U.S. recovers $2.3 million from Colonial Pipeline ransomware attack

By Sarah N. Lynch

WASHINGTON (Reuters) -The U.S. Justice Department on Monday said it recovered some $2.3 million worth of cryptocurrency from the Colonial Pipeline Co ransomware attack.

U.S. Deputy Attorney General Lisa Monaco said investigators had seized 63.7 Bitcoins, now valued at about $2.3 million, paid by Colonial after last month’s hack that led to massive shortages at gas stations along the East Coast just as the summer driving season began.

The Justice Department has “found and recaptured the majority” of the ransom paid by Colonial, Monaco said. Colonial Pipeline had said it paid the hackers nearly $5 million to regain access.

Last month, a cyber criminal group that U.S. authorities said operated from Russia penetrated the pipeline operator on the U.S. East Coast, locking its systems and demanding a ransom.

The hack caused a shutdown lasting several days, leading to a spike in gas prices, panic buying and localized fuel shortages in the U.S. Southeast.

The White House urged corporate executives and business leaders last week to step up security measures to protect against ransomware attacks after the Colonial attack and later intrusions that disrupted operations at a major meatpacking company.

Commerce Secretary Gina Raimondo said on Sunday the Biden administration was looking at all options to defend against ransomware attacks and that the topic would be on the agenda when President Joe Biden meets with Russian President Vladimir Putin this month.

(Reporting by Sarah N. Lynch, Jan Wolfe, Tim Ahmann, and Christopher Bing in Washington and Stephanie Kelly in New York; Writing by Mohammad Zargham and Lisa Lambert; Editing by Howard Goller)

U.S. Justice Department considers law to address domestic terrorism, official says

By Mark Hosenball and Mica Rosenberg

WASHINGTON (Reuters) – The Justice Department is looking into ways to tighten federal criminal law to make it easier to prosecute alleged domestic terrorists, a top Justice Department official told Congress on Thursday.

Brad Wiegmann, deputy chief of the Justice Department’s national security division, noted that U.S. federal prosecutors can charge suspected foreign militants with “material support for terrorism,” but that there is no parallel law prosecutors can use against suspected domestic terrorists.

Legal experts have suggested that disparity should be addressed following the deadly Jan. 6 riot at the U.S. Capitol by supporters of Donald Trump.

“That is something that we are thinking about,” Wiegmann told a House appropriations subcommittee hearing. But he added: “We haven’t reached any conclusions on that yet.”

The power to change the law rests with Congress, not President Joe Biden’s administration. But Biden, whose Democrats narrowly control both houses of Congress, has made tackling domestic terrorism a priority.

“We won’t ignore what our intelligence agencies determine to be the most lethal terrorist threat to our homeland today, white supremacy is terrorism,” Biden said in his first speech to a joint session of Congress on Wednesday.

John Godfrey, a senior State Department counterterrorism official, told a separate House Homeland security subcommittee hearing on Thursday that U.S. diplomatic posts had reported rising concerns about links between racially and ethnically motivated violent extremism in the United States and Europe. He added that groups had encouraged individuals to join the military or law enforcement agencies to gain training that could be used to target perceived enemies.

(Reporting By Mark Hosenball and Mica Rosenberg; Editing by Bill Berkrot)

U.S. Justice Department ends Trump-era limits on grants to ‘sanctuary cities’

By Sarah N. Lynch

WASHINGTON (Reuters) – The U.S. Justice Department has repealed a policy put in place during Donald Trump’s presidency that cut off hundreds of millions of dollars in grants to sanctuary cities that limit cooperation with federal immigration authorities.

In an internal memo seen by Reuters, acting head of the Office of Justice Programs Maureen Henneberg said that prior grant recipients, including cities, counties and states that were recipients of the department’s popular $250 million annual grant program for local law enforcement, will no longer be required to cooperate with U.S. Immigration and Customs Enforcement as a condition of their funding.

She also ordered staff to take down any pending Justice Department grant applications with similar strings attached and start the process over again.

In the memo, Henneberg, who leads the department’s largest grant-making arm, said she had instructed staff to “pull down and revise all solicitations that describe requirements or priority consideration elements or criteria pertaining to immigration.”

“These solicitations will be reposted and grantees will be required to reapply,” she added.

It is one of a series of decisions by Attorney General Merrick Garland, an appointee of President Joe Biden, to break with policies put in place during the Trump administration. In another high-profile move, the Justice Department has stepped up investigations of U.S. police departments that face charges of brutality or discriminatory tactics.

Shortly after being sworn in, Biden overturned a Trump executive order that had allowed the Justice Department to pressure cities that refused to notify federal immigration authorities when people living in the U.S. illegally have been detained for criminal violations, including minor ones.

Garland on April 14 ordered the department to begin to implement the change.

LEGAL BATTLES PAUSED

The policy reversal marks a major victory for states and cities that have been unable to access awards they received through the Edward Byrne Memorial Justice Assistance Grants program, known as “Byrne JAG.”

Named for a New York City police officer killed in the line of duty, the Byrne JAG grant program is the Justice Department’s leading source of reimbursement to state and local law enforcement to pay for a variety of initiatives, from prosecutions and corrections programs, to drug and mental health treatment centers.

In fiscal year 2020, the program doled out more than $253 million in grants.

Trump made cracking down on immigration, legal and illegal, a centerpiece of his administration.

Some cities and states resisted his efforts by adopting “sanctuary” policies, arguing that close cooperation between local law enforcement and federal immigration authorities can deter immigrants from coming forward to report crimes.

The fight to withhold Byrne JAG grant money prompted numerous lawsuits, as jurisdictions, including Chicago, New York, Philadelphia and San Francisco sued the Justice Department on the grounds that withholding the money was unlawful.

In one of those lawsuits brought by New York state, New York City and six other states, the U.S. Court of Appeals for the Second Circuit in February 2020 sided with the Trump administration and ruled it was entitled to withhold millions in grant money.

The plaintiff states appealed to the Supreme Court, but the appeal was later withdrawn after Biden won the 2020 election.

The Justice Department and the plaintiffs jointly asked a federal judge in March to put the matter on hold, while the department finished reviewing the grant conditions at the heart of the case.

The New York Attorney General’s office said that during the last four years, the state hasn’t been able to tap more than $30 million in grant money from the Justice Department as a result of the pending litigation.

The Justice Department’s decision to cease using immigration-related criteria will apply to all of the department’s grants, according to the memo, as well as notices posted by several other Justice Department offices that award grants.

(Reporting by Sarah N. Lynch; Editing by Scott Malone, Aurora Ellis and Steve Orlofsky)

Ford says U.S. Justice Dept., California end probe into emissions issue

By David Shepardson

WASHINGTON (Reuters) – Ford Motor Co confirmed on Friday the U.S. Justice Department and California Air Resources Board have closed a lengthy investigation into the No. 2 U.S. automaker’s emissions certification process without taking any action.

Ford said in a securities filing that reviews by the U.S. Environmental Protection Agency and Environment and Climate Change Canada remain open.

Ford first disclosed the criminal probe in April 2019 and earlier hired outside law firm Sidley Austin and experts to investigate its vehicle fuel economy and testing procedures after employees raised concerns about analytical modeling that is part of its fuel economy and emissions compliance process.

Ford said Friday the investigations’ closure was “consistent with the company’s own investigation and conclusion that we appropriately completed our certification processes.”

Ford declined to releasing findings from its own investigation and said it has not changed any fuel economy ratings as a result.

Ford faces a class-action lawsuit from owners who claim Ford “cheated on its fuel economy testing on some of its best-selling and most popular trucks” and said the issue affected over a million Ford truck owners.

The lawsuit claims that “independent testing conducted on Ford F-150 and Ford Ranger vehicles has vindicated the concerns of both consumers and Ford’s own employees: Ford did not follow appropriate coastdown testing procedures, and instead disclosed inaccurate resistance figures to increase the MPG Rating of its F-150 and Ranger vehicles.” Coastdown testing measures the effects of wind and road resistance on a coasting vehicle.

The lawsuit said “extra fuel costs for all 2018 and 2019 F-150s” would total approximately $2.32 billion for city driving, $2.09 billion highway, and $1.9 billion combined.”

Ford declined to comment on the lawsuit Friday but argues in court papers it should be dismissed, saying owners are “implausibly claiming that Ford had a duty to disclose the ‘true fuel economy’ for the subject vehicles, as if such a figure actually exists.”

(Reporting by David Shepardson; Editing by Steve Orlofsky)

U.S. Justice Department to propose changes to internet platforms immunity: source

By David Shepardson and Ayanti Bera

WASHINGTON (Reuters) – The U.S. Justice Department will unveil later on Wednesday a proposal that seeks to limit legal protections for internet platforms on managing content, a person briefed on the matter confirmed.

The proposal, which takes aim at Facebook Inc, Twitter Inc and Alphabet Inc’s Google, would need congressional approval and is not likely to see action until next year at the earliest.

President Donald Trump in May signed an executive order that seeks new regulatory oversight of tech firms’ content moderation decisions and backed legislation to scrap or weaken the relevant provision in the 1996 Communications Decency Act, Section 230.

Trump will meet on Wednesday with a group of state attorneys general amid his criticism of social media companies. Twitter has repeatedly placed warning labels on Trump tweets, saying they have included potentially misleading information about mail-in voting.

Trump will meet with state attorneys general from Texas, Arizona, Utah, Louisiana, Arkansas, Mississippi, South Carolina and Missouri – like Trump, all Republicans – according to a person briefed on the matter.

“Online censorship goes far beyond the issue of free speech, it’s also one of protecting consumers and ensuring they are informed of their rights and resources to fight back under the law,” White House spokesman Judd Deere said on Monday.

Trump directed the Commerce Department to file a petition asking the Federal Communication Commission to limit protections under Section 230 after Twitter warned readers in May to fact-check his posts about unsubstantiated claims of fraud in mail-in voting. The petition is still pending.

A group representing major internet companies including Facebook, Amazon.com Inc and Google urged the FCC to reject the petition, saying it was “misguided, lacks grounding in law, and poses serious public policy concerns.”

The Wall Street Journal reported the planned Justice Department proposal earlier.

U.S. Justice Dept. weighs stripping federal funds from cities allowing ‘anarchy’

By Sarah N. Lynch

WASHINGTON (Reuters) – The U.S. Justice Department on Monday threatened to revoke federal funding for New York City, Seattle and Portland, Oregon, saying the three liberal cities were allowing anarchy and violence on their streets.

“We cannot allow federal tax dollars to be wasted when the safety of the citizenry hangs in the balance,” Attorney General William Barr said in a statement.

Spokespeople for the mayors’ offices in all three cities could not be immediately reached for comment.

Many cities across the United States have experienced unrest since the May death of George Floyd. In some cases the protests have escalated into violence and looting.

The federal government has mounted a campaign to disperse the racial justice protests, including by sending federal agents into Portland and Seattle and encouraging federal prosecutors to bring charges.

Last week, the Justice Department urged federal prosecutors to consider sedition charges against protesters who have burned buildings and engaged in other violent activity.

Monday’s threat to revoke federal funds was the government’s latest escalation in its quest to curb the protests.

It comes after President Donald Trump earlier this month issued a memo laying out criteria to consider when reviewing funding for states and cities that are “permitting anarchy, violence, and destruction in American cities.”

The criteria to make the president’s list include things such as whether a city forbids the police from intervening or if it defunds its police force.

In all three cities, the Justice Department said the leadership has rejected efforts to allow federal law enforcement officials to intervene and restore order, among other things.

(Reporting by Sarah N. Lynch; Editing by Steve Orlofsky)

U.S. charges seven in wide-ranging Chinese hacking effort

WASHINGTON (Reuters) – The U.S. Justice Department said on Wednesday it has charged five Chinese residents and two Malaysian businessmen in a wide-ranging hacking effort that encompassed targets from video games to pro-democracy activists.

Federal prosecutors said the Chinese nationals had been charged with hacking more than 100 companies in the United States and abroad, including software development companies, computer manufacturers, telecommunications providers, social media companies, gaming firms, nonprofits, universities, think-tanks as well as foreign governments and politicians and civil society figures in Hong Kong.

U.S. officials stopped short of alleging the hackers were working on behalf of Beijing, but in a statement Deputy Attorney General Jeffrey Rosen expressed exasperation with Chinese authorities, saying they were – at the very least – turning a blind eye to cyber-espionage.

“We know the Chinese authorities to be at least as able as the law enforcement authorities here and in like minded states to enforce laws against computer intrusions,” Rosen said. “But they choose not to.”

He further alleged that one of the Chinese defendants had boasted to a colleague that he was “very close” to China’s Ministry of State Security and would be protected “unless something very big happens.”

“No responsible government knowingly shelters cyber criminals that target victims worldwide in acts of rank theft,” Rosen said.

The Chinese Embassy in Washington did not immediately return an email seeking comment. Beijing has repeatedly denied responsibility for hacking in the face of a mounting pile of indictments from U.S. authorities.

Along with the alleged hackers, U.S. prosecutors also indicted two Malaysian businessmen, Wong Ong Hua, 46, and Ling Yang Ching, 32, who were charged with conspiring with two of the digital spies to profit from computer intrusions targeting video game companies in the United States, France, Japan, Singapore and South Korea.

The Justice Department said the pair operated through a Malaysian firm called SEA Gamer Mall. Messages left with the company were not immediately returned. Messages sent to email addresses allegedly maintained by the hackers also received no immediate response.

U.S. Assistant Attorney General for National Security John Demers said on Wednesday that the Malaysian defendants were in custody but were likely to fight extradition.

The Justice Department said it has obtained search warrants this month resulting in the seizure of hundreds of accounts, servers, domain names and “dead drop” Web pages used by the alleged hackers to help siphon data from their victims.

The Department said Microsoft Corp. had developed measures to block the hackers and that the company’s actions “were a significant part” of the overall U.S. effort to neutralize them. Microsoft did not immediately return a message seeking comment.

(Reporting by David Shepardson, Susan Heavey, Raphael Satter and Mark Hosenball in Washington; Editing by Chizu Nomiyama and Matthew Lewis)

U.S. Justice Department unveils reforms for FBI wiretap applications

By Sarah N. Lynch

WASHINGTON (Reuters) – The U.S. Justice Department said on Tuesday it was implementing new compliance reforms at the FBI to minimize errors when it applies for wiretaps, following revelations it made numerous mistakes during its probe into President Donald Trump’s 2016 election campaign.

Attorney General William Barr released two new memos outlining sweeping changes, including the creation of a new internal auditing office as well as a list of additional steps the FBI must undertake before filing an application with the Foreign Intelligence Surveillance Court.

Under the new protocol, if the FBI is seeking to monitor communications of an elected official or candidate, the director must first consider offering the target a defensive briefing, and the wiretap application must be approved by the Attorney General.

“The additional reforms announced today, which we worked on closely with the Attorney General’s office, will build on the FBI’s efforts to bolster its compliance program,” FBI Director Christopher Wray said in a statement.

The reforms could help take some heat off the bureau, which has been under fire for missteps in its early-stage investigation known as “Operation Crossfire Hurricane” into whether Trump’s 2016 presidential campaign colluded with Russia.

In December, the department’s inspector released a major report scrutinizing the FBI’s FISA applications to spy on Carter Page, a former Trump campaign adviser.

He uncovered 17 major mistakes in the FBI’s applications – errors that were so substantial, they prompted a Foreign Intelligence Surveillance Court judge to issue a rare public rebuke of the FBI.

His findings have also since led to criminal charges against former FBI attorney Kevin Clinesmith, who in August pleaded guilty to doctoring in email used as a basis to renew an application to monitor Page.

Judge exempts journalists, legal observers from Portland protest dispersal orders

By Kanishka Singh

(Reuters) – A U.S. judge granted a preliminary injunction on Thursday against federal officers, exempting journalists and legal observers from orders to disperse after the officers declare riots at Portland protests.

The 61-page order prohibited federal officers from seizing any “photographic equipment, audio- or video recording equipment, or press passes” from reporters and legal observers.

A lawyer from the U.S. Justice Department had argued that the press does not hold any special right when police declare an unlawful assembly or riot and order crowds to break up.

“If military and law enforcement personnel can engage around the world without attacking journalists, the federal defendants can respect plaintiffs’ First Amendment rights in Portland,” U.S. District Judge Michael Simon said in the order filed in the United States District Court for Oregon.

Protests against racism and police brutality have swept the United States since the death on May 25 of George Floyd, a 46-year-old African-American man, after a white police officer knelt on his neck for nearly nine minutes.

The protests, including those in Portland, have occasionally erupted in arson and violence, and federal officers sent into the northwestern city have repeatedly clashed with crowds targeting its federal courthouse.

Portland Police had declared a riot for a second successive night on Wednesday and said they had fired crowd control munitions and tear gas to break up a gathering of about 200 people who threw rocks, lit fires and vandalized a U.S. immigration agency building.

Thursday’s order came in a class-action lawsuit filed by the American Civil Liberties Foundation of Oregon, which called it “a crucial victory” for civil liberties and press freedom.

Separately on Thursday, Portland Police issued a timeline of protests, showcasing they had declared riots 17 times between May 29 and Aug. 19.

(Reporting by Kanishka Singh in Bengaluru; Editing by Shri Navaratnam)

U.S. accuses Chinese nationals of hacking spree for COVID-19 data, defense secrets

By Raphael Satter and Christopher Bing

WASHINGTON (Reuters) – The U.S. Justice Department on Tuesday indicted two Chinese nationals over their role in what the agency called a decade-long cyber espionage campaign that targeted defense contractors, COVID researchers and hundreds of other victims worldwide.

U.S. authorities said Li Xiaoyu and Dong Jiazhi stole terabytes of weapons designs, drug information, software source code, and personal data from targets that included dissidents and Chinese opposition figures. The cyber criminals were contractors for the Chinese government, rather than full-fledged spies, U.S. officials said.

U.S. Assistant Attorney General for National Security John Demers said at a virtual press conference the hackings showed China “is willing to turn a blind eye to prolific criminal hackers operating within its borders.”

“In this manner, China has now taken its place, alongside Russia, Iran, and North Korea, in that shameful club of nations that provides safe haven for cyber criminals in exchange for those criminals being on call for the benefit of the state.”

Messages left with one of several accounts registered in the name of Li’s digital alias, oro0lxy, were not immediately returned. Reuters could not immediately locate contact details for Dong. The Chinese Embassy in Washington did not immediately return a message seeking comment, although Beijing has repeatedly denied hacking the United States.

The indictment mostly did not name any companies or individual targets, but U.S. Attorney William Hyslop, who spoke alongside Demers, said there were “hundreds and hundreds of victims in the United States and worldwide.” Officials said the investigation was triggered when the hackers broke into a network belonging to the Hanford Site, a decommissioned U.S. nuclear complex in eastern Washington state, in 2015.

Li and Dong were “one of the most prolific group of hackers we’ve investigated,” said FBI Special Agent Raymond Duda, who heads the agency’s Seattle field office.

A July 7 indictment made public on Tuesday alleges that Li and Dong were contractors for China’s Ministry of State Security, or MSS, a comparable agency to the U.S. Central Intelligence Agency. The MSS, prosecutors said, supplied the hackers with information into critical software vulnerabilities to penetrate targets and collect intelligence. Targets included Hong Kong protesters, the office of the Dalai Lama and a Chinese Christian non-profit.

As early as Jan. 27, as the coronavirus outbreak was coming into focus, the hackers were trying to steal COVID-19 vaccine research of an unidentified Massachusetts biotech firm, the indictment said.

It is unclear whether anything was stolen but one expert said the allegation shows the “extremely high value” that governments such as China placed on COVID-related research.

“It is a fundamental threat to all governments around the world and we expect information relating to treatments and vaccines to be targeted by multiple cyber espionage sponsors,” said Ben Read, a senior analyst at cyber-security company FireEye.

He noted that the Chinese government had long relied on contractors for its cyber-spying operations.

“Using these freelancers allows the government to access a wider array of talent, while also providing some deniability in conducting these operations,” Read said.

(Reporting by Chris Sanders; Editing by Chizu Nomiyama and Richard Chang)