Legal Considerations when Gathering Online Cyber Threat Intelligence

U.S. Department of Justice

Legal Considerations when Gathering Online Cyber Threat Intelligence and Purchasing Data from Illicit Sources

The Cybersecurity Unit (CsU) prepared this document in response to questions posed by private organizations about the legality of specific cybersecurity measures. It includes contributions from other components of the Department of Justice, such as the National Security Division, and other federal agencies.3 Consistent with the CsU’s mission, this document is intended to help organizations adopt effective cybersecurity practices and to conduct them in a lawful manner.

Publisher – U.S. Department of Justice

Release – February 2020

This document focuses on information security practitioners’ cyber threat intelligence- gathering efforts that involve online forums in which computer crimes are discussed and planned and stolen data is bought and sold. It also contemplates situations in which private actors attempt to purchase malware, security vulnerabilities, or their own stolen data—or stolen data belonging to others with the data owners’ authorization—in Dark Markets.