A U.S. Treasury Department report released publicly last month stated that, over the past six months, private institutions blocked only one transaction – worth $0.04 – pursuant to U.S. sanctions on malicious cyber activity. While this sum is paltry, it is not a full measure of how sanctions disrupt the ability of U.S. cyber adversaries to access the international financial system in the first place.
Treasury has long used sanctions to thwart hostile cyber operatives, including state-sponsored hackers who have attacked global banks even as they attempt to use the international financial system to raise and move capital. These hackers have targeted financial institutions to raise funds for illicit activities, conduct reconnaissance and espionage, and carry out cyber-enabled economic warfare operations.
For example, Treasury sanctioned the state-backed groups responsible for Pyongyang’s 2016 hack of the Bank of Bangladesh’s SWIFT account, in which they stole $81 million. Likewise, the department also designated the hackers behind Tehran’s 2011 – 2013 distributed denial of service campaign against U.S. financial institutions. It is unlikely that either set of hackers had U.S bank accounts that would have been frozen because of sanctions. However, foreign financial institutions often deny sanctioned persons access to their systems out of abundant caution of running afoul of U.S. regulators or of processing transactions for malign actors.
Likewise, in response to U.S. sanctions and to Treasury advisories detailing how sanctions evaders attempt to circumvent banking standards, global financial institutions deploy sophisticated methods for stopping terrorists, money launderers, cyber operatives, and other malign actors from abusing their networks. Many of these foreign financial institutions not only execute in-depth screenings of their clients and counterparties, but also conduct deep investigatory dives into suspected illicit networks to root out any misuse of their systems.
As a result, sanctioned persons must search for unregulated financial channels to raise and move capital. When it is harder and costlier for malign groups to move freely throughout the financial system, they have less money to engage in illicit activities and are more likely to be caught by relevant authorities if they try.
To date, Treasury has sanctioned nearly 100 individuals and entities for malign state-sponsored cyber operations. Yet Treasury can and should do more. For example, while Treasury and the Department of Justice (DOJ) have worked in concert to sanction and indict Iranian cyber operatives, targets associated with Beijing’s government have escaped sanctions despite more than two dozen DOJ indictments.
Treasury also should sanction the financiers of cyber operations, as sanctioning only the hackers themselves has been insufficient to deter their misbehavior. Reports indicate, for example, that another sanctioned Iranian cyber threat group, known as Cobalt Dickens, continues to operate unimpeded. Treasury’s existing anti-terrorism and non-proliferation sanctions are potent because they target not only the aggressors but also their financial networks. For U.S. sanctions to be an effective tool to combat and thwart cyber operations, this expansiveness must be replicated in the cyber realm.
Annie Fixler is deputy director of the Center on Cyber and Technology Innovation (CCTI) at the Foundation for Defense of Democracies (FDD), where Eric Lorber is senior director of FDD’s Center on Economic and Financial Power (CEFP). If you would like to receive more of their policy briefs, op-eds, and research, subscribe HERE. For more from CCTI and CEFP, subscribe HERE. Follow Annie and Eric on Twitter @afixler and @ELforeignpolicy. Follow FDD on Twitter @FDD and @FDD_CEFP. FDD is a Washington, DC-based, nonpartisan research institute focusing on national security and foreign policy.