New RFJ Program Offers Cash Reward for Information
The U.S. Department of State’s Rewards for Justice (RFJ) has started a program that offers a reward of up to $10 million for information leading to the identification or location of cybercriminals or anyone who violates the Computer Fraud and Abuse Act (CFAA).
Such parties include anyone who participates in malicious activities against U.S. critical infrastructure while under the control of a foreign government.
“Certain malicious cyber operations targeting U.S. critical infrastructure violate the CFAA. Violations of the statute include transmitting extortion threats as part of ransomware attacks; intentional unauthorized access to a computer or exceeding authorized access and thereby obtaining information from any protected computer; knowingly causing the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causing damage without authorization to a protected computer,” says the post on the Federal Government’s official website Rewards for Justice.
CFAA Emphasizes Seriousness of Unauthorized Access
The Computer Fraud and Abuse Act (CFAA) is a cybersecurity bill enacted in 1984 as an amendment to an existing computer fraud law. This was originally included in the Comprehensive Crime Control Act of 1984. This law prohibits accessing a computer without authorization or by forcing/bypassing authorization.
There have been criminal convictions for CFAA violations in the context of breaking contracts or terms of service violations, but many cases have been considered misdemeanors. However, misdemeanors can be turned into felonies with certain actions (i.e. sharing passwords, copyright infringements, etc.).
The RFJ’s program addresses heavier threats, such as the malicious parties responsible for recent ransomware attacks on U.S. infrastructure.
CFAA violations for this program include:
- Transmitting extortion threats as part of ransomware attacks
- Intentionally gaining access to a restricted computer without authorization
- Bypassing authorized access to obtain information from protected computers
- Knowingly causing the transmission of any program, code, or command that results in damage to a protected computer without authorization
Any intentional effort put towards an attack on a protected device is a violation of CFAA.
Protected computers include:
- U.S. government computers
- Financial institution computers
- Computers used in or affecting interstate or foreign commerce and communication
SEE ALSO CIA Launches Dark Web Onion Site
How to Report and Possible Protections
The RFJ has set up a tip line that takes into account the possible harm that could befall someone reporting viable information. The RFJ understands that in order to know the details they are looking for, they would most likely be looking for those with an intimate understanding of the goings-on within a hacker gang or cybercriminal group. The consequences that such individuals could face would potentially be life-threatening.
For this reason, the RFJ keeps in mind the need to protect the safety and security of their sources. Depending on the individual making the report, the RFJ is prepared to provide possible relocation for those who need to flee or disappear after making their report. They are also willing to pay rewards in cryptocurrency for individuals who must remain completely anonymous.
If anyone has any information regarding foreign malicious cyber activity that targets U.S. critical infrastructure, you should contact the RFJ office through this Tor-based tips-reporting channel (you will need a Tor browser to access it):