“Crypto is the primary currency, the primary vehicle, to facilitate extortion payments. It’s the only game in town,” Bryan Vorndran, assistant director of the FBI’s Cyber Division, said in a Bloomberg virtual panel discussion on cybersecurity Tuesday. “We all know the blockchain offers us some opportunities, but the ability to pay crypto, script it immediately into a tumbler, whether through an extortion payment or theft, is a huge, huge challenge for us.”
Criminals love Bitcoin in particular because it’s effectively unhackable and, unlike cash, can be transferred in large amounts almost instantly without ever touching the banking system. For those reasons, the virtual token is almost always the form of payment demanded in ransomware attacks, such as those using malware to paralyze computer networks.
Last May, a Russia-linked group later identified as DarkSide crippled Colonial Pipeline Co. until the company paid almost $5 million in cryptocurrency. The following month, U.S. officials said they recovered 63.7 of the 75 Bitcoin involved.
Meatpacker JBS SA and even the Washington police department are among the other organizations victimized by ransomware groups.
The FBI discourages companies from submitting to extortion because, it argues, the funds serve only to embolden bad actors and augment their capabilities.
Recently, the bureau has developed evidence suggesting that criminal gangs in Russia and Eurasia have set up call centers to professionalize their ransomware businesses, and are sharing data gathered from victims, Vorndran said.
A growing area of concern for officials is so-called synthetic content, colloquially known as “deep fakes.” Advances in computing technology have leapfrogged from lab settings into the real world, allowing criminals to deceive, misinform and defraud by impersonating others. Vorndran said such technology and its potential to erode democracy is one of the things that keeps him up at night.
“When you look at biometric authentication, facial recognition, digital footprints, mimicking voices, these things are huge, huge challenges to law enforcement, to the intelligence community in the next 5-10 years,” he said. “The synthetic content piece is something that is a fascinating discussion but also a very, very scary discussion.”
One persistent problem for the U.S. government is the lack of reporting by companies and other organizations when cyberattacks happen. The reasons for that hesitancy range from ignorance to mistrust of the government’s motives.
Vorndran said the government estimates it has data on only 20% to 25% of domestic cyber breaches, a data set too small to be very useful, especially when trying to anticipate what adversaries will do next. Joining him in urging more cooperation from the private sector is Eric Goldstein, the executive assistant director for cybersecurity at the Cybersecurity and Infrastructure Security Agency, or CISA.
“The best thing we can do as the U.S. government to help resolve hesitation is by showing value, is by showing organizations that by engaging with CISA, engaging with the FBI, they will get information, expertise, support, the ability to collaborate seamlessly across sectors, that can help them to protect their enterprise and help them to protect their customers,” said Goldstein, who also participated in the Bloomberg panel.