Disruptive Technology Task Force Enforcement Actions

Disruptive Technology Task Force Enforcement Actions
Disruptive Technology Task Force Enforcement Actions
Photo by Nicolas Foster

The Disruptive Technology Task Force was launched in February of 2023 by the Department of Commerce, the Department of Justice, and the Federal Bureau of Investigation in an effort to prevent the unlawful acquisition of advanced technologies by foreign adversaries.  To date this effort has resulted in numerous cases being filed against parties involved in sanctions and export control violations.  These offenses involved the unlawful transfer of sensitive information, articles, and military-grade technology to China, Iran, and Russia.

Disruptive Technology Task Force Cases in 2023

Half of the task force cases in the last year involved the attempted export of controlled semiconductors and microelectronics to Russia.  Many of these included components for guided missile systems, Unmanned Aerial Vehicles (UAVs), components for weaponry, components used in cryptography, and nuclear weapons testing.

Cases involving exports to Russia were accomplished by the task force in partnership with the interagency law enforcement group, Task Force KleptoCapture.  This group is comprised of agencies in the United States and its allies

Three cases involved individuals attempting to procure controlled technologies for Iran or Iranian end users.  These cases involved items and technologies associated with military products, aerospace, firefighting, UAV’s, and materials used for weapons of mass destruction.

In an additional three cases, the task force charged former employees of U.S. companies with stealing proprietary and confidential information.  These cases were all related to attempts to transfer advanced technologies to the People’s Republic of China.  Technologies involved in these cases included missile detection equipment, advanced manufacturing software, and Apple source code.  A fourth case involving a Belgian national, involved the export of military grade accelerometers.

Measures Taken to Enhance Enforcement

A number of partnerships have been formed to further enhance enforcement efforts. 

  • The Disruptive Task Force added the Defense Criminal Investigative Service as a formal partner.
  • It added multi-agency enforcement teams to specific areas in the United States where critical technology industries are present.
  • The Strike Force created a partnership with the Ukrainian Prosecutor General to curb the illegal flow of advanced technology to Russia.
  • The Department of Commerce, Department of Justice, along with leaders from Japan and South Korea established a Disruptive Technology Protection Network to expand information sharing and best enforcement practices.
  • The strike force fostered partnerships with the private sector to engage directly with companies involved in the manufacture and export of controlled items.
  • Five Eyes export control agreement was formed to enhance the security concerns of Australia, Canada, New Zealand, the United Kingdom, and the United States by formally committing to coordinate export control enforcement efforts.

A Call to Actions for Businesses Involved in Export

The continued vigilance of the Disruptive Technology Strike Force enforcement illustrates the Bureau of Industry and Security’s (BIS) commitment protecting sensitive technologies.  Besides partnering with U.S. enforcement agencies, the Commerce Department has shown a commitment to working with international agencies to protect national security and foreign policy concerns. 

Enforcement activities have resulted in more severe civil and criminal penalties.  In 2023, these activities have resulted in a record number of convictions, and denial orders.  Additionally, numerous parties were placed on the Specially Designated Nationals, Blocked Persons, and Entity Lists, effectively ending their ability to conduct lawful business.

Businesses must ensure that they do not violate export regulations by enacting viable Export Compliance Management Programs (ECMP).   These programs are a requirement for both the Export Administration Regulations and the International Traffic in Arms Regulations (ITAR).  While most businesses involved with the ITAR have been proactive in compliance, many involved with the export of dual-use goods enumerated in the EAR have been less diligent.

Export Compliance Management Programs establish clearly defined policies and procedures for all departments within an organization.  They ensure that registration, item classifications, license applications, denied part screening, and security measures are taken that will prevent violation.  They also ensure that training, auditing, and record keeping are maintained according to requirements.

CVG Strategy Export Compliance Management Programs

Export Compliance is an important subject for businesses engaged in sales of items that are intended for international sales or could result in international sales.  Failure to comply with export control laws can result in criminal prosecution including imprisonment and fines.  It can also result in civil penalties and disbarment from export activities. 

CVG Strategy can help you in understanding Export Administration Regulations and establishing a coherent and effective export compliance system.   We can perform export control classifications, perform audits, and educate your team.  Regardless of whether your business falls under EAR or ITAR, CVG Strategy has the expertise to help.  Contact Us with you export regulation questions.

Lockbit Extorsion Operation Interrupted by Operation Cronos

lockbit extorsion operation
lockbit extorsion operation
Photo by Kevin Ku

The Lockbit extorsion operation was taken down by an international law enforcement effort called “Operation Cronos”.  This action included participation of the FBI, the National Crime Agency of the UK (NCA), and Europol among other organizations. 

Actions taken include the UK,s National Crime Agency taking control of the ransomware’s site and the arrest of at least four individuals.  Two individuals were arrested in Poland and Ukraine and two others had been detained in the U.S.  Two other Russian nationals are still at large.

Operation a Major Blow to Lockbit

The strike included gaining control of the central infrastructure of the organization and the seizing of source code.  The agencies also obtained encryption keys that will assist victims decrypt their data and retrieve their data.  Europol reported that enforcement efforts had resulted in the take down of over thirty servers in nine different countries.

History of Cybercriminal Group

Lockbit is a network of cybercriminals that has targeted thousands of organizations in a variety of sectors including manufacturing, government, energy, financial services, and health care.  To date, Lockbit had hacked into over 2,000 systems and raked in over $120 million dollars in ransom from their victims.

Lockbit has been the most common form of ransomware in the last two years.  The group has run a Ransomware as a sophisticated and highly organized Ransomware as a Service (RaaS) operation since 2020.  RaaS platforms offer ransomware products on subscription or commission basis.

The organization is thought by many experts, to have originated in Russia, though the group has claimed no national affiliation and has claimed to only be engaged in its activities for financial gain.  The group operates by recruiting hackers to use Lockbit’s various tactics, techniques, and procedures to compromise major organizations worldwide.

Many victims of the Lockbit extorsion operation have been additionally extorted by threats to publish sensitive information.  The resulting ransom payments are usually made in cryptocurrencies which makes tracing the payments difficult.

Ransomware a Growing Concern

Ransomware is the largest cyberattack threat to industrial organizations in North America.  There has been a continuing growth in the number of attacks in the last several years.  While the Lockbit ransomware group has been the leader in this area, a number of other actors such as 8Base, Akira, and Black Blasta have been active players. 

It is expected that this trend will continue to escalate as these groups utilize AI in increasingly targeted attacks in conjunction with social engineering and phishing techniques.  Targeted entities tend to be government agencies and large business concerns.  Experts expect that increased attacks will occur in the health, education, and energy sectors.

Enforcement Agencies Respond

The Department of Justice in conjunction with other law enforcement agencies have been engaged in the infiltration of cybercrime groups.  In the United States, the FBI has been particularly active in these efforts with successes against the Hive network in 2023.  As with the actions taken against Lockbit, the FBI partnered with law enforcement agencies in other countries.  The Hive infiltration involved ransoms of $130 million and also resulted in the capture of decryption keys which were made available to victims to retrieve stolen data.

CVG Strategy Cybersecurity 

While the disruption of the Lockbit extorsion operation is a promising development, the successes of ransomware attacks illustrate the vulnerabilities of organizational information.  Successful hacks of this sort are often the result of exploiting humans into opening infected emails or visiting infected sites. 

Businesses and government agencies must develop effective data protection strategies.  These strategies should include policies that incorporate risk assessment, training, and management review.  CVG Strategy consultants provide training to make your entire team aware of cyberattacks and how to employ processes to prevent these threats.  We can assist with reviews of policies, risk assessment approaches, and best practices to build management systems capable of handling complex cybersecurity requirements.

Our ISMS consulting services help organizations plan, create, upgrade, and certify a robust and effective Information Security Management System (ISMS).  Our team of experts bring extensive experience and deep information security process control expertise (including certifications as Exemplar Global Lead Auditor ISO/IEC 27001:2013 Lead Auditor) to ensure that you achieve ISO 27001 certification—on time and on budget.

CVG Strategy is also committed to the goals of CMMC in securing our defense manufacturing supply chain’s information secure.  As industry leaders in cybersecurity, ITAR, and risk-based management systems.  We have experience with companies of all sizes and understand the importance of innovating flexible approaches to meeting the requirements CMMC, establishing effective programs, and achieving certification.