JD Supra: DOJ Cracks Down on Cyber Criminals

DOJ Cracks Down on Cyber Criminals

by Daniel McKenna, Beth Moskow-Schnoll, Philip Yannella | Ballard Spahr LLP

The Department of Justice (DOJ) recently announced the largest coordinated international law enforcement effort ever directed at an online cyber-criminal forum. Financial institutions and other companies should consider whether to incorporate some of the lessons learned from the DOJ’s Operation Shrouded Horizon into their own information security programs.

The enforcement action was taken against members of Darkode, an online, password-protected forum in which hackers and other cyber-criminals convened to buy, sell, trade and share information, ideas, and tools to facilitate unlawful intrusions on others’ computers and electronic devices. As part of Operation Shrouded Horizon, the FBI infiltrated Darkode’s membership to obtain insight about individuals making malware available for sale. In a related case, two Darkode members pleaded guilty to charges connected to SpyEye, a malicious banking trojan ( a type of malware) that may have been used to steal information from approximately 253 financial institutions around the world.

“Of the roughly 800 criminal internet forums worldwide, Darkode represented one of the gravest threats to the integrity of data on computers in the United States and around the world and was the most sophisticated English-speaking forum for criminal computer hackers in the world,” said U.S. Attorney David J. Hickton.

The DOJ’s recent Best Practices for Victim Response and Reporting of Cyber Incidents provides guidance to small and large organizations that are developing cyber incident response plans and preparing to respond to cyber incidents by incorporating lessons learned by federal prosecutors while handling cyber investigations and prosecutions. Among the DOJ’s recommendations are best practices to implement before a cyber incident, including:

Reviewing and adopting risk management practices found in guidance such as the National Institute of Standards and Technology (NIST) Cybersecurity Framework;
Creating an actionable incident response plan;
Establishing proactive relationships with local federal law enforcement offices; and
Retaining legal counsel that is familiar with legal issues associated with cyber incidents.