Tag Archive for: DOJ

The DOJ is no longer prosecuting good-faith hackers

/in


Following a new policy announced last week by the Department of Justice, security researchers helping banks and other companies shore up their cyberdefenses now have greater leeway without fear of prosecution.

The Thursday announcement said that “good-faith security research” that otherwise violates the Computer Fraud and Abuse Act of 1986 “should not be charged.” The announcement puts into writing a policy the department already follows, according to officials and former staff.

Legal and cybersecurity experts said the shift will create a safer environment for public security researchers, who spend their days searching in good faith for security flaws and vulnerabilities. Experts also said banks and lawmakers must implement their own policies and programs to fully exploit legal protections for security research.

“Computer security research is a key driver of improved cybersecurity,” Deputy Attorney General Lisa O. Monaco said in the press release announcing the change. “The department has never been interested in prosecuting good-faith computer security research as a crime, and today’s announcement promotes cybersecurity by providing clarity for good-faith security researchers who root out vulnerabilities for the common good.”

Public cybersecurity researchers and not hired cybersecurity researchers are the ones most likely to benefit from this unofficial stance becoming official policy. In contrast to hired researchers, public researchers hunt for security flaws and conduct research on their own and then approach the impacted company with their findings afterward, according to Aaron Charfoos, partner in the litigation department at the law firm Paul Hastings.

The two kinds of security researchers share a common bond of acting in good faith, but the latter typically has more protections because they are “invited in” by the hiring company, according to Charfoos. The new guidance from the DOJ could change that.

Public security researchers “may now feel more freedom to investigate a broader range of systems, particularly in more regulated industries that are closely aligned with the federal government and regulators to begin with,” Charfoos said.

The guidance appears…

Source…

New DOJ guidance on enforcing hacking laws carves out safe space for security research

/in



and in some cases proactively paying hackers through bug bounty programs, for example. But the CFAA remains a sticking point. “Computer security research is a key driver of improved …

Source…

Former DOJ Official: Regulation Good for Crypto

/in


A former official from the U.S. Department of Justice (DOJ) said regulation of cryptocurrency would be a good thing.

An opinion piece in The Wall Street Journal (WSJ) Thursday (Jan. 20) by Makan Delrahim, who was appointed by former President Donald Trump and served as assistant attorney general for the agency’s antitrust division from 2017-21, said blockchain applications could transform the economy. But there’s a caveat.

“Crypto is different in one key respect: It has the ability to create and maintain decentralized marketplaces,” he wrote. “Blockchain can topple incumbents because it is an open technology of decentralized trust. It makes it possible to cut out the middleman.”

He wrote that the White House is poised to issue an executive order directing federal agencies to recommend possible crypto regulations. The Federal Deposit Insurance Corporation (FDIC) and the Office of the Comptroller of the Currency (OCC) have called for increased federal guidance of stablecoins.

In addition, while Congress debates the issue, a federal judge will rule on whether sales of tokens by international payments processor Ripple should be considered securities transactions that require registration with the Securities and Exchange Commission (SEC).

Delrahim called on the President Joe Biden administration to include government competition lawyers and economists in any conversations about crypto guidelines.

“There’s a lot of potential here,” he wrote.

Delrahim’s comments come one day after SEC Chairman Gary Gensler made a push to bring cryptocurrency exchanges within his agency’s remit.

Read more: Gensler Says SEC Is Coming for Crypto Exchanges

Following a Wednesday (Jan. 19) speech on “Dynamic Regulation for a Dynamic Society,” Gensler argued that it is vital for crypto investors to get the kind of protections long afforded stock traders.

“I’ve asked staff to look at every way to get these platforms inside the investor protection remit,” Gensler said. “If the trading platforms don’t come into the regulated space, it’d be another year of the public being vulnerable.”

——————————

NEW PYMNTS DATA: AUTHENTICATING IDENTITIES IN THE DIGITAL…

Source…

DOJ fines NSA hackers who assisted UAE in attacks on dissidents

/in


The Justice Department announced a controversial deal with three former US intelligence operatives that allows them to pay a fine after breaking multiple laws through their offensive hacking for the repressive government of the United Arab Emirates.



text: (Image: file photo)

© By Mark Van Scyoc — Shutterstock

(Image: file photo)


The DOJ said 49-year-old Marc Baier, 34-year-old Ryan Adams and 40-year-old Daniel Gericke “entered into a deferred prosecution agreement” that allows them to avoid prison sentences in exchange for paying $1,685,000 “to resolve a Department of Justice investigation regarding violations of US export control, computer fraud and access device fraud laws.”

The three were part of Project Raven, an effort by the UAE to spy on human rights activists, politicians and dissidents opposed to the government. The three even hacked into US companies, creating two exploits that were used to break into smartphones.

Both Reuters and The Intercept conducted an in-depth investigation into the work of Project Raven and a UAE cybersecurity firm named DarkMatter after members of the team raised concerns about the kind of hacking they were being asked to do by UAE officials. 

Despite the accusations listed in the court filing, the DOJ said Baier, Adams and Gericke — all former NSA employees or members of the US military — reached an agreement on September 7 to pay the fines in addition to other restrictions on their work. 

Loading...

Load Error

Baier will be forced to pay $750,000, Adams will pay $600,000, and Gericke will pay $335,000 over a three-year term. All three will also be forced to cooperate with the FBI and DOJ on other investigations and relinquish any foreign or US security clearances. 

They are also permanently banned from having future US security clearances and will be restricted from any jobs involving computer network exploitation, working for certain UAE organizations, exporting defense articles or providing defense services.

The DOJ said the three were senior managers at a UAE company from 2016 to 2019 and continued to hack for the UAE despite being told they were violating rules that say people need a license from the State Department’s Directorate of Defense Trade…

Source…