Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


End of Bibblio RCM includes -->

State Dept. to Pay Up to $10M for Information on Foreign Cyberattacks

The Rewards for Justice program, a counterterrorism tool, is now aimed at collecting information on nation-states that use hackers to disrupt critical infrastructure.

The United States will pay up to $10 million for information on cyberattacks against critical infrastructure that violate the nation's anti-hacking statute, the Computer Fraud and Abuse Act (CFAA), and that are carried out "at the direction or under the control of a foreign government," the US Department of State announced on July 15.

Related Content:

Can Government Effectively Help Businesses Fight Cybercrime?

Special Report: Building the SOC of the Future

New From The Edge: Navigating Active Directory Security: Dangers and Defenses

The State Department's Rewards for Justice office will run the program, operating a Tor-based tip channel to receive information on potential foreign-directed hacking and sifting through information with a number of other government partners. The agency listed ransomware extortion, hacking or exceeding authorization on any protected computers, and transmitting malicious code as potential violations that — if conducted by a foreign agent — would constitute a relevant cyber threat.

The fund will pay up to $10 million "for information leading to the identification or location of any person who, while acting at the direction or under the control of a foreign government, participates in malicious cyber activities against U.S. critical infrastructure," the State Department said in a statement.

The bounty offer comes as cyberattacks against US and European infrastructure and companies have ratcheted up. In early May, oil and gas transport network Colonial Pipeline paid $4.4 million to recover from a ransomware attack that had disrupted pipeline operations for more than a week, leading to gas shortages in the southeastern United States. In late May, meat producer JBS USA acknowledged that the company had been hit with a ransomware attack, delaying food shipments. And on July 2, Russia-linked ransomware group REvil launched an attack on a zero-day vulnerability in Kaseya Virtual System Administrator (VSA) servers used by many managed service providers, affecting more than 1,500 businesses

The US government has made responding to the attacks a priority, with the Biden administration putting pressure on Russian President Vladimir Putin to act. The State Department's offer to pay for leads and evidence linking countries to serious cyberattacks could make taking action against bad actors easier, Mike Hamilton, founder and chief information security officer at Critical Insight, says in a statement sent to Dark Reading.

"It appears to be an attempt to short-cut the process of detailed attribution that is necessary to implicate a foreign government in collusion or cooperation with organized crime," he says. "If the US government can incentivize someone to provide evidence of such, paying out $10 million is probably a good deal considering the resources we bring to bear with the intelligence community for the same outcome."

However, the approach also has significant downsides. While the reward program will likely produce leads, sifting through those leads to find verifiable evidence will consume a great deal of resources, Austin Berglas, global head of professional services at cybersecurity services firm BlueVoyant and a former FBI assistant special agent in charge of the New York Office Cyber Branch, says in a statement sent to Dark Reading.

"The difficulty is the amount of resources that will be necessary to separate the 'signal' from the 'noise' and identify the legitimate tips," he says, adding that "if there was an arrest made and follow-on prosecution — based on an anonymous lead — investigators will have to be able to provide evidence of the crimes alleged by the anonymous party."

He also says that such offers could produce dissension in the ransomware community with rival groups trying to get information on each other, potentially reducing competition. Yet in many cases, the members of those groups will be in countries that will not extradite them, Berglas says. 

"[W]e still have to overcome the safe harbor provided by Russia and others," he says. "There are numerous existing cases where warrants are obtained and red notices are disseminated for criminals residing in these countries."

The US government has already issued indictments for hacking against 12 Russian nationals for their operations interfering the US elections and against another six Russian military officers for a variety of attacks, including disrupting Ukraine's power grid and the NotPetya ransomware attack. None of those indicted have been delivered to the United States to stand trial.

The State Department Rewards for Justice program is not new. Since 1984, the program has paid more than $200 million to more than 100 people worldwide who provided information on terrorist threats and threats to national security, according to the State Department.

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
Everything You Need to Know About DNS Attacks
It's important to understand DNS, potential attacks against it, and the tools and techniques required to defend DNS infrastructure. This report answers all the questions you were afraid to ask. Domain Name Service (DNS) is a critical part of any organization's digital infrastructure, but it's also one of the least understood. DNS is designed to be invisible to business professionals, IT stakeholders, and many security professionals, but DNS's threat surface is large and widely targeted. Attackers are causing a great deal of damage with an array of attacks such as denial of service, DNS cache poisoning, DNS hijackin, DNS tunneling, and DNS dangling. They are using DNS infrastructure to take control of inbound and outbound communications and preventing users from accessing the applications they are looking for. To stop attacks on DNS, security teams need to shore up the organization's security hygiene around DNS infrastructure, implement controls such as DNSSEC, and monitor DNS traffic
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences. Cross site scripting (XSS) can be triggered by review volumes. This issue has been fixed in version 4.4.7.
PUBLISHED: 2023-05-26
Django-SES is a drop-in mail backend for Django. The django_ses library implements a mail backend for Django using AWS Simple Email Service. The library exports the `SESEventWebhookView class` intended to receive signed requests from AWS to handle email bounces, subscriptions, etc. These requests ar...
PUBLISHED: 2023-05-26
Highlight is an open source, full-stack monitoring platform. Highlight may record passwords on customer deployments when a password html input is switched to `type="text"` via a javascript "Show Password" button. This differs from the expected behavior which always obfuscates `ty...
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Old CVE fixed the XSS in label HTML but didn’t fix it when clicking save. This issue was...
PUBLISHED: 2023-05-26
GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file