Month: June 2023

Source: United States Department of Justice News

I’ve been in this job a little over a year and a half. Every day I sit with the Attorney General and FBI Director for the morning threat briefing and each day I read the Presidential Daily Brief. Day-after-day, week-after-week, the intelligence reporting details the astonishing pace, scale and sophistication of cyber threats to the United States.

Hostile nations are accelerating their use of cyber-enabled means to carry out a range of threatening activity. These countries are stealing sensitive technologies, trade secrets, intellectual property and personally identifying information; exerting malign influence and exporting repression; and holding our critical infrastructure at risk to destructive or disruptive attacks.

You don’t need access to classified intelligence to understand what we are up against from countries like China, Russia, Iran and North Korea.

Take just a few snippets from the Intelligence Community (IC)’s public Annual Threat Assessment for this year.

China has compromised telecommunications firms. It conducts cyber intrusions targeting journalists and dissidents in order to suppress the free flow of information. And the PRC is capable of launching cyberattacks that could disrupt U.S. critical infrastructure.

Russia is bolstering its ability to compromise critical infrastructure, such as industrial control systems, in part to demonstrate it has the ability to inflict damage during a crisis. Iran, too, continues to be an aggressive cyber actor, taking advantage of the asymmetric nature of cyberattacks.

And North Korea is turning to illicit cyber activities to steal the funds and technical knowledge it needs to further its military aspirations and Weapons of Mass Destruction (WMD) programs.

Our adversaries also imperil the United States by acting as safe havens for cyber criminals who carry out ransomware attacks and digital extortion for personal profit.

That’s what the intelligence community is willing to say in public about what we are up against – and it’s not a pretty picture.

The good news is that our response to national security cyber threats has gotten more effective in recent years. We are putting hard-earned lessons into practice.

One lesson we’ve learned from our counterterrorism efforts after 9/11 is the importance of ensuring agencies like FBI, Department of Homeland Security (DHS), the IC and Department of Defense (DoD), are working as one team, sharing information and deploying authorities in a coordinated manner.

We are also coordinating government actions with foreign partners and the private sector to empower technical operations, leverage sanctions and trade remedies, and join in diplomatic efforts with like-minded countries. And we are applying the key lesson that effectively combating nation-state cyber threats requires shoring up private sector cybersecurity to make us collectively less vulnerable.

In March, the White House released the National Cybersecurity Strategy in order to drive a “more intentional, more coordinated, and more well-resourced approach to cyber defense.” At the Department of Justice, we are putting that vision into practice. Federal law enforcement wields some of the most powerful tools in our arsenal. In recent years, we have achieved successes in deploying those tools – and we can build on this success.

The Justice Department has never been more effective in identifying, addressing and eliminating cyber threats affecting our nation’s security.

Here is the playbook that’s working. First, as you’d expect of prosecutors, we enforce U.S. criminal law – investigating and prosecuting individuals for illegal cyber activity, imposing costs on them and deterring others. Just a few examples from last year:

We charged three Iranians with conducting a ransomware campaign that targeted hospitals, local governments and organizations all over the world.

We secured a 20-year prison sentence for an individual who leveraged teams of hackers and insiders in a multi-faceted espionage campaign targeting American and European aviation companies on behalf of PRC intelligence.

Shortly after the Russian invasion of Ukraine, we unsealed indictments that publicly demonstrated how two different sets of Russian state-sponsored actors compromised devices at hundreds of critical infrastructure providers around the world, deploying malware designed to enable future physical damage.

We are holding individuals accountable, imposing consequences, and using our indictments to inform the public about the nature of the threats we face, and our adversaries that their actions are not as deniable as they’d like to think.

Second, we are proactive – using the full range of our authorities to disrupt national security cyber threats before a significant attack or intrusion can occur. This includes the innovative use of our legal tools beyond traditional criminal charges.

Just last month, the Justice Department and FBI conducted “Operation Medusa.” This was a technical operation to dismantle and effectively neutralize the “Snake” malware, one of the Russian government’s most sophisticated computer intrusion tools. The FSB had used versions of the Snake malware for nearly 20 years to steal sensitive information from hundreds of computer systems in at least 50 countries, including NATO governments. Through innovative use of our Rule 41 search warrant authority, as well as collaboration with private sector partners and numerous foreign governments, the Justice Department disabled one of the FSB’s most sensitive, complex espionage tools.

Last year, we conducted a court-approved operation to dismantle a GRU botnet that relied on compromised firewall security appliances. Working with the company that manufactured those devices, the FBI developed a court-authorized technical solution to delete the GRU’s malware and close the vulnerabilities in compromised devices.

We have also used our cryptocurrency tracing abilities and our seizure authorities to prevent over $100 million in ill-gotten crypto from being used by North Korea to support its missile programs. These efforts have focused both on hackers, who have stolen hundreds of millions of dollars’ worth of cryptocurrency, and on IT workers who use online platforms to earn illegal revenue. By coordinating asset freezes and sanctions, the U.S. government has stopped the DPRK from accessing a huge portion of their illicit gains, much of which remains stranded on the blockchain.

Finally, we coordinate our efforts with interagency partners, foreign governments and the private sector to use the full force of tools – technical operations, sanctions, trade remedies and diplomatic efforts. For example, in the Iran indictments I mentioned a minute ago, we enhanced the impact of the public indictment by working with Treasury to impose sanctions connecting those defendants to the Islamic Revolutionary Guard Corps.

Intelligence also plays a key role. We share targeted threat intelligence gathered as a result of our investigations to empower private sector companies to defend themselves. For example, following the Colonial Pipeline attack, we were able to acquire information – using Section 702 of FISA – that verified the hacker’s identity and enabled the government to recover the majority of the ransom.

Our commitment to combating these threats using every tool we’ve got is making an impact. We are making it harder for hostile nations to maneuver and recruit by imposing accountability. We are denying our adversaries access to technical infrastructure and cutting off their funding. We’re disrupting the criminal ecosystem by making cybercrime and ransomware less lucrative and higher risk. We are helping the private sector defend itself more effectively with key intelligence and threat information. We’re marshaling the efforts of like-minded nations around the world on both diplomatic and law enforcement fronts.

As determined as our adversaries might be in escalating their brazen activities, they are learning that we are even more determined to protect the United States and our allies.

Since we first charged five members of the PLA in 2014, NSD has been leading the charge with just a handful of dedicated cyber prosecutors, operating on grit, coffee and a shoestring budget. And none of these cases would be possible without the close partnership of enterprising U.S. Attorneys’ Offices. So, I am proud of the work being done in the National Security Division, in U.S. Attorneys’ Offices around the country, at the FBI, and across the Department of Justice.

The cases and disruptions I discussed earlier did not come easy. They’re often fast-paced and span international boundaries; they involve highly technical data and often classified data and demand innovative legal approaches. These are actions that require dedicated time, attention, and expertise. Now, we are aggressively growing our national security cyber program.

Today, I am announcing that we are establishing a new National Security Cyber Section – NatSec Cyber, for short – within the National Security Division. This new, full litigating section – which now has the approval of Congress – will place our work on cyber threats on equal footing with NSD’s Counterterrorism Section and the Counterintelligence and Export Control Section.

This new section will allow NSD to increase the scale and speed of disruption campaigns and prosecutions of nation-state threat actors, state-sponsored cybercriminals, associated money launderers, and other cyber-enabled threats to national security.

The creation of a new section responds to the core findings in Deputy Attorney General Monaco’s Comprehensive Cyber Review, released in July 2022, that charted the evolving nature of the cyber threat. It will help fulfill a core pillar of the Biden Administration’s National Cybersecurity Strategy: to disrupt and dismantle threat actors by working across federal agencies.

NatSec Cyber will give us the horsepower and organizational structure we need to carry out key roles of the Department in this arena. NatSec Cyber prosecutors will be positioned to act quickly, as soon as the FBI or an IC partner identifies a cyber-enabled threat, and to support investigations and disruptions from the earliest stages.

Having prosecutors that are fully dedicated to national security cyber cases will deepen our expertise. It will enable us to better collaborate with our key partners, especially our colleagues in the Criminal Division’s Computer Crimes and Intellectual Property Section, which plays a particularly crucial role in ransomware and other criminal cases. And, in order to more closely integrate with the FBI’s Cyber Division, the NatSec Cyber Section will mirror that structure, organizing leadership by geographical threat actor.

The new section will also serve as a resource for prosecutors in U.S. Attorneys’ Offices around the country. U.S. Attorneys’ Offices, along with FBI field offices, represent the tip of the spear in confronting many of the threats in their districts. Responding to highly technical cyber threats often requires significant time and resources, which aren’t always possible with the demands on individual offices. NatSec Cyber will serve as an incubator, able to invest in the time-intensive and complex investigative work for early-stage cases.

The section will also allow prosecutors to work seamlessly with colleagues focused on the interagency policy process in the National Security Council. That process has become increasingly central to the effective deployment of the government’s cyber capabilities under the leadership of Deputy National Security Advisor for Cyber and Emerging Technologies Anne Neuberger.

Here’s the bottom line: Cybersecurity is a matter of national security. Our cyber adversaries are innovative and constantly adjusting their tactics to hide from our investigators and to overcome our network defenders.

NSD is committed to matching our adversaries by adjusting our tactics and organization to bring all of our tools, authorities and expertise to this fight.

Source: United States Department of Justice News

Defendant Accused of Pushing Against Police in the Lower West Terrace Tunnel

            WASHINGTON — A North Carolina man has been arrested on a felony charge of civil disorder and three misdemeanor charges, for his actions during the breach of the U.S. Capitol on Jan. 6, 2021. His actions and the actions of others disrupted a joint session of the U.S. Congress convened to ascertain and count the electoral votes related to the 2020 presidential election.

            Alan Michael St. Onge, 35, of Brevard, NC, is charged in a criminal complaint filed in the District of Columbia with civil disorder, a felony, and the following misdemeanors: entering and remaining in a restricted building or grounds, disorderly and disruptive conduct in a restricted building or grounds, and impeding passage through the Capitol grounds or buildings. He was arrested today in North Carolina and made his initial appearance in the Western District of North Carolina.

            According to court documents, on Jan. 6, 2021, St. Onge was seen in camera footage on the east and west sides of the U.S. Capitol and near an entrance to the U.S. Capitol building on the Lower West Terrace (“LWT”) known as “the tunnel.” Specifically, St. Onge participated in the breach of the police barricade on the east plaza of the U.S. Capitol before traveling to the LWT tunnel, which he entered and while inside, repeatedly pushed against the police line. St. Onge was located at the east plaza barricades set up around the U.S. Capitol building at approximately 1:55 p.m. Publicly available video shows St. Onge pushing against the barricades along with other rioters shortly before the police line on the east plaza was overrun.

            After the police line was breached on the east side, St. Onge walked toward the southwest side of the U.S. Capitol building. Another video shows St. Onge walking toward the west front of the U.S. Capitol where numerous police officers were protecting the building. According to body-worn camera (“BWC”) footage, St. Onge was located at the police barricades during confrontations between the police and other rioters. Specifically, St. Onge is seen standing at the police line on the west front as rioters assaulted police. St. Onge then moved closer to the U.S. Capitol building after the police line on the westside was breached.

            After the police were forced to retreat, St. Onge then made his was up to the LWT tunnel. He was initially located outside the entrance to the tunnel beginning at approximately 2:55 p.m. According to CCTV footage, St. Onge received a stolen U.S. Capitol Police riot shield from another member of the crowd as he stood near the mouth of the tunnel. He held that shield for a moment and then set it down in the mouth of the tunnel. He left the tunnel approximately one minute later but returned to the mouth of the tunnel for a second time at approximately 2:58 p.m.

            At 3:09 p.m., St. Onge made his way further into the tunnel and joined in with the crowd’s concerted push against the police line. Specifically, CCTV footage shows St. Onge. pushing, with great effort, against other rioters in an attempt to collectively breach the police line. At approximately 3:18 p.m., the police inside the tunnel gained momentum and successfully pushed the rioters, including St. Onge, out of the tunnel.

            This case is being prosecuted by the U.S. Attorney’s Office for the District of Columbia and the Department of Justice National Security Division’s Counterterrorism Section. Valuable assistance was provided by the U.S. Attorney’s Office for the Western District of North Carolina.

            The case is being investigated by the FBI’s Charlotte and Washington Field Offices. Valuable assistance was provided by the U.S. Capitol Police and the Metropolitan Police Department.

            In the 29 months since Jan. 6, 2021, more than 1,000 individuals have been arrested in nearly all 50 states for crimes related to the breach of the U.S. Capitol, including nearly 350 individuals charged with assaulting or impeding law enforcement. The investigation remains ongoing. 

            Anyone with tips can call 1-800-CALL-FBI (800-225-5324) or visit tips.fbi.gov.

            A complaint is merely an allegation, and all defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of law.

Source: United States Department of Justice News

Defendant Accused of Sexually Assaulting Two Patients During Physical Exams

            WASHINGTON – Haileleoul Erbello (Desta), 47, of Laurel, Maryland, was arraigned today on six counts of second degree sexual abuse of a patient or client arising from events that occurred in August of 2019 and April of 2021, announced U.S. Attorney Matthew Graves and Interim Chief Ashan Benedict of the Metropolitan Police Department.

            On May 17, 2023, Erbello was indicted by a grand jury in the Superior Court of the District of Columbia on six counts of second degree sexual abuse of a patient or client.  He faces a maximum of five years in prison on each count if convicted.

             According to the government’s evidence, between August of 2019 and April of 2021, the defendant was working at Metro Lab clinic in Washington, D.C.  On or about August 20, 2019, he was performing a physical exam on a patient to certify her eligibility for employment when he groped her breasts, pressed his chest up against her breasts, and pressed his genitalia up against her arm. The indictment also charges that Erbello sexually abused a second patient on or about April 10, 2021. He was, again, performing a physical exam to certify a patient’s employment eligibility when he pressed his groin up against the patient’s buttocks, groped her breasts, and touched her buttocks with his hand. 

            An indictment is merely a formal charge that a defendant has committed a violation of criminal laws and every defendant is presumed innocent until, and unless, proven guilty.

            In announcing the charges, U.S. Attorney Graves and Chief Benedict commended the work of those investigating the case from the Metropolitan Police Department’s Sexual Assault Unit.  They acknowledged the efforts of those who are working on the case from the U.S. Attorney’s Office, including Investigative Analyst Durand Odom; Victim/Witness Advocate Lezlie Richardson; and Paralegal Specialists Cynthia Muhammad and ReShawn Johnson. Finally, they commended the work of former Assistant U.S. Attorney Angela Buckner, along with Assistant U.S. Attorney Bonnie Thompson, who is investigating and prosecuting the case.