Month: June 2022

Source: United States Department of Justice News

Good afternoon. I’m Matt Olsen and I am the Assistant Attorney General for National Security at the United States Department of Justice.

I’m very pleased to be here at CyCon. Thank you to Lucas for moderating this panel, to my esteemed fellow panelists, and to the NATO Cooperative Cyber Defense Center of Excellence for hosting this important conference.

This is a crucially important moment for us to gather together, as NATO allies and our partners beyond the alliance. I know for all of us the crisis in Ukraine is front of mind, in particular the inspiring bravery of the Ukrainian people who are fighting to defend their families, their homes, and their democracy.

It is a profound reminder of our shared values and commitments, as we discuss difficult and important legal and policy questions over the course of this conference.

I will begin with a brief background about the U.S. Justice Department and our role in the law enforcement and intelligence communities, focusing on cybersecurity. I will then talk about the cyber threat landscape from our perspective, and how the U.S. is responding.

As many of you know, the Department of Justice is the primary agency responsible for enforcing federal laws in the United States.

There are different parts to the Department of Justice. There is Main Justice in Washington, D.C., where I work, along with the Attorney General and department leadership. We also have 94 United States Attorneys’ Offices throughout the country, which are responsible for prosecuting cases within their districts. DOJ includes our leading investigative agency, the Federal Bureau of Investigation, as well.

Within DOJ, I am the head of the National Security Division. NSD was created in 2006 to lead and integrate DOJ’s core mission of combatting terrorism, espionage, and other threats to U.S. national security.

We play a key role in bridging the federal law enforcement and intelligence communities.

Today, many of our gravest national security threats manifest in cyberspace. The National Security Division is responsible for going after malicious cyber activity by nation-state actors and their proxies. This is an area where we have seen a dramatic increase in the complexity and intensity of threats.

I’ll talk a little bit about what we are seeing in terms of the threat landscape.

It will not come as a surprise to this audience that we see nation-states and their proxies increasingly use cyber-enabled means in ways that threaten our democratic and economic institutions. These include efforts:

• To steal technology, trade secrets and intellectual property,
• To amass personal information about U.S. citizens,
• To exert malign and covert influence over our democratic processes, and
• To hold our critical infrastructure at risk to destructive or disruptive attacks.

We face threats from multiple adversaries, including China, Iran, North Korea, and Russia.

Here are just a few examples:

Last year, the government of China engaged in a malicious cyber campaign exploiting vulnerabilities in the Microsoft Exchange Server in order to compromise victims in a massive operation that resulted in significant remediation costs for its mostly private sector victims.

Iranian government actors have interfered with the systems of a broad range of victims in critical infrastructure sectors. 

And North Korean actors have robbed cryptocurrency exchanges and central banks alike, stealing hundreds of millions of dollars and evading international sanctions designed to limit their weapons programs.

At DOJ, we’re particularly focused right now on the cyber threat from Russia.

Take the recent cyberattack on satellite internet systems in Europe.

As Russian troops moved into Ukraine during the early hours of February 24, satellite internet connections were suddenly disrupted.

Russia’s cyberattack against the satellite’s ground infrastructure plunged tens of thousands of people in Europe into internet darkness. According to public reports, this hit part of Ukrainian defenses.

A month later, thousands of people in Europe were reportedly still offline, and this includes 2,000 wind turbines in Germany.

In the U.S., the FBI issued a warning that — given the geopolitical situation — satellite communications providers should take steps to increase their cyber defenses.

That’s just one of numerous recent examples. Russia’s Solar Winds attack last year compromised tens of thousands of networks globally, including those of U.S. federal, state, and local governments.

And we are bracing for the possibility of more attacks. The White House recently reiterated the warning of the potential for Russia “to conduct malicious cyber activity against the United States, including as a response to the unprecedented economic costs we’ve imposed on Russia alongside our allies and partners.” 

The Department of Justice is working with law enforcement partners and the private sector to prevent and respond to threats. We are determined to hold accountable those who target and attempt to destroy the computer systems that support our critical infrastructure.

Our strategy is to use all the legal tools and authorities we have available.

One of our core authorities is the enforcement of U.S. criminal laws and we continue to aggressively investigate and prosecute individuals for malicious cyber activity.

We do this because it is essential to hold these individuals accountable, and because it is one way we can inform the public about the nature of the threats we face.

In March, we announced charges against four Russian nationals who worked for the Russian government for their involvement in two campaigns targeting critical infrastructure in the energy sector between 2012 and 2018.

One case charges a Russian national and member of a Russian military research institute with a multi-year effort to hack into the industrial control systems of companies overseas and in the United States.  The goal was to physically damage the safety functions of these systems.

In the other case, the US charged three Russian intelligence officers with targeting software and hardware control systems of companies in the energy sector to gain surreptitious and persistent access.

This is the kind of activity that vividly demonstrates the intent and capability of the Russian government — it has global reach and ambition.

So that is one benefit of these indictments. It isn’t the only one. Just because we haven’t arrested anyone to date, doesn’t mean we won’t. We have very long memories at DOJ and the FBI, and we can be patient when necessary.

But we know that prosecutions are only part of what the DOJ can contribute and that we must utilize all our law enforcement tools to disrupt and deter cyber threats.

This is why even where arrest is unlikely, the department prioritizes the disruption of criminal activity that poses a threat to national security through other legal tools like search and seizure.

Recently, DOJ has taken more proactive steps to disrupt nation-state cyber threats before a significant attack or intrusion can occur and using tools beyond traditional criminal charges.

For example, I mentioned earlier the exploitation of the Microsoft Exchange Server zero-day vulnerabilities by a Chinese government hacking group known as Hafnium. That happened in March of last year.

Through the vulnerabilities, Hafnium actors were able to place web shells on mail servers, which allowed for access to the content of the mail servers as well as the ability to place further malicious files.

While private sector mitigation efforts had some success, nearly a month after the vulnerabilities were disclosed, hundreds of web shells remained on certain U.S.-based computers running Microsoft Exchange Server software.

So, in April 2021, the Justice Department obtained authorization from a federal court to conduct an operation to remove Hafnium’s remaining web shells, which could have been used to maintain and escalate persistent, unauthorized access to U.S. networks. 

And a few weeks ago, we carried out a significant court-authorized operation to disrupt a global botnet that had infected thousands of computers.

We had identified malware connected to the Russian military intelligence organization, the GRU — malware known as Cyclops Blink.

We then obtained legal authorization to remove the malware from the command-and-control (C2) level infected devices and change their firewall rules to prevent remote access to manage the devices. This prevented the malicious actors from accessing the C2 devices which, in turn, prevented them from managing and using the bot level devices.

This technique did not involve any communications with the bot level devices, although it disrupted the malicious actors’ ability to communicate with them.

This operation is a very good example of how we are leveraging our existing legal authorities in new ways to empower operational activity with real impact.

Those are examples of how we seize criminal instrumentalities as part of our all-tools approach. We also rely on civil forfeiture authorities and targeted sharing of unclassified threat intelligence gathered as a result of our investigations.

We also recognize that law enforcement tools are only one part of a government-wide response. We see a force multiplier effect when we use DOJ’s unique authorities in conjunction with the specific tools of partner agencies – for example, pairing DOJ criminal charges with Treasury Department sanctions.

Similarly, the U.S. government response is most impactful when we coordinate our actions with the private sector and foreign partners to empower technical operations, leverage sanctions and trade remedies, and join in diplomatic efforts with like-minded countries.

Those examples really only scratch the surface of the work of the Justice Department in this space, and I would be happy to talk more about our approach later.

Thank you again for the opportunity to be here with you all. I’m looking forward to hearing from the other panelists and to the rest of the conversation this afternoon.

Source: United States Department of Justice News

CINCINNATI – A former insurance agent was arrested this morning on federal charges alleging he defrauded dozens of victims in the Cincinnati and Dayton area and fraudulently obtained two COVID Paycheck Protection Program loans.

Seneca Birchmore, 44, of Cincinnati, lost his license as an insurance agent in 2019 because he was writing insurance policies for people who did not want them so that he could collect the commissions.

According to court documents, after losing his license, Birchmore then stole the identities of two other insurance agents and used those identities to write more life insurance policies for customers who did not want them. It is alleged Birchmore had the commissions from dozens of local customer victims deposited into his own bank accounts.

Local law enforcement departments received complaints from victims that money was being automatically withdrawn from their bank accounts for insurance policies they never ordered. Many of the victims are senior citizens, and most reside in Dayton, Englewood, Middletown and Cincinnati.

The commissions for Birchmore’s original fraudulent insurance policies under his own name as an agent totaled more than $8,000. The commissions for policies created under the stolen identities of other agents totaled more than $80,000.

It is also alleged that, in a separate scheme, Birchmore fraudulently obtained two COVID Paycheck Protection Program loans totaling more than $40,000. Birchmore allegedly claimed on both loan applications that he owned a business in his name and stated his gross income for 2019 was more than $13 million. It is alleged that no such business exists.

Fraud in connection with emergency benefits is a federal crime punishable by up to 30 years in prison. Social security fraud carries a potential maximum penalty of five years in prison and aggravated identity theft includes a mandatory two years of imprisonment.

Kenneth L. Parker, United States Attorney for the Southern District of Ohio, was joined by the Social Security Office of Inspector General, U.S. Secret Service, Ohio Department of Insurance, Ohio Bureau of Motor Vehicles, U.S. Department of Labor Office of Inspector General, U.S. Marshals Service, Butler County Sheriff’s Office and Cincinnati Police Department in announcing the charges. Special Assistant United States Attorney Timothy Landry is representing the United States in this case.

A criminal complaint merely contains allegations, and defendants are presumed innocent unless proven guilty in a court of law.

# # #

Source: United States Department of Justice News

ANCHORAGE – The United States Senate confirmed S. Lane Tucker as the United States Attorney for the District of Alaska on May 17, 2022, and she was sworn in on May 31. She was nominated by President Joseph R. Biden on January 26 of this year.

Tucker brings with her over three decades of experience as a prosecuting attorney and defense attorney. Prior to entering private practice, Tucker was an Assistant U.S. Attorney and Civil Chief for the U.S. Attorney’s Office in Anchorage. Before joining the U.S. Attorney’s Office, Tucker was a Trial Attorney in the Civil Division of the U.S. Department of Justice in Washington D.C., and began her legal career as an Assistant General Counsel for the General Services Administration.   

“I am both honored and humbled to have this opportunity to serve Alaskans,” Tucker said. “Over the past twenty years I have built the most important relationships of my life among the people of Alaska, and I look forward to working tirelessly to give back to this great state. I know from personal experience that the prosecutors and staff in the United States Attorney’s Office for the District of Alaska are deeply committed to ensuring justice for the people of Alaska, and I am prepared to lead our office to a new era of combating crime in our state and making Alaska a safe place for all who live here.”

Tucker has served as President of the Federal Bar Association, as a lawyer representative to the 9^th Circuit Judicial Conference, and is the founder and chair of the Alaska Bar Public Contracts section.  For many years she has been selected as one of America’s Leading Lawyers for litigation by Chambers USA, included in Best Lawyers in America, and listed in Alaska Super Lawyers. She has served as a board member and officer for the Alaska Community Foundation and the Anchorage Association of Women Lawyers.

She received her J.D. from the University of Utah S.J. Quinney College of Law in 1987, her B.A. from Mary Baldwin College in 1983, and attended Oxford University.

For more information about the U.S. Attorney’s Office for the District of Alaska, please visit https://www.justice.gov/usao-ak

###

Source: United States Department of Justice News

Vanessa Roberts Avery, United States Attorney for the District of Connecticut, and Ketty Larco-Ward, Inspector in Charge of the U.S. Postal Inspection Service, Boston Division, today announced that a federal grand jury in New Haven returned an indictment yesterday charging BIMAEL ACEVEDO-ROMAN, 28, of Meriden, with one count of conspiracy to possess with intent to distribute five kilograms or more of cocaine.

As alleged in court documents and statements made in court, in October 2020, the U.S. Postal Inspection Service’s Narcotics and Bulk Cash Trafficking Task Force began investigating a cocaine trafficking operation headed by Acevedo-Roman.  The investigation revealed that Acevedo-Roman was coordinating the shipment of parcels containing kilogram quantities of cocaine from U.S. Post Offices in Puerto Rico to various “drop addresses” in Meriden, New Britain and Bristol, and the shipment of parcels of cash back to Puerto Rico.  Acevedo-Roman and others picked up parcels from the drop addresses and delivered them to Acevedo-Roman’s Meriden residence.

During the investigation, it is alleged that investigators intercepted and seized mail parcels containing more than five kilograms of cocaine and $179,300 in cash, and have identified dozens of other suspicious parcels that likely contained kilogram quantities of cocaine and bulk currency.

Acevedo-Roman was arrested on May 18, 2022, and is currently released on a $100,000 bond.  If convicted of the charge, he faces a mandatory minimum term of imprisonment of 10 years and a maximum term of life imprisonment.

U.S. Attorney Avery stressed that an indictment is not evidence of guilt.  Charges are only allegations, and the defendant is presumed innocent unless and until proven guilty beyond a reasonable doubt.

This matter is being investigated by the U.S. Postal Inspection Service’s Narcotics and Bulk Cash Trafficking Task Force, includes members from the U.S. Postal Inspection Service, the U.S. Postal Service – Office of the Inspector General, the Connecticut Army National Guard, and the Hartford, New Britain, Meriden and Town of Groton Police Departments.

The case is being prosecuted by Assistant U.S. Attorneys Konstantin Lantsman and Stephanie Levick.

Source: United States Department of Justice News

TALLAHASSEE, FLORIDA –Roderick L. Robinson, 55, of Port St. Joe, Florida, also known as “Raggedy” and “Rags,” was sentenced to 168 months in federal prison for his part in a conspiracy to distribute methamphetamine. Jason R. Coody, United States Attorney for the Northern District of Florida, announced the sentence.

“Those who repeatedly commit serious crimes are deserving of significant prison sentences,” said U.S. Attorney Coody. “Our federal, state, and local law enforcement partners work tirelessly to keep us safe and serve a critical role in our efforts to remove addictive and deadly controlled substances from our communities. Moreover, this sentence should serve as a strong deterrent to those who would distribute drugs in North Florida.”

Robinson pled guilty to conspiring to distribute over 50 grams of methamphetamine and 500 grams of a mixture containing methamphetamine. Court documents show that Robinson was responsible for distributing at least 180 ounces (5.1 kilograms) of methamphetamine.

“DEA’s top priority is to protect our Florida communities from individuals like Mr. Robinson who threaten the health and safety of our citizens with their illegal actions,” said Miami Field Division Special Agent in Charge Deanne L. Reuter. “DEA remains committed to our partnerships with the law enforcement community in northern Florida to bring these drug trafficking organizations to justice and keep our communities safe.”

Robinson had an extensive criminal history which included eight prior convictions for sale of cocaine and a 1994 conviction for attempted second degree murder with a hate crime enhancement for which Robinson had previously served over 15 years in state prison.

Following Robinson’s 168-month sentence, he will be on federal supervised release for 10 years. This sentence was the result of an investigation conducted by the Drug Enforcement Administration, with assistance from the Franklin County Sheriff’s Office, the Gulf County Sheriff’s Office, and the Leon County Sheriff’s Office. Assistant United States Attorney James A. McCain prosecuted the case. 

The United States Attorney’s Office for the Northern District of Florida is one of 94 offices that serve as the nation’s principal litigators under the direction of the Attorney General. To access public court documents online, please visit the U.S. District Court for the Northern District of Florida website. For more information about the United States Attorney’s Office, Northern District of Florida, visit http://www.justice.gov/usao/fln/index.html.