WASHINGTON—The Justice Department is broadening its overseas efforts against cybercrime, for the first time stationing a legal adviser in Malaysia to help ensure Southeast Asian countries have the laws and tools to fight hackers.
The position is intended to shore up international partnerships against a type of crime that’s without geographic borders and is often carried out by overseas hackers who elude American prosecution.
Federal officials see stronger foreign cybercrime laws as essential if other countries hope to address the problem, especially given the obstacles the U.S. government often faces in locating, extraditing and convicting overseas hackers.
The post is funded by the State Department and lasts for a year, though Justice Department officials hope to expand the initiative to other parts of the world if it proves successful.
“It’s a region of the world where there’s a high level of sophistication with technology” where cyber criminals can set up “and prey on others in the world,” Assistant Attorney General Leslie Caldwell, head of the Justice Department’s criminal division, said in an interview with The Associated Press.
She formally announced the move in a cybercrime speech in Rhode Island on Friday, saying the Justice Department was committed to “working hand-in-hand with foreign governments.”
The announcement came just as federal authorities made public the detention in Malaysia of a Kosovo citizen who’s accused of hacking crimes and providing stolen personal information about U.S. service members and federal employees to Islamic State leaders. John Carlin, the Justice Department’s top national security official, called the case “the first of its kind.”
The new post in Malaysia is occupied by Thomas Dougherty, who spent years as a Justice Department computer crimes prosecutor. He already has met with officials from Vietnam to discuss potential improvements to that country’s penal code and has reviewed cases with Malaysian officials. He'll also be expected to serve as a point of contact for coordinating training on cyber investigations and prosecutions and a resource for questions about the use of electronic evidence and other topics, State Department officials said.
The new position is an acknowledgement that encouraging foreign countries to arrest hackers within their own borders can sometimes be a more efficient strategy than hauling them into U.S. courts. But U.S. officials say they'll continue seeking extradition of those captured overseas, and that improving laws in foreign countries is part of that process. The United States has extradited almost a dozen cyber criminals in the last year, Caldwell said Friday.
The initiative is similar to one undertaken by the FBI, which for several years has stationed specialized cyber agents at some of the dozens of legal attache offices the bureau maintains around the world. The FBI says on its website that it has 64 legal attache offices in different parts of the world and more than a dozen smaller sub-offices,
The FBI has cyber agents assigned to more than a half-dozen countries, including Estonia, Romania, Australia and Canada, and temporary positions in some other nations as well, said Gerald Bessette, an FBI cyber section chief.
“Every country has different legal investigative structures,” Bessette said. “So we want to know who our partners are if we have an investigation where we’re going to ask a foreign country to take legal action” such as seizing a computer server that’s being used to commit crimes.
He said those partnerships paid off in an investigation last year into sophisticated malware known as BlackShades that infected more than a half-million computers worldwide and permitted cybercriminals to remotely hijack a computer and its webcam. Federal authorities charged about 100 people, with police throughout Europe involved in coordinating arrests.
Shawn Henry, a former FBI executive assistant director, said good relationships are crucial because the FBI generally can’t work an international case successfully without a host government’s cooperation.
“I don’t care who arrests them, as long as they’re bad guys and off the playing field,” said Henry, president of CrowdStrike Services, a security technology company. “If a foreign government can arrest them and charge them successfully, I’m happy.”
