July 24, 2015

DOJ Cracks Down on Cyber Criminals

Daniel McKenna, Beth Moskow-Schnoll, Philip Yannella

Ballard Spahr LLP

+ Follow Contact

Send

Embed

The Department of Justice (DOJ) recently announced the largest coordinated international law enforcement effort ever directed at an online cyber-criminal forum. Financial institutions and other companies should consider whether to incorporate some of the lessons learned from the DOJ’s Operation Shrouded Horizon into their own information security programs.

The enforcement action was taken against members of Darkode, an online, password-protected forum in which hackers and other cyber-criminals convened to buy, sell, trade and share information, ideas, and tools to facilitate unlawful intrusions on others’ computers and electronic devices. As part of Operation Shrouded Horizon, the FBI infiltrated Darkode’s membership to obtain insight about individuals making malware available for sale. In a related case, two Darkode members pleaded guilty to charges connected to SpyEye, a malicious banking trojan ( a type of malware) that may have been used to steal information from approximately 253 financial institutions around the world.

“Of the roughly 800 criminal internet forums worldwide, Darkode represented one of the gravest threats to the integrity of data on computers in the United States and around the world and was the most sophisticated English-speaking forum for criminal computer hackers in the world,” said U.S. Attorney David J. Hickton.

The DOJ’s recent Best Practices for Victim Response and Reporting of Cyber Incidents provides guidance to small and large organizations that are developing cyber incident response plans and preparing to respond to cyber incidents by incorporating lessons learned by federal prosecutors while handling cyber investigations and prosecutions. Among the DOJ’s recommendations are best practices to implement before a cyber incident, including:

Reviewing and adopting risk management practices found in guidance such as the National Institute of Standards and Technology (NIST) Cybersecurity Framework;
Creating an actionable incident response plan;
Establishing proactive relationships with local federal law enforcement offices; and
Retaining legal counsel that is familiar with legal issues associated with cyber incidents.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

Written by:

Ballard Spahr LLP

Contact + Follow

Daniel McKenna

+ Follow

Beth Moskow-Schnoll

+ Follow

Philip Yannella

+ Follow

less

Published In:

Best Practices

+ Follow

Criminal Prosecution

+ Follow

Cyber Crimes

+ Follow

Cybersecurity

+ Follow

Department of Justice (DOJ)

+ Follow

Enforcement Actions

+ Follow

FBI

+ Follow

Financial Institutions

+ Follow

Hackers

+ Follow

Malware

+ Follow

New Guidance

+ Follow

NIST

+ Follow

Criminal

+ Follow

Finance & Banking

+ Follow

Science, Computers & Technology

+ Follow

less

Ballard Spahr LLP on:

DOJ Cracks Down on Cyber Criminals

Related Posts

Latest Posts

Written by:

Published In:

Ballard Spahr LLP on:

"My best business intelligence, in one easy email…"