Security Experts:

Connect with us

Hi, what are you looking for?



FBI, US Agencies Look Beyond Indictments in Cybercrime Fight

The FBI and other federal agencies are increasingly looking to counter cyber threats through tools other than criminal indictments, the head of the bureau’s cyber division said in an interview with The Associated Press.

The FBI and other federal agencies are increasingly looking to counter cyber threats through tools other than criminal indictments, the head of the bureau’s cyber division said in an interview with The Associated Press.

Arrests and indictments of foreign cybercriminals are still appropriate in certain circumstances and something the FBI pursues “every day of the week,” said Assistant Director Bryan Vorndran. But as federal agencies look to have the most disruptive impact possible on cyber crime, FBI officials are thinking carefully about how best to time an indictment, or whether an indictment is even the best action.

“We’re just much more mature in the space of working with our interagency partners, and really keeping an eye down the road in terms of how we have the biggest impact,” Vorndran said.

READFive Key Signals From Russia’s REvil Ransomware Bust ]

The FBI, he said, is now “very open to being told” that when it comes to an adversary, ”‘You know what, as a team member, it may not be the right time to deploy an indictment, but it very much may be the right time to deploy’” an action from U.S. Cyber Command.

The evolution reflects the fact that multiple government agencies share responsibility for, and have unique roles in, countering a cyber threat that has only deepened over the last decade. The Justice Department has long regarded indictments of foreign hackers as a way to “name-and-shame” them and deter the hostile governments that employ them. Other government agencies, though, are bringing their own powers to the table that may take may precedence over the use of criminal charges or been seen as imposing greater costs or deterrence.

Cyber Command, an arm of the Defense Department established in 2010, has grown aggressive in its pursuit of hackers, conducting more than two dozen operations intended to thwart interference in the 2020 presidential election and more recently against ransomware gangs. The White House has shared information about Russian hackers with the Kremlin for it to take action on its own. Last week, Russia’s Federal Security Service, or FSB, announced the detention of members of the REvil ransomware gang.

Ransomware Virtual Event

The FBI itself has used actions other than indictments. In June, it recovered the majority of a roughly $4.4 million ransom that Colonial Pipeline paid to hackers responsible for a ransomware attack that caused gas shortages for days. It secured a court warrant in April that gave it remote access to hundreds of computers to counter a massive hack of Microsoft Exchange email server software.

Vorndran spoke to the AP after participating last week in a Silverado Policy Accelerator discussion in which he said the FBI was moving away from “an indictment and arrest first model, and to the totality of imposing costs on our adversaries.”

“That probably is a simple way of saying we’re really trying to work with everybody, public and private sector partners, to understand the totality of the capabilities and the authorities that exist … so that we have the biggest impact at the moment in matters,” he said in the interview.

Indictments, a bread-and-butter tactic of law enforcement, can lock accused hackers inside their home countries and put adversaries on notice that their actions have been detected. But their practical impact is often limited since there’s generally minimal chance of a defendant being brought to the U.S. for trial.

Perhaps the first prominent example was a 2014 case against five Chinese military hackers accused of siphoning secrets from major American corporations. In the years since, federal prosecutors have charged North Korean computer programmers in hacks of Sony Pictures Entertainment; Russian intelligence agents in a breach of Yahoo; Iranian hackers in an attack on a small dam outside New York City; and Chinese operatives with targeting firms developing vaccines for the coronavirus.

The cases have all generated publicity splashes, though they’ve hardly curbed hacking from foreign countries. And given the absence of extradition treaties with countries the U.S. regards as the biggest cyber offenders, arrests of indicted hackers are exceedingly rare.

There have, however, been isolated exceptions when hackers wanted by the U.S. have traveled from their home countries and been arrested. That happened last fall when the Justice Department unsealed an indictment charging Yaroslav Vasinskyi in the Kaseya ransomware attack after the suspected Ukrainian hacker traveled to Poland.

The arrest resulted in a Justice Department press conference with Attorney General Merrick Garland, a sure sign that prosecutors won’t abandon their pursuit of indictments when they think it makes sense.

“That’s certainly a tool that the interagency and the FBI are prepared to use and are working towards,” Vorndran said of indictments, “but it’s not the only tool.”

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...