The United States faces a grave challenge in its fight against cyberattacks from abroad. Chief among the foreign cyber threats comes from a finite number of “ransomware-as-a-service” gangs, which are responsible for extorting billions of dollars from American citizens and companies annually. Prosecuting these cybercriminals has proven exceedingly difficult. Law enforcement often struggles to forensically trace ransomware attacks, which makes identifying and prosecuting the perpetrators challenging. Moreover, even when prosecutors can identify the perpetrators of these attacks, the ransomware gangs are headquartered in foreign adversarial nations that do not extradite criminals to the United States. Finally, ransomware gangs are governed by complex structures that push the limits of joint criminal enterprise liability. While these challenges are complex, they are not unprecedented. The United States has crafted successful legal solutions in response to similar challenges in its fight against the War on Terror. This Comment analyzes one of these legal solutions from the War on Terror, 8 U.S.C. § 1189, which establishes the Foreign Terrorist Organization list and assesses whether the State Department can and should designate foreign ransomware gangs as “Foreign Terrorist Organizations” (FTOs). This Comment argues that ransomware gangs qualify as “foreign organizations,” engage in “terrorist activities” as defined under the statute, and threaten the national security of the United States. Thus, ransomware gangs meet the statutory requirements for designation as FTOs. Given the prosecutorial and investigatory benefits and the useful financial and political implications of the designation, this Comment argues that the State Department should list ransomware gangs as FTOs.
Jake C. Porath
Typing a Terrorist Attack: Using Tools from the War on Terror to Fight the War on Ransomware,
50 Pepp. L. Rev.
Available at: https://digitalcommons.pepperdine.edu/plr/vol50/iss1/3