DOJ cybercop vows to go harder against foreign hackers
In a new interview, John Carlin, chief of the Justice Department’s National Security Division, said the DOJ is ramping up its ability to track down suspected cybercriminals, particularly through the establishment of a new agency, the Cyber Threat Intelligence Integration Center.
“Having a center that focuses on having a coordinated view across the community helps us in our policy role,” Carlin told Christian Science Monitor’s Passcode site in a recent interview. “When we sit at the National Security Council it helps us in doing the training, and feeding US prosecutors across the field, and could help us in a specific case where they tie together different threads and say, ‘Here’s the bad actor, and here’s what their conduct looks like, so if you see this type of intrusion occur at a facility this is the likely attribution.’”
When the White House announced the formation of the Cyber Threat Intelligence Integration Center last month, Lisa Monaco, the homeland security and counterterrorism adviser to US President Barack Obama, said the multi-agency effort “will help ensure that we have the same integrated, all-tools approach to the cyberthreat that we have developed to combat terrorism.”
In the months before that announcement, however, the computer networks of US-based entities – including Sony Pictures and US Steel – were hit hard by hackers attributed by US investigators as having operated from overseas. Now as US prosecutors prepare to make sure any similar assaults in the near future are prevented if possible, Carlin said the Justice Department is “not giving out any free passes.”
“I think one thing we realized in responding to Sony is that
we were able to put that together ad hoc with very capable work
and under the leadership of the FBI, but we didn’t have a
standing group that put together that type of cross community
assessment on particular incidents – and it’d be good if we had
one,” Carlin told Passcode.
White House creates new cyber agency in effort to combat computer attacks
Indeed, Monaco said last month that the new threat center will ensure “information is shared rapidly among existing cyber centers and other elements within our government and supporting the work of operators and policy makers with timely intelligence about the latest cyber threats and threat actors,” and “connect the dots” between cyber threats “so that relevant departments and agencies are aware of these threats in as close to real time as possible.”
“We’re going to look to determine when you see a significant intrusion, whether it’s the theft of information from an American private company that’s going to be used against them by a competitor, or the destruction of data,” Carlin told Passcode. “We need to follow the evidence and information where it leads. We’re not giving out any free passes ahead of time. If it leads to someone who’s in a criminal group overseas, an organized criminal group in eastern Europe, we’re going to work to use our criminal tools and hold that person to account. If it turns out they’re a nation-state actor, we’re going to look to hold them to account as well.”
“When we sit at the National Security Council it helps us in doing the training, and feeding US prosecutors across the field, and could help us in a specific case where they tie together different threads and say, ‘Here’s the bad actor, and here’s what their conduct looks like, so if you see this type of intrusion occur at a facility this is the likely attribution.’”
Last month, the DOJ announced that two individuals on the Federal Bureau of Investigation’s 'Cyber's Most Wanted’ list had been apprehended in Pakistan. Meanwhile, five Chinese nationals accused of launching attacks on US systems on behalf of the People’s Liberation Army remain sought by authorities in the States.