December 5, 2021

News

News Network

Rewards for Justice – Reward Offer for Information on Foreign Malicious Cyber Activity Against U.S. Critical Infrastructure

13 min read

Office of the Spokesperson

The U.S. Department of State’s Rewards for Justice (RFJ) program, which is administered by the Diplomatic Security Service, is offering a reward of up to $10 million for information leading to the identification or location of any person who, while acting at the direction or under the control of a foreign government, participates in malicious cyber activities against U.S. critical infrastructure in violation of the Computer Fraud and Abuse Act (CFAA).

Certain malicious cyber operations targeting U.S. critical infrastructure may violate the CFAA. Violations of the statute may include transmitting extortion threats as part of ransomware attacks; intentional unauthorized access to a computer or exceeding authorized access and thereby obtaining information from any protected computer; and knowingly causing the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causing damage without authorization to a protected computer. Protected computers include not only U.S. government and financial institution computer systems, but also those used in or affecting interstate or foreign commerce or communication.

Commensurate with the seriousness with which we view these cyber threats, the Rewards for Justice program has set up a Dark Web (Tor-based) tips-reporting channel to protect the safety and security of potential sources. The RFJ program also is working with interagency partners to enable the rapid processing of information as well as the possible relocation of and payment of rewards to sources. Reward payments may include payments in cryptocurrency.

More information about this reward offer is located on the Rewards for Justice website at www.rewardsforjustice.net . We encourage anyone with information on malicious cyber activity, carried out against U.S. critical infrastructure in violation of the CFAA by actors at the direction of or under the control of a foreign government, to contact the Rewards for Justice office via our Tor-based tips-reporting channel at: he5dybnt7sr6cm32xt77pazmtm65flqy6irivtflruqfc5ep7eiodiad.onion (Tor browser required).

Since its inception in 1984, the program has paid in excess of $200 million to more than 100 people across the globe who provided actionable information that helped prevent terrorism, bring terrorist leaders to justice, and resolve threats to U.S. national security. Follow us on Twitter at https://twitter.com/RFJ_USA .

More from: Office of the Spokesperson

News Network

  • Small Business Contracting: Better Documentation and Reporting Needed on Procurement Center Representatives
    In U.S GAO News
    The Small Business Administration (SBA) does not maintain complete documentation to support data on the activities of procurement center representatives (PCR), which is information used to oversee PCRs and assess their performance. PCRs are responsible for helping small businesses gain access to federal contracting and subcontracting opportunities—for example, by making set-aside recommendations to federal agency contracting officers. SBA area offices generate a monthly report that summarizes data on PCRs' activities and accomplishments, and SBA procedures require PCRs to maintain these reports and the supporting documentation. GAO found that they do not consistently do either. According to SBA officials, in some cases the supporting documentation, which PCRs store on their individual computers or in their offices, either was destroyed or was not maintained after PCRs left their positions. Officials told GAO that SBA recently implemented a new database and established a policy requiring the monthly reports to be maintained in the database. However, SBA has not established a centralized means of maintaining the supporting documentation. A central repository for PCRs to store their supporting documentation would provide greater assurance that the documentation is maintained as required and help SBA verify the accuracy of the data PCRs report on their activities. SBA assigns PCRs to buying activities, divisions in federal agencies that purchase goods and services based on geographic coverage and other factors. Specifically, PCRs are assigned within one of six regional areas to ensure geographic coverage, at specific federal agencies, and at buying activities that have significant opportunities for small business contracting. However, SBA has not submitted required reports to Congress on its rationale for assigning PCRs to cover buying activities. The Small Business Act, as amended, requires that SBA submit a report (1) identifying each area for which SBA has assigned a PCR, (2) explaining why SBA selected the areas for assignment, and (3) describing the activities performed by PCRs. SBA was required to submit the first report to Congress by December 26, 2010, and subsequent reports every 3 years thereafter. SBA officials told GAO they were not aware of the reporting requirement. As a result, Congress lacks the information these reports were intended to provide, information that could be useful for its oversight of PCRs. The Small Business Act establishes tools to enhance procurement opportunities for small businesses, such as set-asides and requirements that large contractors set goals for using small business subcontractors. SBA's PCRs advocate for the inclusion of small businesses during the procurement process. GAO was asked to examine how PCRs help small businesses gain access to federal contracting and subcontracting opportunities. This report addresses, among other objectives, (1) documentation SBA maintains on the activities of PCRs and (2) how SBA assigns PCRs to cover buying activities and its requirement to report to Congress on these assignments. GAO reviewed SBA policies and procedures, data on PCR assignments, and selected data reported by PCRs and related documentation. GAO also interviewed agency officials. GAO recommends that SBA (1) develop a central repository for PCRs to store the supporting documentation for the data they report on their activities and (2) ensure that it submits required reports to Congress on PCRs' assignments and activities. SBA concurred with both recommendations. For more information, contact William B. Shear at (202) 512-8678 or shearw@gao.gov.
    [Read More…]
  • Secretary Antony J. Blinken and Danish Foreign Minister Jeppe Kofod at a Joint Press Availability
    In Crime Control and Security News
    Antony J. Blinken, [Read More…]
  • Remarks at UNA-USA Global Engagement Summit
    In Climate - Environment - Conservation
    John Kerry, Special [Read More…]
  • United States Welcomes Australia’s Intended Action Against Hizballah 
    In Crime Control and Security News
    Ned Price, Department [Read More…]
  • [Protest of Air Force Contract Award for Modernization Support Services]
    In U.S GAO News
    A firm protested an Air Force contract award for systems modernization support services, contending that the Air Force: (1) unreasonably determined that its proposal represented a moderate risk; (2) treated the protester and the awardee unfairly in the evaluation of the two firms' proposed architectures; (3) inappropriately evaluated its bid under the development-implementation processes evaluation factor; (4) should have considered the awardee's poor past performance on three large programs; and (5) should have rejected the awardee's proposal, since the solicitation prohibited the submission of more than one proposal by a bidder. GAO held that the Air Force: (1) reasonably determined the protester's bid represented a moderate risk, since its proposed architecture was based upon emerging technology and would require a substantial amount of custom software development; (2) treated the protester and the awardee fairly in the risk assessment; (3) appropriately considered the bidder's past performance in the bid evaluation, since the solicitation criteria provided for consideration of bidder's relevant experience; (4) properly limited its consideration of the awardee's performance to those procurements that the awardee itself performed as opposed to those performed by affiliated entities; and (5) properly accepted proposals from the awardee and an affiliated entity, since each were a separate business entity within a larger corporation. Accordingly, the protest was denied.
    [Read More…]
  • Robert Katzmann, Judge and Civics Advocate, Dies at 68
    In U.S Courts
    Robert A. Katzmann, a former chief judge of the Second Circuit U.S. Court of Appeals and a tireless, impassioned advocate of civics education, died June 9. He was 68.
    [Read More…]
  • Visit of Special Envoy for the Horn of Africa Jeffrey Feltman to Sudan
    In Crime Control and Security News
    Office of the [Read More…]
  • Secretary Antony J. Blinken Introductory Remarks for Youth Speaker Xiye Bastida
    In Crime Control and Security News
    Antony J. Blinken, [Read More…]
  • Joint Statement by the Secretary of State of the United States of America and the EU High Representative for Foreign Affairs and Security Policy/Vice President of the European Commission
    In Crime Control and Security News
    Office of the [Read More…]
  • Arrest of Eight Pan-Democratic Politicians in Hong Kong
    In Crime Control and Security News
    Michael R. Pompeo, [Read More…]
  • K-12 Education: School Districts Need Better Information to Help Improve Access for People with Disabilities
    In U.S GAO News
    Two-thirds of U.S. public school districts have schools with physical barriers that may limit access for people with disabilities, according to GAO's survey of district officials. Barriers, such as a lack of accessible door hardware and steep ramps, can make it challenging for students, teachers, and others with disabilities to use public school facilities (see fig.). In 55 schools across six states, the most common areas with barriers GAO observed were restrooms, interior doorways, and classrooms. GAO also observed barriers related to safety and security. For example, for security, some schools had installed double-door vestibules with limited maneuvering space that could trap people who use wheelchairs. Examples of Doorway and Auditorium Barriers GAO Observed in Schools Note: Barriers presented in this figure potentially limit physical access for people with disabilities, but taken alone, would not necessarily establish whether a legal violation has occurred. An estimated 70 percent of districts had large-scale renovations, small-scale upgrades, or accessibility evaluations planned in the next 3 calendar years, but frequently cited funding constraints as a challenge to these efforts. Districts also identified the need to prioritize projects that keep buildings operational, such as roofing and heating projects. In addition, GAO's survey, observations during site visits, and interviews with national disability groups revealed a tension between making safety and security upgrades and improving physical accessibility. The Department of Justice (Justice) has not provided technical assistance on physical accessibility in schools, and GAO's surveys indicate such help is needed. Justice has authority to provide information on interpreting the Americans with Disabilities Act of 1990 (ADA), including for public schools, and it has provided technical assistance regarding other public facilities, such as stadiums. In addition, Justice, along with the Department of Education (Education) and other federal agencies, recently launched a new website on school safety, but it does not include specific information on how to improve accessibility of public school facilities or provide information on ADA requirements in the context of school safety upgrades. Without such information, federal agencies may miss opportunities to help ensure that people with disabilities have safe and secure access to public school facilities. National reports have raised concerns about the physical accessibility of public school facilities for people with disabilities. These facilities serve important roles as schools, voting locations, and emergency shelters, among other things. GAO was asked to examine the physical accessibility of public school facilities. This report examines the extent to which (1) school districts have school facilities with physical barriers that may limit access for people with disabilities, (2) districts plan to improve the accessibility of school facilities and the challenges they face, and (3) Justice and Education assist districts and states in improving school facilities' physical accessibility. GAO conducted a nationally representative survey of school districts; surveyed states and the District of Columbia; examined 55 schools across six states, selected for variation in size and other characteristics; reviewed relevant federal laws, regulations, and guidance; and interviewed federal, state, and school district officials, and national disability groups. GAO recommends that Justice work with Education to (1) provide information specific to accessibility of public school facilities and (2) provide information on federal accessibility requirements in the context of public school safety and security. Justice neither agreed nor disagreed with GAO's recommendations. For more information, contact Jacqueline M. Nowicki at (617) 788-0580 or nowickij@gao.gov.
    [Read More…]
  • Justice Department Files Civil Action to Shut Down California Tax Return Preparer
    In Crime News
    The United States has filed a complaint in the U.S. District Court for the Eastern District of California seeking to bar a Visalia, California tax return preparer from owning or operating a tax return preparation business and preparing federal income tax returns for others.
    [Read More…]
  • DOD Health Care: DOD Should Monitor Implementation of Its Clinical Practice Guidelines
    In U.S GAO News
    As of October 2020, the Departments of Defense (DOD) and Veterans Affairs (VA) had jointly developed 22 clinical practice guidelines (VA/DOD CPG) that address specific health conditions, including those related to chronic diseases, mental health issues, pain management, and rehabilitation. Such guidelines are important as military and veteran populations may have different health care needs than civilians due to involvement in combat or occupational exposures (e.g., fumes from burn pits) that may amplify physical and psychological stresses. GAO found that DOD and VA considered the health care needs of these populations throughout the guideline development process and that the guidelines include information about these health care needs in different sections. In some cases, the guidelines include treatment recommendations that specifically address the health care needs of the military and veteran populations. In other instances, they may include information about the prevalence of a specific condition for these populations, among other information. Each of the military services (Army, Air Force, and Navy) has its own process for distributing VA/DOD CPGs to providers at their military treatment facilities (MTF). However, DOD's Defense Health Agency (DHA) is in the process of assuming administrative operations—to include distributing guidelines—for all of the military services' MTFs through an incremental transition process that is to be completed by the end of September 2021. While DHA officials acknowledged that they need to develop a uniform distribution process for the guidelines once they complete the transition, MTF providers can currently access the guidelines through VA's designated website and DOD's electronic health record systems. Congress directed DOD to implement VA/DOD CPGs, using means such as providing education and training, and to monitor MTFs' implementation of them. However, GAO found that DHA and the military services are not systematically monitoring MTFs' implementation of these guidelines. While the Army tracks VA/DOD CPG education and training at its MTFs, officials with DHA, the Navy, and the Air Force explained that they have not been monitoring MTF implementation of these guidelines. DHA officials acknowledged that they need to develop a monitoring process as they assume administrative and oversight responsibilities for the military services' MTFs, but have not yet developed a plan to do so. Without a systematic process to monitor MTF implementation of these guidelines, DHA does not know the extent to which MTF providers may be using VA/DOD CPGs to reduce the variability and improve the quality of health care services provided—factors that may contribute to better health outcomes across the military health system. Through DOD's TRICARE program, eligible beneficiaries may receive care from providers at MTFs or from civilian providers. The National Defense Authorization Act for Fiscal Year 2017 required DOD to establish a program to develop, implement, update, and monitor clinical practice guidelines, which are evidence-based treatment recommendations to improve the consistency and quality of care delivered by MTF providers. The Act also included a provision for GAO to assess issues related to the military health system, including the process of ensuring that providers adhere to clinical practice guidelines, and to report annually for 4 years. This is GAO's fourth report based on the Act. This report describes (1) how the process for developing the guidelines considers the health care needs of the military and veteran populations, (2) how they are distributed by the military services to their providers and how providers access them, and (3) the extent to which DHA and the military services monitor MTF implementation of them, among other things. GAO reviewed relevant policies and guidance; analyzed each of the 22 CPGs; and interviewed officials with DOD, the military services, and VA. GAO recommends that DHA work with the military services to develop and implement a systematic process to monitor MTFs' implementation of VA/DOD CPGs. DOD concurred with this recommendation. For more information, contact Debra A. Draper at (202) 512-7114 or draperd@gao.gov.
    [Read More…]
  • California Man Sentenced to More Than Six Years in Prison for Federal Hate Crime Conviction
    In Crime News
    A California man was sentenced to 82 months in prison for committing a federal hate crime in connection with attacking a Black man with a knife in Santa Cruz, California. The sentence was handed down by the Hon. Edward J. Davila, U.S. District Judge for the Northern District of California.
    [Read More…]
  • Huawei CFO Wanzhou Meng Admits to Misleading Global Financial Institution
    In Crime News
    The Chief Financial Officer of Huawei Technologies Co. Ltd., Wanzhou Meng, 49, of the People’s Republic of China (PRC), appeared today in federal district court in Brooklyn, entered into a deferred prosecution agreement (DPA) and was arraigned on charges of conspiracy to commit bank fraud and conspiracy to commit wire fraud, bank fraud and wire fraud.
    [Read More…]
  • Blue Bell Creameries Ordered To Pay $17.25 Million In Criminal Penalties In Connection With 2015 Listeria Contamination
    In Crime News
    A federal court in Texas sentenced ice cream manufacturer Blue Bell Creameries L.P. to pay $17.25 million in criminal penalties for shipments of contaminated products linked to a 2015 listeriosis outbreak, the Justice Department announced today.
    [Read More…]
  • Woman Who Laundered Over $2 Million for International ‘Child Modeling’ Websites Sentenced to More Than Five Years in Federal Prison
    In Crime News
    A Florida woman was sentenced today to five years and three months in prison for engaging in a money laundering scheme in connection with an international, subscription-based, sexually-exploitative enterprise based in Florida that operated “child modeling” websites.
    [Read More…]
  • MS-13 Member Pleads Guilty to Racketeering Conspiracy Involving Murder and Attempted Murder
    In Crime News
    A Maryland man pleaded guilty today to conspiracy to participate in a racketeering enterprise by murdering a suspected rival gang member and attempting to murder two other victims, in connection with his MS-13 gang activities. 
    [Read More…]
  • Information Technology: DHS Directives Have Strengthened Federal Cybersecurity, but Improvements Are Needed
    In U.S GAO News
    What GAO Found The Department of Homeland Security (DHS) has established a five-step process for developing and overseeing the implementation of binding operational directives, as authorized by the Federal Information Security Modernization Act of 2014 (FISMA). The process includes DHS coordinating with stakeholders early in the directives' development process and validating agencies' actions on the directives. However, in implementing the process, DHS did not coordinate with stakeholders early in the process and did not consistently validate agencies' self-reported actions. In addition to being a required step in the directives process, FISMA requires DHS to coordinate with the National Institute of Standards and Technology (NIST) to ensure that the directives do not conflict with existing NIST guidance for federal agencies. However, NIST officials told GAO that DHS often did not reach out to NIST on directives until 1 to 2 weeks before the directives were to be issued, and then did not always incorporate the NIST technical comments. More recently, DHS and NIST have started regular coordination meetings to discuss directive-related issues earlier in the process. Regarding validation of agency actions, DHS has done so for selected directives, but not for others. DHS is not well-positioned to validate all directives because it lacks a risk-based approach as well as a strategy to check selected agency-reported actions to validate their completion. Directives' implementation often has been effective in strengthening federal cybersecurity. For example, a 2015 directive on critical vulnerability mitigation required agencies to address critical vulnerabilities discovered by DHS cyber scans of agencies' internet-accessible systems within 30 days. This was a new requirement for federal agencies. While agencies did not always meet the 30-day requirement, their mitigations were validated by DHS and reached 87 percent compliance by 2017 (see fig. 1). DHS officials attributed the recent decline in percentage completion to a 35-day partial government shutdown in late 2018/early 2019. Nevertheless, for the 4-year period shown in the figure below, agencies mitigated within 30 days about 2,500 of the 3,600 vulnerabilities identified. Figure 1: Critical Vulnerabilities Mitigated within 30 days, May 21, 2015 through May 20, 2019 Agencies also made reported improvements in securing or replacing vulnerable network infrastructure devices. Specifically, a 2016 directive on the Threat to Network Infrastructure Devices addressed, among other things, several urgent vulnerabilities in the targeting of firewalls across federal networks and provided technical mitigation solutions. As shown in figure 2, in response to the directive, agencies reported progress in mitigating risks to more than 11,000 devices as of October 2018. Figure 2: Federal Civilian Agency Vulnerable Network Infrastructure Devices That Had Not Been Mitigated, September 2016 through January 2019 Another key DHS directive is Securing High Value Assets, an initiative to protect the government's most critical information and system assets. According to this directive, DHS is to lead in-depth assessments of federal agencies' most essential identified high value assets. However, an important performance metric for addressing vulnerabilities identified by these assessments does not account for agencies submitting remediation plans in cases where weaknesses cannot be fully addressed within 30 days. Further, DHS only completed about half of the required assessments for the most recent 2 years (61 of 142 for fiscal year 2018, and 73 of 142 required assessments for fiscal year 2019 (see fig. 3)). In addition, DHS does not plan to finalize guidance to agencies and third parties, such as contractors or agency independent assessors, for conducting reviews of additional high value assets that are considered significant, but are not included in DHS's current review, until the end of fiscal year 2020. Given these shortcomings, DHS is now reassessing key aspects of the program. However, it does not have a schedule or plan for completing this reassessment, or to address outstanding issues on completing required assessments, identifying needed resources, and finalizing guidance to agencies and third parties. Figure 3: Department of Homeland Security Assessments of Agency High Value Assets, Fiscal Years (FY) 2018 through 2019 Why GAO Did This Study DHS plays a key role in federal cybersecurity. FISMA authorized DHS, in consultation with the Office of Management and Budget, to develop and oversee the implementation of compulsory directives—referred to as binding operational directives—covering executive branch civilian agencies. These directives require agencies to safeguard federal information and information systems from a known or reasonably suspected information security threat, vulnerability, or risk. Since 2015, DHS has issued eight directives that instructed agencies to, among other things, (1) mitigate critical vulnerabilities discovered by DHS through its scanning of agencies' internet-accessible systems; (2) address urgent vulnerabilities in network infrastructure devices identified by DHS; and (3) better secure the government's highest value and most critical information and system assets. GAO was requested to evaluate DHS's binding operational directives. This report addresses (1) DHS's process for developing and overseeing the implementation of binding operational directives and (2) the effectiveness of the directives, including agencies' implementation of the directive requirements. GAO selected for review the five directives that were in effect as of December 2018, and randomly selected for further in-depth review a sample of 12 agencies from the executive branch civilian agencies to which the directives apply. In addition, GAO reviewed DHS policies and processes related to the directives and assessed them against FISMA and Office of Management and Budget requirements; administered a data collection instrument to selected federal agencies; compared the agencies' responses and supporting documentation to the requirements outlined in the five directives; and collected and analyzed DHS's government-wide scanning data on government-wide implementation of the directives. GAO also interviewed DHS and selected agency officials.
    [Read More…]
  • Secretary Michael R. Pompeo With Greg Kelly of Greg Kelly Reports on Newsmax TV
    In Crime Control and Security News
    Michael R. Pompeo, [Read More…]

Crime

Network News © 2005 Area.Control.Network™ All rights reserved.