Washington DC: The U.S. Department of State’s Rewards for Justice (RFJ) program, administered by the Diplomatic Security Service, is offering a reward of up to $10 million for information leading to the identification or location of any person who, while acting at the direction or under the control of a foreign government, participates in malicious cyber activities against U.S. critical infrastructure in violation of the Computer Fraud and Abuse Act (CFAA).
in a statement on Thursday 15 July, the US Department os State said: “Certain malicious cyber operations targeting U.S. critical infrastructure may violate the CFAA. Violations of the statute may include transmitting extortion threats as part of ransomware attacks; intentional unauthorized access to a computer or exceeding authorized access and thereby obtaining information from any protected computer; and knowingly causing the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causing damage without authorization to a protected computer. Protected computers include not only U.S. government and financial institution computer systems, but also those used in or affecting interstate or foreign commerce or communication”.
The Colonial Pipeline cyber attack on 6-7 May 2021, when data was stolen, and the commencement of its restart operation on 12 May, is a case in point. The malware attack on Colonial Pipeline that transports about 45 per cent of all petrol and diesel consumed on the East coast of the US was the largest cyber attack on an oil infrastructure in the history of United States.
The State Department has stated – Commensurate with the seriousness with which we view these cyber threats, the Rewards for Justice program has set up a Dark Web (Tor-based) tips-reporting channel to protect the safety and security of potential sources. The RFJ program also is working with interagency partners to enable the rapid processing of information as well as the possible relocation of and payment of rewards to sources. Reward payments may include payments in cryptocurrency.
More information about this reward offer is located on the Rewards for Justice website at www.rewardsforjustice.net . The US Department of State has said it encourages anyone with information on malicious cyber activity, carried out against U.S. critical infrastructure in violation of the CFAA by actors at the direction of or under the control of a foreign government, to contact the Rewards for Justice office via their Tor-based tips-reporting channel at: he5dybnt7sr6cm32xt77pazmtm65flqy6irivtflruqfc5ep7eiodiad.onion (Tor browser required).
Since its inception in 1984, the program has paid in excess of $200 million to more than 100 people across the globe who provided actionable information that helped prevent terrorism, bring terrorist leaders to justice, and resolve threats to U.S. national security.