FBI adopts more aggressive approach to pursuing cyber criminals
The agency received court authorisation in April to hack hundreds of victim's machines, in order to remove malware
The FBI has amended its tactics towards hackers and is now taking more aggressive steps to counter criminals behind devastating hacks.
According to Bloomberg, the FBI's new approach may be rooted in the notorious cyber campaign by state-backed Chinese hackers earlier this year, which enabled them to compromise thousands of private Microsoft Exchange email servers.
At least 30,000 organisations across the United States were compromised through four security vulnerabilities impacting Microsoft's Exchange Server email software.
In response, the FBI recevied a Houston federal judge's authorisation to remotely access hundreds of hacked networks and block the hackers' digital points of entry.
The FBI used the same vulnerability in the servers as the hackers, enabling the agents to break into machines and remove the backdoors the criminals had planted.
"The FBI has definitely decided to be more aggressive," Elvis Chan, the assistant special agent in charge of cyber investigations in the FBI's San Francisco field office, told Bloomberg in an interview.
"Our toolkit hasn't changed. We're just using the tools a little bit more," he added.
Another example of the new approach is in the FBI's joint operation with the National Security Agency (NSA), which disrupted a Russian cyber-espionage campaign.
In a more recent operation, the FBI successfully recovered the ransom paid to hackers following a ransomware attack on the Colonial Pipeline. In an affidavit filed in court earlier this month, the US Justice Department said that it had recovered the majority of the $4.4 million (£3.1m) ransom paid to the perpetrators of the attack.
The Department claimed that the FBI possessed the private key to the criminals' Bitcoin wallet, which enabled federal agents to unlock the wallet and transfer the cryptocurrency elsewhere.
"Today we turned the tables on DarkSide," Deputy Attorney General Lisa Monaco said in a press conference earlier this month, referring to the Russia-linked cybercrime group that was blamed in Colonial Pipeline attack.
Deputy FBI Director Paul Abbate told reporters that investigators had identified more than 90 firms victimised by DarkSide.
In an interview with the Wall Street Journal, FBI Director Christopher Wray compared the Colonial Pipeline breach to the 11th September attacks.
"There are a lot of parallels, there's a lot of importance, and a lot of focus by us on disruption and prevention," Wray said.
Wray said the Bureau was investigating about 100 different types of ransomware, many of which can be traced back to threat actors in Russia.
The new efforts to counter cyber criminals are not confined to the FBI. It is a "whole of government" priority says Anne Neuberger, deputy national security advisor for cyber and emerging technologies.
"It's a dramatic difference in terms of saying this is a priority."
A recent example is the NSA's launch of a collaboration centre to encourage information sharing with private firms in the US.
Wray also announced a new cyber strategy last year, intended to "make it harder and more painful for hackers and criminals to do what they're doing."