Are US hacker indictments more than Justice Theater?
Hacker indictments by U.S. Justice Department haven’t proven effective and now the Treasury Department is also getting in on the act with questionable sanctions.
In the past five months alone, the U.S. Department of Justice has indicted at least 30 foreign individuals in connection with various cyberattacks, but only three of those individuals were arrested and extradited to the U.S., which puts into question if legal action is little more than “justice theater,” akin to Bruce Schneier’s “security theater” put on by the likes of the TSA.
In July, special counsel Robert Mueller indicted 12 Russian intelligence officers in connection with the DNC and DCCC hacks; in September, one member of the North Korean Lazarus Group was indicted; in October, seven more Russian officers were indicted; and November saw eight Russian nationals indicted for running a massive botnet — three of whom are in custody — and two Iranians in connection to the SamSam ransomware.
Before this month, in order to find a foreign national that was indicted and detained — not considering his trial proceedings have begun — you have to go back to Aug. 2017 with Marcus Hutchins, aka MalwareTech, a British security researcher detained after attending Defcon 2017 in Las Vegas.
Along with the latest hacker indictment of two Iranian nationals, the Treasury Dept. designated two additional Iranian men for their role in exchanging the bitcoin earned in ransomware attacks into Iranian rial.
According to the Treasury Dept., a designation action means, “all property and interests in property of the designated persons that are in the possession or control of U.S. persons or within or transiting the United States are blocked, and U.S. persons generally are prohibited from dealing with them.”
However, considering the “property” in this context is a decentralized cryptocurrency, it’s unclear what — if anything — this action means in real world terms. Unlike assets held by a U.S. bank or bank in a friendly nation, a bitcoin wallet doesn’t fall under any authority’s jurisdiction.
Making the case worse for the Treasury Dept., neither bitcoin wallet had a meaningful balance at the time of the designation announcement. One of the wallets hadn’t seen activity since Dec. 2017 — until receiving two payments the day after the Treasury announcement — and the other had a balance equivalent to just over $3 as of Nov. 11, before receiving two payments each on the day of and the day after the announcements.
The two bitcoin wallets combined received a total of 5901.4 BTC while in use, but the value of that is difficult to calculate because of the high volatility of bitcoin prices over the past year and the owners of the wallets always being quick to send funds to other accounts. It’s possible the amount of bitcoin was worth tens of millions of U.S. dollars.
That’s tens of millions of dollars sent to dozens or hundreds of different accounts going back to 2013, and all but about $3 of which was gone before the Treasury Dept. announced any actions.
At least with the indictments, the DoJ can theoretically limit the travel of the individuals charged or seize assets in America. The Treasury Dept. has put sanctions on two men who most likely won’t be extradited, and are attempting to “block” property that was gone before any action was taken. That feels like peak justice theater.