DOJ’s New Trend: Domain Seizures to Combat Criminal Activities

January 30, 2025

The U.S. Department of Justice (DOJ) has recently shifted its enforcement strategy, increasingly relying on domain seizures to combat a wide range of criminal activities. This new approach has significant implications for companies, especially those providing domain-level services or interacting with entities sanctioned by the Office of Foreign Assets Control (OFAC). The DOJ’s actions have targeted everything from Russian propaganda operations to illicit cryptocurrency exchanges, marking a notable change in how the department addresses cybercrime and other illegal activities. By seizing domains, the DOJ effectively disrupts the operational capabilities of cybercriminals and serves as a powerful deterrent to others who might consider engaging in similar unlawful endeavors.

The Rise of Domain Seizures

In recent months, the DOJ has ramped up its use of domain seizures as a tool to disrupt criminal activities. This strategic approach involves taking control of internet domains used for illegal purposes and redirecting visitors to a government site that announces the domain’s seizure. Not only does this disrupt criminal operations, but it also serves as a public deterrent by demonstrating the government’s commitment to cybercrime mitigation. The DOJ’s increased reliance on this method is evident in several high-profile cases, including the seizure of domains used in Russian influence campaigns and illicit cryptocurrency exchanges.

The legal basis for these actions often involves violations of U.S. money laundering and trademark laws, as well as sanctions under the International Emergency Economic Powers Act (IEEPA). The DOJ’s approach aims to cut off the digital infrastructure that supports criminal activities, thereby reducing their impact and reach. This strategy has proven effective in various cases, but it also raises questions about the potential implications for legitimate businesses that might inadvertently get caught in the crossfire. As domain seizures become more prevalent, companies must stay informed about their legal obligations and the risks associated with their operations.

High-Profile Cases and Their Implications

One of the most notable cases in recent months is the DOJ’s seizure of 32 internet domains allegedly used in Russian government-directed influence campaigns, known as “Doppelganger.” These domains were reportedly part of efforts to spread propaganda, undermine international support for Ukraine, and influence elections. The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) concurrently announced sanctions against individuals and entities involved in the Doppelganger scheme, highlighting the coordinated effort between different government agencies. This case underscores the importance of inter-agency cooperation in addressing complex, international cyber threats.

Another significant case involved the seizure of domains associated with illicit cryptocurrency exchanges, such as “Cryptex.net.” This operation, conducted in cooperation with Dutch law enforcement, resulted in the seizure of servers hosting these exchanges and the confiscation of over $7 million in cryptocurrency. These actions demonstrate the DOJ’s commitment to targeting the financial infrastructure of cybercriminals, making it more difficult for them to operate. These high-profile seizures not only disrupt criminal activities but also signify the broader impact of the DOJ’s shifting strategy on the cybersecurity landscape.

Legal Framework and Challenges

The DOJ’s authority to seize domains is grounded in civil forfeiture statutes and the IEEPA. These legal frameworks allow the department to take control of domains used for illegal activities, provided there is a domestic nexus, meaning that the funds or activities must have a connection to the U.S. This requirement ensures that the DOJ’s actions are within its jurisdiction, but it also means that companies must be vigilant about their international transactions and partnerships to avoid potential legal entanglements.

One of the challenges for companies is the lack of prior notice before a domain seizure occurs. The DOJ often secures seizure warrants under seal, making it difficult for affected entities to take pre-emptive actions. This underscores the importance of conducting thorough due diligence on overseas payments and partnerships to mitigate the risk of being involved in DOJ seizure operations. Companies should also be aware of the potential for aggressive legal responses to challenge domain seizures, as the DOJ may prefer disruption over prolonged litigation, given its recent strategic focus.

Strategic Considerations for Companies

For companies providing domain-related services or interacting with OFAC-sanctioned entities, understanding the DOJ’s enforcement strategy is crucial. The absence of prior notice and the practice of securing seizure warrants under seal complicate pre-emptive actions. However, there are steps that companies can take to mitigate their risk. Conducting due diligence on overseas payments and partnerships is essential to avoid inadvertently becoming involved in activities that could lead to a domain seizure. This proactive approach can help companies safeguard their operations and maintain compliance with U.S. laws.

Another strategic consideration is the choice of domain registries. Many domain registries are based in the U.S., which simplifies the DOJ’s seizure process under U.S. warrants. Shifting to non-U.S. registrars, even those in U.S.-friendly jurisdictions, may complicate enforcement and provide opportunities to challenge seizures before they are executed. This approach can offer some protection, although it is not foolproof. Companies must weigh the benefits and risks associated with their choice of registrars and consider potential legal challenges that may arise from operating under different jurisdictions.

The Broader Impact on Cybersecurity

Recently, the U.S. Department of Justice (DOJ) has adopted a new enforcement strategy, increasingly using domain seizures to tackle various criminal activities. This shift has important implications for companies, particularly those offering domain-level services or doing business with entities sanctioned by the Office of Foreign Assets Control (OFAC). The DOJ’s initiatives have targeted a broad spectrum of crimes, from Russian propaganda networks to illegal cryptocurrency exchanges. This indicates a significant change in how the DOJ approaches cybercrime and other illicit activities. By seizing domains, the DOJ disrupts cybercriminal operations, impacting their ability to function and serving as a strong deterrent to others considering similar illegal activities. The change is likely to affect multiple sectors, emphasizing the need for businesses to stay compliant with federal regulations. This strategy not only stops ongoing crimes but also helps prevent future unlawful activities, showcasing DOJ’s commitment to maintaining national and cyber security.

Subscribe to our weekly news digest.

Join now and become a part of our fast-growing community.

Invalid Email Address
Thanks for Subscribing!
We'll be sending you our best soon!
Something went wrong, please try again later