Secret Service: The most sophisticated cyber crime during pandemic traced to ‘foreign actors’

The U.S. Secret Service is warning Americans about foreign actors seeking to commit cyber crimes during the pandemic.

Matthew Noyes, director of Cyber Policy and Strategy at the Secret Service, was asked if he thinks geopolitical motives have driven some of the cyber crimes that foreign actors have committed during the COVID-19 outbreak.

“From our perspective, we've seen primarily financial motives. There are actors aligned with foreign states that have financial motives but overwhelmingly it's transnational organized crime. There are certainly domestic components even in those schemes, right, they may need someone in the U.S. to receive the payment and send it on to them,” Noyes said during a “Countering COVID-19 Related Fraud” discussion on Friday hosted by the Center for Strategic & International Studies.

“But when we see the sophisticated activity, it's predominantly transnational groups that have been engaged in cybercrime, identity theft and related crimes for a long period of time and are taking advantage of this opportunity, I think. We’ll have to wait for hindsight to get a statistical lay of the land but in terms of sophistication, the strongest actors we’ve seen are located outside of the U.S. in large part,” he added.

The U.S. Department of Justice reported in April that the FBI's Internet Crime Complaint Center had "received and reviewed more than 3,600 complaints related to COVID-19 scams."

Brian Rabbitt, principal deputy assistant attorney general in the criminal division of DOJ, named some of the attacks he has seen foreign actors commit during the pandemic.

"I would definitely agree with Matt that the scam websites that we're seeing, the ransomware, the DDoS attacks, the phishing attempts, you know, the attempts to kind of exfiltrate [personally identifiable information] PII are frequently driven by transnational organized criminal organizations -- groups that do this for a living, so to speak, but are kind of adapting to the crisis and using it as an opportunity."

Rabbitt mentioned Chinese hackers as some of the "malicious foreign state actors" that DOJ has focused on during the pandemic. He said Chinese-affiliated criminal groups have been linked to hacking into the systems of government research institutions and private health companies to gain intelligence on a potential COVID-19 vaccine and “attempting to exfiltrate that data.”

Rabbitt explained that most of the fraudulent activity related to the CARES Act coronavirus stimulus law, specifically, is homegrown.

“We all know from past experience, anytime the federal government seeks to distribute billions and billions of dollars, the opportunities for fraud are significant,” he said. “So we identified that early on the department and the Criminal Division took a leading role back in 2008, and 2009, with the TARP program, and fraud relating to that, and we kind of recognize that as a potential model and built off of that.”

He explained that the $660 billion Paycheck Protection Program under the CARES Act has been a target for fraud. He said DOJ has charged "approximately half a dozen cases" across the country relating to PPP.

"What we've been seeing is really traditional fraudulent tactics, kind of, applied to this program; so individuals falsifying documents, making false statements to lenders in order to obtain loans, and then making false statements about how they're spending the loans or how they intend to spend the loan," he said.