Welcome to The Cybersecurity 202! Argument: A perfectly ripe mango is the lotus fruit from “The Odyssey.” Also, we’re off Friday, so after today we’ll see you next week.
Reading this online? Sign up for The Cybersecurity 202 to get scoops and sharp analysis in your inbox each morning.
Below: Critics take issue with a database of information on money transfers, and Royal Mail resumes some international operations as it responds to a cyberattack. First:
The Biden administration debuted a new power yesterday for fighting Russian cybercrime and rolled out the first major public move of a new government team devoted to battling illicit use of cryptocurrency.
Both steps came as part of an international effort to punish Bitzlato, a cryptocurrency exchange that U.S. authorities say helped criminals profit from ransomware attacks and drug trafficking.
The results include:
“It is really evident that they are rolling out both — not only new soldiers but also new weapons — against crypto fraud or crime,” John Melican, chief legal officer of the blockchain analysis firm Elliptic, told me.
Hong Kong-registered Bitzlato has received $2.5 billion in cryptocurrency since 2019, according to blockchain data firm Chainalysis. More than a quarter of it came from illicit sources, the company said.
“The biggest sources of illicit cryptocurrency sent to Bitzlato were addresses associated with crypto scams, dark net markets, and sanctioned entities such as the high-risk exchange Garantex, which was designated last year,” the company said in a blog post.
The Treasury Department named Conti — a Russia-based ransomware gang that as of last January had reaped more than $150 million, according to the FBI — as one of the outfits that benefited from Bizlato’s services of facilitating illicit transactions.
The Justice Department announced that it had arrested Russian national Anatoly Legkodymov on Tuesday night in Miami, charging him with running a business that transmitted illicit funds without meeting U.S. regulatory safeguards, including anti-money laundering requirements. Legkodymov, who the Justice Department said lives in China, faces a maximum of five years if convicted, but prosecutors warned that they could still accuse him of committing more crimes.
“Today’s actions send the clear message: whether you break our laws from China or Europe — or abuse our financial system from a tropical island — you can expect to answer for your crimes inside a United States courtroom,” Deputy Attorney General Lisa Monaco said in a news release announcing the arrest.
It’s the first public enforcement action led by the department’s national cryptocurrency enforcement team, which was announced in October 2021 and given a director in February 2022.
When the Justice Department set up the team, “We said that NCET would investigate those who enable the use of digital assets to facilitate crime, with a particular focus on virtual currency exchanges and services,” Assistant Attorney General Kenneth Polite Jr. said in prepared remarks at a Wednesday news conference.
It was also the first time the Treasury Department used more muscular authorities Congress gave it in 2020 to take on Russian money laundering.
The agency’s Financial Crimes Enforcement Network deemed Bitzlato a “primary money laundering concern,” which under the fiscal 2021 defense authorization law allows Treasury to take extra steps against entities connected to Russian illicit finance. Those steps are similar to imposing sanctions, but they also have advantages for U.S. authorities:
The new power is focused on money laundering, and Keating said he had cryptocurrency fraud and ransomware in mind when he drafted the provision to update it in the fiscal 2022 defense authorization law.
“These are people that are just operating with impunity,” he said. “You really want to do some damage because otherwise it’s whack-a-mole. You can go after an individual, and then another one will just pop up. But if you go after the money, you’re striking at the heart of things.”
You can read more about the government action against Bitzlato in this story by my colleagues Perry Stein, Devlin Barrett and Douglas MacMillan.
“While Bitzlato isn’t a household name for most people, the cryptocurrency exchange has been on our radar for years,” Andrew Fierman, Chainalysis’s head of sanctions strategy, told me via email. “If cybercriminals cannot reliably convert the cryptocurrency generated by their activities into cash, the incentives to commit those crimes plummet. Today’s action reiterates the [U.S.] government’s commitment to shutting down these services that enable criminals, similar to previous sanctions on Suex and Chatex.”
Wednesday’s government crackdown on Bitzlato also continues a trend of ratcheting up the pressure on crypto-related crimes.
“The U.S. wheels of crypto regulation have been a little slow to get rolling,” Melican said. “This was a show of force, and an interesting one at that.”
The nonprofit Transaction Record Analysis Center’s (TRAC) database allows law enforcement agencies across the country to monitor the flows of money transfers, the Wall Street Journal’s Dustin Volz and Byron Tau report. But it raises a host of privacy and surveillance concerns by critics, who say it enables law enforcement to easily get bulk data on money transfers, which aren’t regulated as heavily as banks.
TRAC lets the U.S. government “serve itself an all-you-can-eat buffet of Americans’ personal financial data while bypassing the normal protections for Americans’ privacy,” Sen. Ron Wyden (D-Ore.) told the Wall Street Journal in a statement. Wyden has asked the Justice Department’s watchdog to investigate the FBI and DEA’s ties to TRAC. When Wyden asked the Department of Homeland Security’s watchdog about TRAC, they told Wyden that it’s looking into the Immigration and Customs Enforcement’s programs to counter drug trafficking.
The American Civil Liberties Union obtained documents on TRAC. “They show that any authorized law-enforcement agency can query the data without a warrant to examine the transactions of people inside the U.S. for evidence of money laundering and other crimes,” Volz and Tau write.
TRAC Director Rich Lebel told the Wall Street Journal that it’s “a law-enforcement investigative tool” and that “we don’t broadcast it to the world, but we don’t run from or hide from it either.” He also said that bulk data needs to be tracked to find crimes because the money transfer industry has fewer regulations. TRAC has a minimum threshold of $500 transfers so it doesn’t capture benign transfers, and the organization has never found cases of improper access or breaches of the database. He declined to comment on its funding; Wyden has said TRAC is funded by the federal government.
The company says it’s now accepting letters for international delivery, after it told customers to hold off on sending such items in the wake of an apparent ransomware attack, Reuters’s Sachin Ravikumar reports. The mail delivery service, the largest in the United Kingdom, has been grappling with the cyberattack for more than a week. The hack underlines the importance — and vulnerabilities — of mail services.
LockBit, a ransomware gang linked to Russia, is believed to be behind the attack.
“Our initial focus will be to clear mail that has already been processed and is waiting to be despatched,” Royal Mail said in a statement. The company is still working with regulators and cybersecurity experts as it responds to the hack, it said.
Democratic state senator calls on state, federal prosecutors to probe voting machine issues in New Jersey county (New Jersey Globe)
Too many default ‘admin1234’ passwords increase risk for industrial systems, research finds (CyberScoop)
More than 100 Mailchimp accounts accessed via social engineering cyberattack (The Record)
Ukraine links data-wiping attack on news agency to Russian hackers (Bleeping Computer)
CISA’s chief of technology strategy stepping down ‘much earlier’ than expected (FCW)