Remarks as Prepared for Delivery
Thank you, Kenneth. Today, I’m pleased to announce that we are super-charging the Computer Crime and Intellectual Property Section (CCIPS) by adding to it another hugely successful Criminal Division team. Beginning this week, we are merging the National Cryptocurrency Enforcement Team, or NCET, into CCIPS, creating a single office that consolidates the Criminal Division’s expertise in all aspects of fighting cybercrime.
Within CCIPS, NCET will continue its mission. NCET will investigate and, where appropriate, prosecute criminal offenses involving the abuse of cryptocurrency. That includes, in partnership with the Criminal Division’s Money Laundering and Asset Recovery Section (MLARS), investigating and prosecuting cryptocurrency exchanges that facilitate money laundering. As has always been the case, NCET will leverage MLARS expertise in money laundering, Bank Secrecy Act, and financial institution cases, and digital asset seizure and forfeiture by continuing to collaborate with MLARS in these areas.
NCET will also continue to fulfill its other core responsibilities: building and enhancing its relationships with cryptocurrency-focused AUSAs and prosecutors from other Department litigating components; and playing the crucial role it has in capacity building by training these prosecutors and our law enforcement partners on best practices in investigative and prosecutorial strategies in these complex cases.
At the direction of Deputy Attorney General Lisa Monaco, the Criminal Division launched NCET in 2021. NCET was created to tackle complex investigations and prosecutions of criminal misuses of cryptocurrency, particularly crimes committed by virtual currency exchanges, mixing and tumbling services, and money laundering infrastructure actors.
To build NCET, we tapped experts from CCIPS and MLARS. CCIPS and MLARS had already been working on cutting edge investigations involving cryptocurrency exchanges that were violating the law. And MLARS had already taken steps to create a cryptocurrency enforcement initiative, and the experts in this group added their expertise to the NCET team.
We then brought on AUSAs with cryptocurrency experience from around the country.
The result was an all-star team of cryptocurrency attorneys.
NCET is the government’s most impressive collection of cryptocurrency-knowledgeable criminal lawyers, equipped with a deep understanding of the technology, business, and legal sides of cryptocurrency.
NCET quickly generated results. In January, the Deputy Attorney General and Assistant Attorney General Polite announced a major NCET case: the arrest of a senior executive of a cryptocurrency exchange named Bitzlato on charges of operating a money-transmitting business that transported and transmitted illicit funds and that failed to meet U.S. regulatory safeguards.
One month later, we announced another NCET case: the arrest of a man on charges of commodities fraud, commodities market manipulation, and wire fraud in connection with the manipulation of the Mango Markets decentralized cryptocurrency exchange.
NCET also led the Department’s work on writing reports on behalf of the Attorney General to the President on the role of law enforcement in detecting, investigating, and prosecuting criminal activity related to digital assets.
NCET further launched a new network of AUSAs, the Digital Asset Coordinator (DAC) network, serving as the Department’s primary forum for prosecutors to obtain and disseminate specialized training, technical expertise, and guidance about the investigation and prosecution of digital asset crimes.
It’s now time to bring NCET to the next level. NCET has been an enormously successful startup. Merging it into CCIPS will give it the resources and runway to accomplish even more. Let me explain how.
First, this merger means that the number of Criminal Division attorneys available to work on criminal cryptocurrency matters will more than double. Any CCIPS attorney can potentially be assigned to work an NCET case. The potential for cross-over and collaboration is enormous. It’s become obvious to everyone in the cybercrime field that cryptocurrency work and cyber prosecutions are intertwined, and will become even more so in the future.
Second, this merger elevates cryptocurrency work within the Criminal Division by giving it equal status to computer crime and intellectual property work. The Director of NCET will personally have the authority to approve charging decisions and other steps in investigations and litigation.
Third, merged into CCIPS, NCET will multiply the entire Department’s ability to trace cryptocurrency, to charge cases involving the criminal use of cryptocurrency, and to seize legally forfeitable cryptocurrency as a way to get those funds back to victims – just as CCIPS has, historically, helped prosecutors throughout the Department confront electronic evidence, intellectual property, and computer crime issues. Every modern prosecutor needs to be able to trace and seize cryptocurrency. This merger recognizes that.
I want to thank Eun Young Choi, the inaugural Director of NCET, for her leadership in building a tremendous team across the Department to work collaboratively on these issues. She is a tremendous prosecutor, and an innovator, and we look forward to continuing to work with her in her new role.
As Eun Young steps away, I’m pleased to announce that Claudia Quiroz will serve as Acting Director of NCET. Claudia, a long-time Assistant United States Attorney from the U.S. Attorney’s Office in the Northern District of California, has been one of the original deputy directors of NCET since its inception. With her extensive prosecutorial experience and digital currency expertise, I am confident that Claudia will steward NCET to the next level as it merges into CCIPS.
Merging NCET into CCIPS better positions the Criminal Division to meet the challenges set out by the National Cybersecurity Strategy. An urgent priority for the merged CCIPS and NCET is the fight against ransomware. The National Cybersecurity Strategy highlights ransomware as not only an important concern, but as a threat to national security.
CCIPS has, since its 2014 takedown of the CryptoLocker ransomware family, led the Department’s work in fighting ransomware. In June 2021, the Deputy Attorney General formally made CCIPS responsible for coordinating ransomware cases across the Department, and CCIPS attorneys are co-counsel on almost every major ransomware case being conducted by the Department.
The new super-charged CCIPS, merged with NCET, will use its combined expertise to answer this urgent call: the CCIPS cybercrime experts will investigate ransomware crimes, and NCET cryptocurrency specialists will pursue all available opportunities to track criminals through their ransomware payments, vigorously pursuing cryptocurrency payments and freezing or seizing them before they go to Russia and other ransomware hotspots.
The subject of ransomware brings me to another important point: ransomware is a threat to all – national security, public safety, and economic prosperity. I’m proud that Criminal Division prosecutors have taken on so much responsibility in responding to this threat to public safety and our national and economic security. Deputy Attorney General Monaco described what we are up against perfectly when she referred to it as a “blended threat.” Some national security threats come from nations. Some come from “nation-states and criminal gangs forming alliances of convenience and working together.” And some come from criminal groups working alone and the disastrous consequences of their hacks.
For example, in May 2021, criminals in a ransomware group targeted Colonial Pipeline, resulting in critical infrastructure being taken out of operation. That was a blended threat. The Department, weeks later, announced that it had seized bitcoins, valued at approximately $2.3 million, that allegedly represent the proceeds of the Colonial Pipeline ransom payment. That response to the blended threat was the result of the hard work of attorneys in CCIPS, in MLARS, in the U.S. Attorney’s Office for the Northern District of California, and in the Justice Department’s National Security Division.
As Criminal Division prosecutors work on cyber cases, identifying opportunities for arrests and other disruptions, they must work together with other government agencies addressing the ransomware problem. But I also want to salute our colleagues in the National Security Division, or NSD, for the excellent partnership.
CCIPS and NSD have enjoyed close collaboration ever since NSD was founded. NSD has, in the last decade, brought the disruption-first strategy the AAG described earlier to the cyber threats posed by foreign nation-states and their proxies. The Criminal Division has eagerly supported this work, sending detailees to NSD and helping it build some important cases.
CCIPS also assisted in some of their recent online disruption operations, including the May 2023 disruption of FSB malware known as Snake and the April 2022 disruption of the Cyclops Blink malware.
We were excited that NSD recently consolidated its cyber disruption work into a single office, named NatSec Cyber, and we look forward to that office’s growth and success, and our continued partnership.
Let me end with two things. First, I want to thank Kenneth for his kindness, his friendship, and his outstanding leadership of the Criminal Division. Kenneth, you are an amazing leader and colleague and a dear friend, and we will miss you. And all of us at the Criminal Division wish you and your family all the best.
Second, I would like to note how much work remains for us to do. We in the Department of Justice are acutely aware of how serious the cybercrime problem is. We also understand how much responsibility has been placed in the Department to disrupt cyberattacks and, when possible, to bring cybercriminals to justice. I hope that our work, and our announcement today, shows how we plan to execute that responsibility.
Thank you so much for hosting us today.