Ballard Spahr LLP: DOJ Cracks Down on Cyber Criminals

The Department of Justice (DOJ) recently announced the largest coordinated international law enforcement effort ever directed at an online cyber-criminal forum. Financial institutions and other companies should consider whether to incorporate some of the lessons learned from the DOJ’s Operation Shrouded Horizon into their own information security programs. 

The enforcement action was taken against members of Darkode, an online, password-protected forum in which hackers and other cyber-criminals convened to buy, sell, trade and share information, ideas, and tools to facilitate unlawful intrusions on others’ computers and electronic devices. As part of Operation Shrouded Horizon, the FBI infiltrated Darkode’s membership to obtain insight about individuals making malware available for sale. In a related case, two Darkode members pleaded guilty to charges connected to SpyEye, a malicious banking trojan ( a type of malware) that may have been used to steal information from approximately 253 financial institutions around the world.

“Of the roughly 800 criminal internet forums worldwide, Darkode represented one of the gravest threats to the integrity of data on computers in the United States and around the world and was the most sophisticated English-speaking forum for criminal computer hackers in the world,” said U.S. Attorney David J. Hickton.

The DOJ’s recent Best Practices for Victim Response and Reporting of Cyber Incidents provides guidance to small and large organizations that are developing cyber incident response plans and preparing to respond to cyber incidents by incorporating lessons learned by federal prosecutors while handling cyber investigations and prosecutions. Among the DOJ’s recommendations are best practices to implement before a cyber incident, including:

• Reviewing and adopting risk management practices found in guidance such as the National Institute of Standards and Technology (NIST) Cybersecurity Framework;
• Creating an actionable incident response plan;
• Establishing proactive relationships with local federal law enforcement offices; and
• Retaining legal counsel that is familiar with legal issues associated with cyber incidents.

Members of Ballard Spahr’s Privacy and Data Security Group and Consumer Financial Services Group regularly advise financial institutions on compliance with data security and privacy issues, including counseling companies about any applicable information security laws and regulations, providing guidance on cybersecurity policies and procedures as well as breach response plans, and advocating on behalf of companies facing breach-related litigation. 

Copyright © 2015 by Ballard Spahr LLP.
www.ballardspahr.com
(No claim to original U.S. government material.)

All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, including electronic, mechanical, photocopying, recording, or otherwise, without prior written permission of the author and publisher.

This alert is a periodic publication of Ballard Spahr LLP and is intended to notify recipients of new developments in the law. It should not be construed as legal advice or legal opinion on any specific facts or circumstances. The contents are intended for general informational purposes only, and you are urged to consult your own attorney concerning your situation and specific legal questions you have.

For more information about LexisNexis products and solutions, connect with us through our corporate site.