint Task Force (NCIJTF)\u2014is the designated lead in responding to these threats. \nFBI Cyber Investigations\nThe FBI pursues cybercrime cases ranging from computer hacking and intellectual property rights violations to child exploitation, fraud, and identity theft. Its top cyber priorities involve combating computer and network intrusions and investigating ransomware. The FBI\u2019s cyber efforts are focused on \u201chigh-level intrusions by state-sponsored hackers, global organized crime syndicates, and other technically sophisticated and dangerous actors.\u201d \nOne key challenge involves moving away from reacting to malicious cyber events and toward preventing them. As such, the FBI has focused resources on enhancing cyber capabilities in a number of ways, including bolstering the FBI\u2019s cyber workforce, strengthening the NCIJTF, expanding Cyber Task Forces (CTFs) and focusing their efforts on computer/network intrusion investigations, and increasing information sharing and coordination with the private sector.\nTask Forces and Partnerships\nThe NCIJTF was established by National Security Presidential Directive-54/Homeland Security Presidential Directive-23 in January 2008. The NCIJTF\u2019s mission is to \u201cserve as a multi-agency national focal point for coordinating, integrating, and sharing pertinent information related to cyber threat investigations.\u201d Led by the FBI, the NCIJTF coordinates over 20 federal agencies, including law enforcement, intelligence, and the military. It also collaborates with the private sector and international partners. Early on, there were concerns that \u201cthe NCIJTF was not always sharing information about cyber threats among the partner agencies.\u201d There were also criticisms that the NCIJTF was perceived as an extension of the FBI\u2019s Cyber Division instead of as a multiagency effort. However, DOJ\u2019s Inspector General has since noted that these issues have improved.\nThe FBI leads several other task forces and partnerships focused on cyber threat response. For instance, there is a CTF at each field office. CTFs focus on local cybersecurity threats, respond to incidents, and maintain relationships with companies and institutions. CTFs also support the national effort to combat cybercrime by participating in national virtual teams on certain cyber issues and providing cyber subject matter experts or enhanced capability outside of their assigned areas, when needed. Additionally, the FBI has established and maintained Cyber Action Teams of agents and computer scientists that can be rapidly deployed around the world to assist in computer intrusion investigations. In addition to domestic field offices pursuing international leads in investigations, the FBI has positioned cyber assistant legal attach\u00e9s (ALATs) in some foreign countries. ALATs work with law enforcement in host countries to share information, collaborate on investigations, and enhance relationships with partner agencies. ALATs focus on \u201cidentifying, disrupting, and dismantling cyber threat actors and organizations.\u201d\nGoing Forward: DOJ Cyber Priorities\nCountering cyber threats is among DOJ\u2019s top priorities, and countering threats related to the COVID-19 pandemic is receiving heightened attention. On March 16, 2020, Attorney General William Barr issued a memorandum to the U.S. Attorneys regarding DOJ\u2019s COVID-19 priorities. Noting that criminals may take advantage of the COVID-19 pandemic, the memorandum stated that \u201c[e]very U.S. Attorney\u2019s Office is thus hereby directed to prioritize the detection, investigation, and prosecution of all criminal conduct related to the current pandemic.\u201d Congress, in examining DOJ\u2019s cyber priorities going forward, may look to the resources DOJ has placed toward countering cyber threats broadly as well as specific nefarious activity capitalizing on the COVID-19 pandemic.\nDOJ has highlighted a number of challenges that law enforcement faces in countering cybercrime, and Congress may continue to conduct oversight and debate legislation in these arenas, including the following:\nTransnational Crime. Cybercriminals have specialized their activities and, because they can operate anywhere in the world, networks of expert cybercriminals\u2014and digital evidence of their activity\u2014may exist in various countries. There are sometimes investigative challenges in gathering evidence, working with international law enforcement, and bringing perpetrators to justice in the United States.\nEvolving Technology. While some note that law enforcement may have access to more digital information than ever before, others contend that law enforcement is \u201cgoing dark\u201d as some investigative capabilities are outpaced by the speed of technological change. These hurdles for law enforcement reportedly include strong, end-to-end (or what law enforcement has sometimes called \u201cwarrant-proof\u201d) encryption, which can prevent access to certain communications and information. The tension between privacy of electronic communications and law enforcement\u2019s ability to investigate crimes remains of congressional interest.", "type": "CRS Insight", "typeId": "INSIGHTS", "active": true, "formats": [ { "format": "HTML", "encoding": "utf-8", "url": "https://www.crs.gov/Reports/IN11257", "sha1": "865acf82bbdee2493bce5e841526953ccd6e277e", "filename": "files/20200319_IN11257_865acf82bbdee2493bce5e841526953ccd6e277e.html", "images": {} }, { "format": "PDF", "encoding": null, "url": "https://www.crs.gov/Reports/pdf/IN11257", "sha1": "03ea05d82091ff6d2be0de39911d2b54dc1642f1", "filename": "files/20200319_IN11257_03ea05d82091ff6d2be0de39911d2b54dc1642f1.pdf", "images": {} } ], "topics": [] } ], "topics": [ "CRS Insights" ] }