Rewards for Justice incentivizes critical infrastructure protection

From a modest booth at the Black Hat cybersecurity conference in Las Vegas, Aug. 5, 2021, Rewards for Justice (RFJ) staff handed out mini wanted posters and t-shirts (left). When scanned by a mobile device, the QR code on the t-shirt led individuals back to RFJ’s webpage (bottom right) for the reward offer. Also at the booth, a large video screen (top right) flashed ads for the cyber reward offer in English and multiple foreign languages, including Russian. Photos courtesy of the Bureau of Diplomatic Security
From a modest booth at the Black Hat cybersecurity conference in Las Vegas, Aug. 5, 2021, Rewards for Justice (RFJ) staff handed out mini wanted posters and t-shirts (left). When scanned by a mobile device, the QR code on the t-shirt led individuals back to RFJ’s webpage (bottom right) for the reward offer. Also at the booth, a large video screen (top right) flashed ads for the cyber reward offer in English and multiple foreign languages, including Russian. Photos courtesy of the Bureau of Diplomatic Security

By Rachel Schindel Gombis

The Department of State’s Rewards for Justice (RFJ) program—which advertises an up-to-$10 million reward for information on foreign government-linked malicious cyber activities against U.S. critical infrastructure—raised a few eyebrows due to its innovative rollout.

News outlets and social media influencers were especially attentive because the announcement marked the first time that RFJ had offered reward payments in cryptocurrency. Additionally, RFJ engaged target audiences via the Dark Web and began receiving tips on a Tor channel, which enabled tipsters to conceal their identities.

The RFJ reward offer was one in a series of U.S. government initiatives announced in July 2021 by the White House in response to a growing number of ransomware attacks against U.S.-based computer networks. 

As soon as the White House announced the reward offer, RFJ began advertising it on its official verified Twitter and Facebook accounts, in multiple languages. 

The RFJ social media ads and website inform audiences about the reward offer and direct tipsters to share information securely with RFJ via messaging platforms like Signal, Telegram, WhatsApp, and the aforementioned Tor channel. 

To reach potential sources where they congregate, RFJ hosted a booth at the August 4-5, 2021 Black Hat cybersecurity conference, which drew thousands of hackers and cybersecurity professionals. The conference provided RFJ an opportunity to promote the reward offer with communities of interest likely operating in close proximity to individuals who may possess valuable information.

At the conference, RFJ distributed mini-posters and T-shirts emblazoned with the hashtag “#RewardsNotRansoms.” The T-shirts bore a large QR code that, when scanned, connected to RFJ online advertising for the reward offer. The T-shirts were so popular that RFJ had to order a second, emergency print run. To attract hackers, RFJ set up an unprotected wi-fi server at the conference that sent would-be hackers directly to RFJ advertising for the reward offer. This playful solicitation of information gained RFJ a lot of positive interest.

The innovative approaches generated priceless publicity for RFJ on digital sites devoted to cybersecurity and cryptocurrency across the open, deep, and dark web. 

Rachel Schindel Gombis is director of the Office of Rewards for Justice in the Bureau of Diplomatic Security.

Previous articleDecember 2021 | Digital Archive
Next articleDepartment publishes its first Geospatial Data Strategy