Source URL: https://krebsonsecurity.com/2025/07/big-techs-mixed-response-to-u-s-treasury-sanctions/
Source: Krebs on Security
Title: Big Tech’s Mixed Response to U.S. Treasury Sanctions
Feedly Summary: In May 2025, the U.S. government sanctioned a Chinese national for operating a cloud provider linked to the majority of virtual currency investment scam websites reported to the FBI. But more than a month later, the accused continues to openly operate accounts at a slew of American tech companies, including Facebook, Github, LinkedIn, PayPal and Twitter/X.
AI Summary and Description: Yes
**Short Summary with Insight:**
The text discusses recent U.S. government sanctions against a cloud provider linked to virtual currency scams and highlights the ongoing challenges tech companies face in complying with these regulations. It underscores the complexities of tech companies in enforcing sanctions, the risks associated with cybercriminal activities, and the broader implications for security, compliance, and operational integrity in the cloud computing space. This situation serves as a pertinent alert for security and compliance professionals regarding the necessity of vigilant account management in tech infrastructures.
**Detailed Description:**
The provided text highlights the evolving landscape of compliance and security through the lens of U.S. sanctions against companies and individuals involved in cybercrime, specifically targeted at virtual currency scams. Key points include:
– **Sanctioned Entities:**
– The U.S. Department of the Treasury imposed sanctions on Funnull Technology Inc., a Philippines-based provider allegedly supporting vast networks of scam websites, primarily linked to “pig butchering” investment scams.
– The accused operator, Liu “Steve” Lizhi, has been reported to maintain several active accounts on major American tech platforms like LinkedIn, PayPal, and Twitter/X despite being sanctioned.
– **Non-Compliance by Tech Companies:**
– Despite being sanctioned, Lizhi’s online presence persisted for some time, showcasing a potential gap in the compliance mechanisms of tech giants.
– Major companies, including Meta and GitHub, highlighted the complexities of sanctions laws and indicated that they have processes for handling accounts linked to sanctioned individuals but did not fully sever ties in this instance.
– **Security Risks:**
– The activities of sanctioned individuals using cloud services pose threats to consumers and businesses, as they can facilitate scams that lead to substantial financial losses.
– The FBI reported a dramatic increase in complaints related to digital assets, emphasizing the growing threat of investment scams.
– **Response from Security Experts:**
– Zach Edwards from Silent Push criticized the lack of prompt action by tech companies to disconnect from sanctioned entities, citing specific examples of active accounts that could facilitate ongoing criminal activities.
– Mark Rasch emphasized the disparity in compliance diligence between financial institutions and tech companies, particularly concerning free account services.
– **Implications for Cybersecurity and Compliance:**
– The case underscores the critical need for improved monitoring systems and proactive strategy formulations by tech companies to ensure compliance with U.S. sanctions.
– There is a clear necessity for enhanced vigilance in managing user accounts linked to sanctioned entities, which could involve refining existing risk assessments and account verification processes.
– **Broader Trends in Cybercrime:**
– Funnull’s adaptive measures indicate a trend where cybercriminal organizations are increasingly sophisticated, navigating around sanctions through altering operational tactics.
– This highlights the importance of continuous monitoring and adaptation in regulatory practices among cloud service providers.
In conclusion, the complex intersection of technology, compliance, and cybersecurity illustrated by this case emphasizes an urgent call for tech companies to reevaluate their approaches to maintaining compliance with U.S. sanctions and the need for robust security frameworks to mitigate risks associated with cybercrime.