INSIGHTi COVID-19 Cybercrime Opportunities and Law Enforcement Response March 19 2020 Opportunistic criminals and other malicious actors exploit the internet and rapidly evolving technology to their advantage Criminals can compromise financial assets hacktivists can flood websites with traffic effectively shutting them down and spies can steal intellectual property and government secrets And they capitalize on ever changing world events Federal officials have cautioned about scams relating to the outbreak of disease caused by a previously unidentified strain of coronavirus designated Coronavirus Disease 2019 or COVID-19 They have noted that “ c yber actors may send emails with malicious attachments or links to fraudulent websites to trick victims into revealing sensitive information or donating to fraudulent charities or causes ” Indeed analysts and officials have reported criminals using public interest in COVID-19 to their advantage For instance the Department of Justice DOJ cites “reports of individuals and businesses selling fake cures for COVID-19 online and engaging in other forms of fraud reports of phishing emails from entities posing as the World Health Organization or the Centers for Disease Control and Prevention and reports of malware being inserted onto mobile apps designed to track the spread of the virus ” In one scheme reported by security experts hackers sold a malware infection kit that used an interactive map of coronavirus infections produced by Johns Hopkins University The kit was designed to spread malware to steal passwords Cybercrime Investigations Federal law enforcement has the principal role in investigating and attributing cyber incidents including those that may take advantage of heightened public interest in the COVID-19 pandemic to specific perpetrators and this responsibility has been codified within the broader framework of federal cyber incident response Specifically DOJ—through the Federal Bureau of Investigation FBI and National Cyber Investigative Joint Task Force NCIJTF —is the designated lead in responding to these threats FBI Cyber Investigations The FBI pursues cybercrime cases ranging from computer hacking and intellectual property rights violations to child exploitation fraud and identity theft Its top cyber priorities involve combating Congressional Research Service https crsreports congress gov IN11257 CRS INSIGHT Prepared for Members and Committees of Congress Congressional Research Service 2 computer and network intrusions and investigating ransomware The FBI’s cyber efforts are focused on “high-level intrusions by state-sponsored hackers global organized crime syndicates and other technically sophisticated and dangerous actors ” One key challenge involves moving away from reacting to malicious cyber events and toward preventing them As such the FBI has focused resources on enhancing cyber capabilities in a number of ways including bolstering the FBI’s cyber workforce strengthening the NCIJTF expanding Cyber Task Forces CTFs and focusing their efforts on computer network intrusion investigations and increasing information sharing and coordination with the private sector Task Forces and Partnerships The NCIJTF was established by National Security Presidential Directive-54 Homeland Security Presidential Directive-23 in January 2008 The NCIJTF’s mission is to “serve as a multi-agency national focal point for coordinating integrating and sharing pertinent information related to cyber threat investigations ” Led by the FBI the NCIJTF coordinates over 20 federal agencies including law enforcement intelligence and the military It also collaborates with the private sector and international partners Early on there were concerns that “the NCIJTF was not always sharing information about cyber threats among the partner agencies ” There were also criticisms that the NCIJTF was perceived as an extension of the FBI’s Cyber Division instead of as a multiagency effort However DOJ’s Inspector General has since noted that these issues have improved The FBI leads several other task forces and partnerships focused on cyber threat response For instance there is a CTF at each field office CTFs focus on local cybersecurity threats respond to incidents and maintain relationships with companies and institutions CTFs also support the national effort to combat cybercrime by participating in national virtual teams on certain cyber issues and providing cyber subject matter experts or enhanced capability outside of their assigned areas when needed Additionally the FBI has established and maintained Cyber Action Teams of agents and computer scientists that can be rapidly deployed around the world to assist in computer intrusion investigations In addition to domestic field offices pursuing international leads in investigations the FBI has positioned cyber assistant legal attachés ALATs in some foreign countries ALATs work with law enforcement in host countries to share information collaborate on investigations and enhance relationships with partner agencies ALATs focus on “identifying disrupting and dismantling cyber threat actors and organizations ” Going Forward DOJ Cyber Priorities Countering cyber threats is among DOJ’s top priorities and countering threats related to the COVID-19 pandemic is receiving heightened attention On March 16 2020 Attorney General William Barr issued a memorandum to the U S Attorneys regarding DOJ’s COVID-19 priorities Noting that criminals may take advantage of the COVID-19 pandemic the memorandum stated that “ e very U S Attorney’s Office is thus hereby directed to prioritize the detection investigation and prosecution of all criminal conduct related to the current pandemic ” Congress in examining DOJ’s cyber priorities going forward may look to the resources DOJ has placed toward countering cyber threats broadly as well as specific nefarious activity capitalizing on the COVID-19 pandemic DOJ has highlighted a number of challenges that law enforcement faces in countering cybercrime and Congress may continue to conduct oversight and debate legislation in these arenas including the following  Transnational Crime Cybercriminals have specialized their activities and because they can operate anywhere in the world networks of expert cybercriminals—and digital evidence of their activity—may exist in various countries There are sometimes Congressional Research Service   3 investigative challenges in gathering evidence working with international law enforcement and bringing perpetrators to justice in the United States Evolving Technology While some note that law enforcement may have access to more digital information than ever before others contend that law enforcement is “going dark” as some investigative capabilities are outpaced by the speed of technological change These hurdles for law enforcement reportedly include strong end-to-end or what law enforcement has sometimes called “warrant-proof” encryption which can prevent access to certain communications and information The tension between privacy of electronic communications and law enforcement’s ability to investigate crimes remains of congressional interest Author Information Kristin Finklea Specialist in Domestic Security Disclaimer This document was prepared by the Congressional Research Service CRS CRS serves as nonpartisan shared staff to congressional committees and Members of Congress It operates solely at the behest of and under the direction of Congress Information in a CRS Report should not be relied upon for purposes other than public understanding of information that has been provided by CRS to Members of Congress in connection with CRS’s institutional role CRS Reports as a work of the United States Government are not subject to copyright protection in the United States Any CRS Report may be reproduced and distributed in its entirety without permission from CRS However as a CRS Report may include copyrighted images or material from a third party you may need to obtain the permission of the copyright holder if you wish to copy or otherwise use copyrighted material IN11257 · VERSION 2 · NEW