November 22, 2024

Crypto regulations are on the front burner this week

Good morning! I’m sitting in for Tim this morning and thankful I didn’t have to monitor any flight info yesterday. More below on the apparent Russian hack that knocked more than a dozen airport websites offline yesterday.

Below: Officials say flight operations weren’t affected by pro-Russian hackers’ denial-of-service attacks and in a speech today, the U.K. intelligence chief will warn about China’s use of technology. 

Watch for new global rules for cryptocurrency, used by criminals to profit off cyber attacks

Washington is the center of the world for the cryptocurrency industry this week, as top crypto executives and global financial regulators converge on the city for a pair of meetings that could indicate how the sector will fit into the broader financial system.  

The meetings come as U.S. law enforcement and national security officials warn that cybercriminals are using cryptocurrencies and tools to profit off cyberattacks and launder their ill-gotten gains. 

U.S. policymakers take the stage first, starting today, as the two-day DC Fintech Week kicks off with speeches from acting comptroller of the currency Michael Hsu and Rostin Behnam, the Commodity Futures Trading Commission chair who has been angling to oversee more of the industry. 

But a potentially bigger reveal will come as soon as Wednesday: The Financial Stability Board, which coordinates international financial regulation, is set to unveil its proposed global rules for crypto amid a conference of Group of 20 finance ministers. The board’s plan is expected to advocate a strict approach to ensuring digital assets don’t pose a systemic risk or allow terrorists and other criminals to fund their exploits. 

  • The group has no formal power to set policy. But it has a track record of pushing its views into force. For one, its recommended capital and liquidity requirements for banks in the aftermath of the global financial crisis helped establish the new standard, Cowen Washington Research analyst Jaret Seiberg wrote in a note to clients. “That gives it clout.” 
  • And U.S. regulators who have called for getting tough on the crypto industry play a key role in the group. “It’s fair to say the U.S. wants to lead on this globally and largely has been leading on it,” said Patrick Dougherty, a former Securities and Exchange Commission lawyer who is now on the board of the Global Digital Asset and Cryptocurrency Association. 

The White House has called for oversight and enforcement in the cryptocurrency space, with officials citing massive North Korean hacks and the use of cryptocurrency in the ransomware ecosystem. President Biden is considering amendments to finance and other laws so that prosecutors can investigate and crack down on criminals using cryptocurrencies, the White House said. 

  • Law enforcement officials have clawed back some ransoms paid to cybercriminals, and the Treasury Department has sanctioned cryptocurrency mixers that have been used by cybercriminals to launder their profits.  But the cryptocurrency industry has been critical of the sanctions on Tornado Cash, a mixer, with cryptocurrency exchange Coinbase bankrolling a lawsuit to challenge the sanctions. 

The crypto industry has won powerful friends in Congress, but federal financial watchdogs remain skeptical. 

  • Just last week, the U.S. supercommittee of financial regulators known as the Financial Stability Oversight Council issued a warning that left unchecked, crypto could grow into a systemic financial threat. 
  • SEC Chairman Gary Gensler, who sits on both that panel and the global board, has drawn criticism from the crypto industry for arguing that existing securities laws give him the authority he needs to police the industry. 

The Financial Stability Board appears primed to make a similar case. Steven Maijoor, who is crafting the group’s policy, told Politico last month that a “lot of the activities in crypto assets and crypto assets markets resemble activities in the traditional financial system and therefore we take the approach: Same activity, same risk, same regulation.”

The board is also set to take a closer look at stablecoins, the digital tokens that peg their value to an external asset such as the dollar. The failure of the Terra stablecoin in May wiped out $40 billion in value and accelerated a downturn in crypto markets, underlining the urgency of establishing rules for issuers of those cryptocurrencies. Yet a congressional push to regulate stablecoins has foundered ahead of the midterm elections. Congress, rather than global regulators, still needs to resolve the matter with clearer rules for the assets, said Dario de Martino, co-head of the fintech and blockchain practice at law firm Allen & Overy.

In the meantime, the Crypto Council for Innovation, an industry group that takes an international approach, warned “a heavy-handed approach could cut this technology off at its knees.” Linda Jeng, the group’s chief global regulatory officer, said in a statement that global coordination “is a good thing. It means companies don’t have dozens of different rules to follow. But we are headed into a web3 economy and we hope they considered the benefits of what a web3 economy can do.”

Flight operations weren’t affected by pro-Russian hackers’ denial-of-service attacks, officials say

Websites for a half dozen U.S. airports went offline after a group of pro-Russian hackers known as Killnet called for coordinated denial-of-service attacks on a list that included U.S. airports, Lori Aratani reports. In denial-of-service attacks, targets are flooded with traffic until they can’t respond or crash.

“Managers at multiple airports said they notified the FBI and the Transportation Security Administration about the cyberattacks,” Lori writes. “In a statement, the FBI said it was aware of the incident but had no additional information. The TSA declined to comment, referring inquiries to individual airports.”

Though the attacks were highly visible, Mandiant Vice President for Intelligence John Hultquist characterized denial-of-service attacks more as a “public nuisance” than a serious cybersecurity threat because they don’t target key internal systems that would affect the operations of an airport. But when such attacks do take place, they’re effective in drawing attention, he said.

The Killnet group has been behind other such attacks, including ones targeting European governments. Last week, the websites of some U.S. states went down after the group took aim at states, NBC News reported.  Ukraine’s government-affiliated volunteer force known as the IT Army has rallied its supporters to launch waves of traffic directed at Russian sites, NBC News reported. 

Former NSA employee who tried sending documents to Russia should be detained pending trial, prosecutors say

The crimes that former National Security Agency information systems security designer Jareh Dalke is being accused of — six counts of trying to send defense documents to Russia — are so serious that Dalke should be detained before his trial, prosecutors said in a filing. Dalke was an NSA employee for a month-long period this year; around a month after he left, he tried to contact Russian agents, prosecutors say.

  • Dalke sent documents on plans to update cryptographic programs, information on U.S. defenses and details about a foreign government’s military capabilities to an undercover FBI agent, prosecutors said.

In a sealed filing, Dalke “appears to concede that he is accused of a serious offense and therefore that he should only be released on the strictest of conditions,” the government said in its filing, noting that Dalke “claims that his background in the military and law enforcement weigh in his favor.” But prosecutors say he betrayed the United States — apparently out of a mix of “profit and ideology” — and needs to be held in custody.

A federal court is set to hold a hearing on Dalke’s detention today. Dalke’s attorneys didn’t respond to a request for comment.

U.K. intelligence chief to warn about China’s use of technology

GCHQ Director Jeremy Fleming will warn in a speech today that China’s pursuit of digital currencies and satellite systems could allow the country’s government to easily track its citizens, NBC News‘s Dan De Luce reports. Fleming is set to deliver the China-focused remarks at the Royal United Services Institute think tank.

U.S. and U.K. officials have been warning that China’s government poses a significant threat to the United States. In July, FBI Director Christopher A. Wray and MI5 Director General Ken McCallum warned that Western firms and governments are under relentless pressure from the Chinese government.

Fleming also plans to discuss Russia’s invasion of Ukraine, De Luce reports. “Far from the inevitable Russian military victory that their propaganda machine spouted, it’s clear that Ukraine’s courageous action on the battlefield and in cyberspace is turning the tide,” Fleming plans to say.

Biden administration previews upcoming cybersecurity agenda

In a fact sheet, the Biden administration previewed upcoming cybersecurity developments:

  • This month, the White House will discuss the creation of cybersecurity labels for smart devices with companies, organizations and partners in the government, according to the fact sheet. The initiative will start with routers and home cameras,
  • On Oct. 31 and Nov. 1, the White House will host international partners to “accelerate and broaden” the work of the International Counter-Ransomware Initiative, the fact sheet says.

The White House said it would “continue to work with critical infrastructure owners and operators, sector by sector, to accelerate rapid cybersecurity and resilience improvements and proactive measures.” The document also provides administration initiatives on quantum cybersecurity, ransomware and other cybersecurity issues.

Toyota discloses data leak after access key exposed on GitHub (Bleeping Computer)

Texas election chief speaks out on conspiracy “nuts,” death threats, and President Biden’s legitimacy (Texas Monthly)

Lloyd’s of London says no evidence found of data compromise from cyberattack (Reuters)

  • John P. Carlin, who was most recently the principal associate deputy attorney general, is joining law firm Paul, Weiss, Rifkind, Wharton & Garrison as a partner and the co-head of the firm’s cybersecurity and data protection practice.
  • The FS-ISAC holds its FinCyber Today summit in Scottsdale, Ariz., through Wednesday.
  • National security adviser Jake Sullivan speaks at an event hosted by the Center for a New American Security and Georgetown University’s Walsh School of Foreign Service on Wednesday at 2 p.m.
  • Deputy national security adviser Anne Neuberger, Rep. John Katko (R-N.Y.) and Google Cloud global director of risk and compliance Jeanette Manfra discuss cybersecurity at a Washington Post Live event on Thursday at 9 a.m.

Thanks for reading. See you tomorrow.