- The report comes on the heels of a Microsoft executive reporting phishing attempts against midterm congressional campaigns.
- The DOJ report tackles not just election fears and foreign influence, but a full range of cybercrimes.
- The document highlights the increasingly critical role that private sector companies are playing in national security matters.
Deputy Attorney General Rod Rosenstein released a 144-page report Thursday evening detailing actions he said the Department of Justice has taken to combat security issues related to U.S. elections, “foreign influence campaigns” waged on social media and the full scope of other cybercrimes.
The DOJ’s Cyber-Digital Task Force report seems designed to serve as a weighty reference guide to any questions of what U.S. law enforcement is doing to combat a proliferation of cyberthreats. The report goes well beyond election threats, detailing nearly every major legal action, incident and prominent cyberarrest in which the Justice Department has been involved in the past four years.
It highlights the growing theme of total reliance by the government on the private sector for helping deal with national security matters related to technology.
The report is an important signpost as the midterm elections approach. Just before Rosenstein spoke at a security conference in Aspen, Colorado, Tom Burt, Microsoft’s corporate vice president for security and trust, told a panel at the conference that the company had observed phishing attempts against midterm candidates.
The three unnamed congressional campaigns were targeted by attacks similar to those sustained by the Democratic National Committee in 2016, he told the panel.
Rosenstein’s report discusses outreach the federal government has conducted to state election boards. It says the DOJ is worried not only about attacks emanating from Russia, like those described by Burt, but copycat operations from other nations.
Some scenarios the department says it is concerned with include attackers targeting voter registration databases or voting machines, or the power grid during the election. Operations aimed at removing eligible voters from voter rolls or manipulating elections results are something law enforcement is also considering, according to the report.
The Justice Department described several ways it is attempting to work with private sector companies on several cybercrime problems.
Rosenstein said the DOJ expects to increase its work with the private sector, particularly social media providers in identifying what it calls “foreign influence activity.” The report says the FBI will assist social media companies such as Facebook and Twitter in their voluntary efforts to combat these campaigns.
The DOJ characterized the partnership as similar to how those companies already deal with combating illegal activity like internet fraud or child pornography, according to the report.
The department outlined several instances of how corporations are increasingly serving as both targets of cybercriminals and partners in solving wider crimes. “Virtually every instance of cyber-related crime implicates the private sector in some way,” the report says. Companies not only serve as victims, but as often unwitting conduits for criminal activity, according to the report, and the Justice Department is trying to increase how often it works with companies on investigations.
The report describes how the Justice Department expects companies to work with the FBI. Those steps include developing a law enforcement response plan and establishing relationships with local FBI cyber field offices. The DOJ also expects companies to “understand the threats and trends that may affect your organization and adjust defenses accordingly” and “notify the FBI when you experience an incident; your issue may be part of a larger adversary campaign.”
The Justice Department also discussed its side of the debate on what it calls the “going dark problem,” a range of issues in getting usable data on criminals and suspects, focused mainly on the proliferation of advanced encryption technology for texting and phone calls.
Encryption has posed a “significant impediment” to criminal investigations, the report says. The FBI has been involved in disputes with technology providers like Apple, Signal and WhatsApp over whether these companies should be forced to decrypt communications for criminal investigations.
“Today, the average consumer has access to better technology than sophisticated criminals had twenty years ago,” the report reads.
The Justice Department says the issue is creating an increasing impediment to a wide range of investigations, from crimes against children, to terrorism and drug activity. Technology companies have countered that breaking encryption in this way threatens the integrity of greater swaths of encryption technology, and that providing keys to decrypt communications in one instance can open the door to unveiling any private conversation.