Skip to content
Author
PUBLISHED: | UPDATED:
Getting your Trinity Audio player ready...

By Joseph Menn

LAS VEGAS, July 25 (Reuters) – The U.S. Justice Department

may put national security experts with cybersecurity training

into department offices around the country in order to take

legal action against computer facilities used in attacks on

government agencies and private companies, according to a former

high-ranking FBI official.

The department would then be able to sue Web-hosting firms

and other third parties and get court approval to seize Web

addresses or shut down hosting companies to disrupt attack

networks, former FBI Executive Assistant Director Shawn Henry

told Reuters Wednesday.

The Justice Department did not respond to a request for

comment. Henry said Justice officials briefed him on the plan,

which dates to before he left the agency in March.

“The Department of Justice’s national security division has

started to take a much more aggressive approach,” Henry said in

the interview. “It is looking at actions it can take to hold

governments accountable” and “create some disruption to the

adversary.”

If it goes forward, the expansion of the Justice

Department’s fight against cyberattacks would be another way for

the Obama administration to act against what it has been warning

is an enormous risk to the country’s national and economic

security.

Henry said increased sharing of information and the

establishment of security standards for critical infrastructure

that could be sabotaged were also essential.

Steps toward both are included in a Senate bill that has

recently been softened to overcome Republican and business

objections. The legislation has the support of the Obama

administration and Senate Majority Leader Harry Reid, but it

differs substantially from a House version, and the political

dynamics of the election year will make compromise difficult.

The Federal Trade Commission has gone to court in recent

years to seize control of computers from criminal groups, but

the Justice Department has until now primarily sought criminal

charges against spies or referred cases that lead overseas to

State Department diplomats.

Henry said that the Justice Department could apply the FTC

strategy against espionage and saboteurs.

Henry disclosed the plan in an interview after a speech to

the Black Hat security conference in Las Vegas in which he said

90 percent of attacks on U.S. companies and government agencies

remain secret.

He said that secrecy has kept the general public from

realizing the extent of the threat to the country, which he

ranked behind only weapons of mass destruction.

Henry said officials have also been asking other national

governments more about specific criminal or spy groups than they

have in the past.

Now an executive with private security startup CrowdStrike,

Henry said that it was important for government agencies and

private companies alike to accept that their networks have been

penetrated and to find out as much as they can about the

individuals involved.

“The intelligence model is the right model,” he said, adding

that his company has already been able to identify individual

attackers that had hacked clients.

(Editing by Steve Orlofsky)