Deputy Assistant Attorney General Richard Downing Testifies before Senate Judiciary Committee at Hearing Entitled “Ransomware: Understanding the Threat and Exploring Solutions”
Posted by CotoBlogzz
Testimony as prepared for delivery
Good
afternoon Chairman [Lindsey] Graham, Ranking Member [Sheldon] Whitehouse and
members of the subcommittee. Thank you for the opportunity to discuss the
Department of Justice’s response to the ransomware threat. I want to
thank the chair and ranking member for their continued leadership on the issues
of cybersecurity and fighting cybercrime. We appreciate your work to
ensure that the Department of Justice has the tools and resources necessary to
address cyber threats.
The Attorney
General has repeatedly made clear that fighting cybercrime is one of the
department’s highest priorities. Cyber threats continue to grow more
prevalent, more sophisticated and more destructive. As was described in
your opening statements, one threat has been particularly troubling: the rise
of ransomware. And because some ransomware variants can infect other
computers, a single person opening an email or visiting an infected website can
result in the network of an entire organization being held hostage.
The threat
from ransomware is staggering. One ransomware scheme extorted an
estimated $27 million in just its first two months. While ransom fees are
typically between $200 and $10,000, victims suffer additional harms due to
things like lost productivity and the cost of mitigation.
The growth
in ransomware is fueled by many factors. Our computers are still more
vulnerable that we would like. And advances in technology – such as
anonymizing proxy networks and bitcoin – offer even average criminals highly
sophisticated tools to avoid detection.
Despite
these challenges, law enforcement is actively working to disrupt and deter
ransomware schemes. The FBI currently has dozens of active investigations
into different ransomware variants. And this hard work has paid
off. In 2014, for example, the Department of Justice led a multi-nation
effort that disrupted a highly sophisticated ransomware scheme called
Cryptolocker, which had encrypted computer files on more than 260,000
computers.
Defeating
ransomware schemes, however, requires a strategy that encourages the public and
private sectors to work together. Computer owners everywhere need to
improve their “digital hygiene” by taking steps like installing the latest
patches and ensuring that backups are up to date. The department has
tried to assist in raising awareness by issuing public service announcements
about the dangers of ransomware, and which provide tips on how to protect
systems and respond to malware infections.
In addition,
we must work to disrupt the means used to distribute and profit from
ransomware. Like other malicious software, ransomware is often
facilitated by botnets. As you may know, botnets are networks of
computers infected with malware, or “bots,” that criminals can control remotely
to do their bidding. They allow small groups of criminals to use hundreds
– or hundreds of thousands – of infected computers to attack other
victims. As botnets grow more sophisticated, and as the threat from
botnets continues to evolve, we must continually strive to ensure that our laws
remain up to date and provide law enforcement with the tools and authorities it
needs to address this threat.
Congress has
a significant role to play. The Computer Fraud and Abuse Act (or CFAA)
clearly makes it a crime to hack into computers to create a botnet, and of
course we could bring charges against criminals who use botnets to commit other
crimes. It is not clear, however, that the CFAA also criminalizes selling
or renting access to botnets, which is increasingly common among cybercriminals.
We support closing this loophole.
In addition,
federal law currently provides courts with authority to issue civil injunctions
to disrupt botnets – but only if the botnet is being used to commit certain
specific categories of crime. Yet botnets are used for many types of
criminal activity, such as denial of service attacks and sending phishing
emails. The administration has proposed updating the law to allow courts
to issue civil injunctions to stop botnets no matter what the criminals are
using them for.
While use of
civil injunctions is a valuable tool, there may be circumstances in which it is
preferable to seek a warrant from a court in order to disrupt a botnet.
Because of this, the department supports the Supreme Court’s recent action to
amend Rule 41 of the Federal Rule of Criminal Procedure to clarify which court
is the right court to consider warrant applications. While this amendment
would not change the substantive authority to authorize such a warrant, it
would eliminate needless inefficiency in the process for applying for this sort
of warrant.
Thank you
again for the opportunity to testify today on this important issue, and I look
forward to answering your questions.
No comments:
Post a Comment