U.S. offers $10 million for tips on foreign hackers

Sheila Zabeu -

July 27, 2021

A reward of up to US$ 10 million is what the US State Department intends to pay for those who report malicious activity against the country’s critical infrastructure, with details leading to the identification or location of people acting on behalf of a foreign government. The initiative is part of the Rewards for Justice (RFJ) program created in 1984 and administered by the US Diplomatic Security Service.

“The purpose of the FRY is to bring international terrorists to justice and to prevent acts of international terrorism against US persons or property,” the Diplomatic Security Service describes.

Criminal actions may include, for example, extortion as part of ransomware attacks, theft of information from protected systems, and knowingly transmitting programs, data, code, or commands that may intentionally cause damage to protected computers. Such computers may be those of US financial and government institutions, but also those used in interstate commerce or communication or with foreign agents.

Malicious cyber activities that lodge in critical infrastructures, such as intentional unauthorized access to a computer and transmission of extortion threats as part of ransomware attacks, can be considered a violation of the Computer Fraud and Abuse Act (CFAA).

The RFJ program has set up a reporting channel on the Dark Web (based on Tor) to protect the safety of possible sources. The initiative also includes partners from various agencies to enable the rapid processing of information, as well as the possible payment of rewards that could be made in cryptocurrencies.

The RFJ program claims that since its inception it has paid out more than $200 million to more than 100 people around the world who, with their information, have helped prevent terrorist actions, bring terrorist leaders to justice, and deal with threats to the US national security.

Another US government initiative to combat cyber activities against the nation’s critical infrastructure and business sectors has been the creation of a federally funded website aimed at helping public and private entities protect themselves from ransomware attacks. StopRansomware.gov includes tools and content from the Cybersecurity and Infrastructure Security Agency (CISA), the Secret Service, the FBI, the Commerce Department’s National Institute of Standards and Technology (NIST), and the Departments of Treasury and Health and Human Services.

For those who have been the victim of a ransomware attack, a list of actions to contain and eradicate the effects of the hacker’s action is available on the website. Those who wish to learn about prevention measures will find content covering best practices, services, and training. The United States Secret Service provides guidance on how and where to report cyber incidents.

It will over time gather specific guidance for 16 critical infrastructure sectors, including Energy, Food, Healthcare, and Information Technology, which have been targeted by recent ransomware attacks, but the site warns that generic measures should be implemented now.