In the midst of the pandemic, the government gave unemployment benefits to the incarcerated, the imaginary and the dead. It sent money to “farms” that turned out to be front yards. It paid people who were on the government’s “Do Not Pay List.” It gave loans to 342 people who said their name was “N/A.”
As the coronavirus shuttered businesses and forced people out of work, the federal government sent a flood of relief money into programs aimed at helping the newly unemployed and bolstering the economy. That included $3.1 trillion that former President Donald J. Trump approved in 2020, followed by a $1.9 trillion package signed into law in 2021 by President Biden.
But those dollars came with few strings and minimal oversight. The result: one of the largest frauds in American history, with billions of dollars stolen by thousands of people, including at least one amateur who boasted of his criminal activity on YouTube.
39,000 investigations going. About 50 agents in a Small Business Administration office are sorting through two million potentially fraudulent loan applications.
Officials already concede that the sheer number of cases means that some small-dollar thefts may never be prosecuted. This month, Mr. Biden signed bills extending the statute of limitations for some pandemic-related fraud to 10 years from five, a move aimed at giving the government more time to pursue cases. “My message to those cheats out there is this: You can’t hide. We’re going to find you,” Mr. Biden said during the signing at the White House.
$5 trillion in relief money in three separate legislative packages — an enormous sum that is credited with reducing poverty and saving the country from a prolonged, painful recession.
But investigators say that Congress, in its haste to get money out the door, devised all three packages with the same flaw: relying on the honor system.
For example, an expanded unemployment benefit gave workers an extra $600 per week in federal jobless funds on top of what they received from their state. The program was funded by the federal government but administered by states, which often had loose rules around qualifying. Applicants did not need to provide proof they had lost income because of Covid-19; they simply had to swear it was true.
Read More on the Coronavirus Pandemic
A similar we’ll-take-your-word-for-it approach was used in two loan programs run by the Small Business Administration.
Paycheck Protection Program, in which the government guaranteed loans made by private lenders, and the Economic Injury Disaster Loan program, in which the government itself gave out loans and smaller advance grants that did not have to be repaid. In both, the government trusted businesses to self-certify that they met key requirements.
using the email address of a burrito shop.
In the Paycheck Protection Program, private banks were supposed to help with the screening, since in theory they were dealing with customers they already knew. But that left out many small businesses, and the government allowed online lenders to enter the program. This year, University of Texas researchers found that some of those “fintech” lenders appeared less diligent about catching fraud.
turning fraud into a franchise — helping other people cook up fake businesses in order to get loans from the Economic Injury Disaster program.
Andrea Ayers advised one client to tell the government she ran a baking business from home, although she was not a baker, prosecutors said.
YouTube videos, where scammers offered to help for a cut of the proceeds. Some used the money on necessities, like mortgage bills or car payments. But many seemed to act out of opportunism and greed, splurging on a yacht, a mansion, a $38,000 Rolex or a $57,000 Pokémon trading card.
responsible for selling the card.
music video on YouTube, bragging in detail about how he had gotten rich by submitting false unemployment claims. His song was called “EDD,” after California’s Employment Development Department, which paid the benefits.
first reported by The Washington Post. In the Economic Injury Disaster Loan program, a watchdog found that $58 billion had been paid to companies that shared the same addresses, phone numbers, bank accounts or other data as other applicants — a sign of potential fraud.
“It’s clear there’s tens of billions in fraud,” said Michael Horowitz, the chairman of the Pandemic Response Accountability Committee, which includes 21 agency inspectors general working on fraud cases. “Would it surprise me if it exceeded $100 billion? No.”
The effort to catch fraudsters began as soon as the money started flowing, and the first person was charged with benefit fraud in May 2020. But investigators were quickly deluged with tips at a scale they had never dealt with before. The Small Business Administration’s fraud hotline — which had previously received 800 calls a year — got 148,000 in the first year of the pandemic. The Small Business Administration sent its inspector general two million loan applications to check for potential identity theft. At the Labor Department, the inspector general’s office has 39,000 cases of suspected unemployment fraud, a 1,000 percent increase from prepandemic levels.
But prosecutors face a key disadvantage: While fraud takes minutes, investigations take months and prosecutions take even longer.
pleaded guilty to mail fraud last month. His lawyers declined to comment.
first weeks of the pandemic, when the government gave out 5.8 million advance grants worth $19.7 billion in just over 100 days. In that program, fraud was easy to pull off, according to a government watchdog, which cited numerous loans given to businesses that were ineligible for funding.
Mr. Ware said he recently limited his agents to working 10 cases at a time, telling them: “You’re killing yourself. I have to protect you from you.”
told The New York Times in November.
“It’s a honey trap,” he added. “Richard Ayvazyan fell into that trap.” Mr. Ayvazyan was sentenced to 17 years in prison for participating in a ring that sought $20 million in fraudulent loans.
In the case of Mr. Oudomsine, the Pokémon card buyer, his lawyers argued in March that a judge should be lenient in deciding his sentence because the fraud had taken hardly any time at all.
“It is an event without significant planning, of limited duration,” said Brian Jarrard, who was Mr. Oudomsine’s lawyer at the time.
That did not work.
Judge Dudley H. Bowen Jr. of U.S. District Court sentenced Mr. Oudomsine to three years in prison, more than prosecutors had asked for, to “demonstrate to the world that this is the consequence” of fraud, according to a transcript of the sentencing.
Now, Mr. Oudomsine is appealing, with a new lawyer and a new argument. Deterrence, the new lawyer argues, is moot here because the pandemic-relief programs are over.
“There’s no way to deter someone from doing it, when there’s no way they can do it any longer,” said the lawyer, Devin Rafus.
Biden administration officials say they are trying to prepare for the next disaster, seeking to build a system that would quickly check applications for signs of identity theft.
“Criminal syndicates are going to look for weak links at moments of crisis to attack us,” said Gene Sperling, the White House coordinator for pandemic aid. He said the White House now aims to build a continuing system that would detect identity theft quickly in applications for aid: “The right time to start building a stronger system to prevent identity theft is now, not in the middle of the next serious crisis.”
In the meantime, the arrests go on.
Last week, prosecutors charged a correctional officer at a federal prison in Atlanta with defrauding the Paycheck Protection Program, saying she had received two loans totaling $38,200 in 2020 and 2021. The officer, Harrescia Hopkins, has pleaded not guilty. Her lawyer did not respond to a request for comment.
“You can’t have a system where crime pays,” said Mr. Horowitz, of the federal Pandemic Response Accountability Committee. “It undercuts the entire system of justice. It undercuts people’s faith in these programs, in their government. You can’t have that.”
Since the DarkSide account was opened in March, Elliptic said, it had received $17.5 million from 21 Bitcoin wallets, indicating the number of ransoms it had collected just this spring. Cybersecurity analysts assess that the group has been active since at least August, and has most likely used a number of different Bitcoin wallets to receive ransoms.
The intense scrutiny that followed the Colonial Pipeline attack has clearly unsettled ransomware groups. This week, the operators behind two major Russian-language ransomware platforms, REvil and Avaddon, announced strict new rules governing the use of their products, including bans on targeting government-affiliated entities, hospitals or educational institutions.
The administrator of XSS, a popular Russian-language cybercrime forum, announced an immediate ban on all ransomware activity on the forum, citing, among other things, the bad press associated with the industry. In a statement posted in the forum, the administrator called the attention a “critical mass of harm, nonsense, hype and noise,” saying even the spokesman for President Vladimir V. Putin of Russia had weighed in on the Colonial Pipe attack. (The spokesman, Dmitri S. Peskov, denied that the Kremlin had been involved in the attack on the pipeline.)
“The word ransom has become associated with a whole series of unpleasant things — geopolitics, blackmail, government cyberattacks,” the XSS administrator wrote. “This word has become dangerous and toxic.”
Even if DarkSide has shut down, the threat from ransomware has not passed. Cybercriminal networks often disband, regroup and rebrand themselves in an effort to throw off law enforcement, cybersecurity experts say.
“It’s likely that these ransomware operators are trying to retreat from the spotlight more than suddenly discovering the error of their ways,” said Mark Arena, Intel 471’s chief executive. “A number of the operators will most likely continue to operate in their own close-knit groups, resurfacing under different aliases and ransomware names.”
Indeed, DarkSide gave no indication that its members were getting out of the ransomware business or even letting victims currently infected with the group’s malware off the hook. In its statement, DarkSide said it would hand over its decryption tools to affiliates, giving these intermediaries, who were responsible for infecting computer systems with the group’s malicious software, the ability to negotiate ransoms with victims directly.
“You will be given decryption tools for all the companies that haven’t paid yet,” the statement read. “After that, you will be free to communicate with them wherever you want in any way you want.”
Gasoline prices continued to rise across the Southeast on Thursday, but at a slower pace generally than in recent days, as the operator of Colonial Pipeline said it had made “substantial progress” in resuming the delivery of fuel along the East Coast.
“Product delivery has commenced to all markets we serve,” the pipeline’s operator said Thursday afternoon. “It will take several days for the product delivery supply chain to return to normal. Some markets served by Colonial Pipeline may experience, or continue to experience, intermittent service interruptions.”
The pipeline, which stretches from Texas to New Jersey and delivers nearly half of the transport fuels for the Atlantic Coast, was shut down because of a ransomware cyberattack on Friday. Operations have gathered momentum since the pipeline partially restarted late Wednesday.
Gasoline prices rose by roughly 3 cents in South Carolina and Georgia from Wednesday to Thursday, about half the amount of the increases of the previous few days. But prices in Tennessee, which depends on an offshoot of the pipeline, rose by 6 cents, to $2.87 for a gallon of regular. Nationwide, the average price for a gallon of regular increased by 2 cents to $3.03, according to the AAA auto club.
Gasoline supplies vary from state to state along the pipeline, in part because some places have more storage than others. In New Jersey, only 1 percent of gasoline stations lacked fuel early Thursday morning, while more than half of the stations in Virginia, North Carolina and South Carolina were out of fuel, according to GasBuddy, an app that monitors fuel supplies.
It is likely to take at least through the weekend for supply at all gasoline stations to return to normal functioning, because it takes time for fuel to pass through the pipeline.
President Biden, speaking on national television, urged motorists not to panic.
“They should be reaching full operational capacity as we speak, as I speak to you right now,” Mr. Biden said at the White House. “That is good news. But we want to be clear, we will not feel the effects at the pump immediately. This is not like flicking on a light switch.”
An internal assessment by the Departments of Energy and Homeland Security noted that the fuel “travels through the pipeline at 5 miles per hour” and would take “approximately two weeks to travel from the Gulf Coast to New York.” Supplemental supplies transported in tanker trucks and tanker vessels connecting the Gulf and Atlantic coasts also can take up to a week or more.
The Biden administration has temporarily eased the Jones Act, which prohibits foreign vessels from delivering goods from one domestic port to another. The administration said Thursday that a waiver had been granted to one company and that it would consider other waiver requests.
“This waiver will enable the transport of additional gas and jet fuel to ease supply constraints,” Jen Psaki, the White House press secretary, said in a statement. The Jones Act, which is over a century old and is designed to protect American shipping, is usually waived to compensate for supply interruptions during hurricanes.
Panic buying contributed to the fuel shortages. At some stations, people were filling up gasoline cans, forcing others to wait longer and causing shouting matches.
Friday is traditionally the biggest day for gasoline sales. But energy analysts were optimistic that the crisis would soon pass.
“The restart of the pipeline is very positive news for motorists,” said Jeanette McGee, the director for external communications for AAA. “While impact won’t be seen immediately and motorists in affected areas can expect to see a few more days of limited fuel supply, relief is coming.”
She said station pumps will be full in “several days,” ahead of the Memorial Day weekend, a heavy driving time.
The Federal Bureau of Investigation has identified an organized crime group called DarkSide as the attacker. The group is believed to operate from Eastern Europe, possibly Russia. While the attack was not on the pipeline itself, Colonial shut down both its information systems and the pipeline until it was sure it could safely manage the flow of fuel.
David E. Sanger and Michael D. Shear contributed reporting.
A spokeswoman for the fund, Evelyn Williams, said that it was cooperating with the federal investigation and that the board had also opened its own inquiry. Beyond that, she said, the fund would not comment, because “protecting the integrity of these investigations is necessary.”
The fund’s 15 trustees have hired several law firms to deal with different lines of inquiry, plus an investment firm to assume the duties of the fund’s chief investment officer, James H. Grossman Jr.
The error in calculating returns was a tiny one, just four one-hundredths of a percentage point. But it was enough — just barely — to push the fund’s performance over a critical threshold of 6.36 percent that, by law, determines whether certain teachers have to pay more into the fund. The close call raised questions about whether someone had manipulated the numbers and the error wasn’t really an error at all.
Since the corrected number didn’t clear the benchmark, nearly 100,000 teachers hired after July 1, 2011, will have to contribute more for three years starting on July 1.
The pension fund, Pennsylvania’s biggest, has roughly 256,000 active members and 265,000 retirees. Pennsylvanians have been complaining about teachers’ pension costs since 2001, when state lawmakers sweetened all state workers’ pensions — including their own — on the thinking that the bull market of the 1990s would continue indefinitely. That mistake was laid bare a few months later when Wall Street and the economy dived after the terror attacks of Sept. 11. But lawmakers said the pension boosts couldn’t be reversed.
Today in Business
The pensions of state workers are often funded through the mysterious maze of the state budget, so their rising cost is hard to see. But teachers’ pensions in Pennsylvania are funded through local property taxes, so when the fund needed more money, homeowners felt the bite.
Taxpayer contributions to the teachers’ pension fund nearly quintupled from 2001 to 2008, causing an outcry. Then came the financial crisis of 2008, and seven years’ worth of taxpayer pain came to naught. The fund emerged from the Great Recession with even less money than it had in 2001, the year of the big miscalculation.
Times Insider explains who we are and what we do, and delivers behind-the-scenes insights into how our journalism comes together.
Two years ago, on a soggy January day at the University of Oregon, Peter Laufer, a journalism professor, picked up a copy of The New York Times and presented his students with a reporting challenge.
He read from a feature at the bottom of Page 2 that highlights an article from The Times’s archives each day. It covered the experience in early 1960 of a fourth grader in Roseburg, Ore., not far from the college. She had written to her congressman for the names of Russian schoolchildren with whom she and her classmates could be pen pals, but the State Department denied the request, fearing they would be influenced by Soviet propaganda. The headline on the article read: “U.S. Bars a Girl’s Plea for Russian Pen Pals.”
“Find that girl!” Mr. Laufer told the class, an exercise designed to teach his students the skill of locating a source and, possibly, a bigger story. He thought she might still be living nearby.
For nine students, that simple instruction turned into a journalism project, which included an on-the-ground reporting trip in Nevada, digging through F.B.I. files from the National Archives and meeting face to face with modern-day fourth graders in southern Russia. This year, they published their findings in a book, “Classroom 15: How the Hoover F.B.I. Censored the Dreams of Innocent Oregon Fourth Graders.”
“It is such a small story, but it resonates so much with the time that it was in,” said Julia Mueller, who worked as the project’s managing editor and wrote a chapter in the book.
Using public records and online databases, the students located the subject of the article, Janice Hall, now married and living near Las Vegas. Her name had been misspelled as “Janis” in the original article, which made it more difficult for the class to locate her.
In 1960, during a tense period of the Cold War, a time when both the United States and the Soviet Union saw every move by the other country as a tactic aimed at world domination, Ms. Hall never had the chance to correspond with Russian students. The reporters were determined to understand why.
They abandoned the syllabus, renamed the course Janice 101 and devoted the rest of the term to unpacking the story.
Each student took a slightly different angle. One examined the fear of communism that had gripped the United States. Another reporter, who was headed to Las Vegas for a spring break trip with her sorority, made a detour to meet Ms. Hall. Yet another interviewed the family of Ray McFetridge, the teacher who had conceived of the pen-pal project and who had died years earlier. Students even obtained the F.B.I. case files on the incident through a Freedom of Information Act request.
“Why wouldn’t you want people to be friends with people across borders?” asked Zack Demars, the lead reporter on the project, outlining the students’ central question.
“I think we discovered that it was because of the level of fear at the time,” he added.
Mr. Laufer, a former NBC News correspondent, thought that a reporter needed to go to Russia to meet with current pupils. He wanted his journalism students to explore what would happen if they tried to connect schoolchildren today.
“We decided that we were not going to leave this hanging,” Mr. Laufer said. “If they couldn’t do it in 1960, we were going to do it in 2020.”
The class decided to take letters written by fourth graders in Yoncalla, Ore., and deliver them to Russian students.
In December 2019, months after the course ended, Mr. Demars took a 13-hour train ride from Moscow to the southern Russian city of Rostov-on-Don, where Mr. Laufer had a contact who agreed to act as a guide.
Mr. Demars met with Russian fourth graders and gave them the letters from their American counterparts. They peppered him with questions: Did he have pets? Did he play sports? What did he think of Ariana Grande?
He also spoke with a group of high schoolers. They discussed American schools and movies and asked to follow him on Instagram. He thinks of these new followers as modern pen pals.
“I don’t talk to them all that often,” he said. “But we interact every now and then, and we have that level of human connection.”
Mr. Demars is now working as a reporter at a small local newspaper in Oregon. During the project, he learned the value of recording individual experiences, which can offer future generations insight into a particular era.
“When I’m out reporting, I’m looking for those things that are commonplace right now but deeply unique to the time period,” he said.
Ms. Hall, 70, said she was amazed to hear from the college students, who are about the age of her grandchildren.
She was also awed by the project, and particularly by Mr. Demars’s persistence: “He hooked up these two fourth grades,” she said, “which is exactly what we were trying to do.”
Her family believes that Ms. López fell for an old love and was taken in by him.
James Cason, a former top U.S. official in Cuba, said most Cuban diplomats are known to be spies for their government, particularly those posted in the United States.
“She had to know what she was getting into, marrying a Cuban diplomat,” Mr. Cason said. “Here in Miami, if you marry a Cuban diplomat, you’re considered a traitor, basically.”
Cuban court documents are unequivocal: Mr. Milanés had been a Cuban intelligence agent. And, the court records say, he confessed that to her after they married on Christmas Eve 2007.
By that time, Mr. Milanés lived in Cuba. He was not allowed to leave the island, so his wife spent the next decade visiting him during long weekends and school breaks. According to Cuban court records, Mr. Milanés was an alcoholic who depended on her financially.
In January 2017, Ms. López received a cryptic call from her husband, asking her to come to Cuba, her lawyer, Mr. Poblete, said.
Mr. Milanés had been caught on a boat in Baracoa, on the eastern coast, trying to flee Cuba, according to a person familiar with the case who was not authorized to speak publicly about it. He had called his wife from custody, luring her to the island.
Ms. López flew to Havana and was arrested in the airport, on her way back.
“I don’t care if he had a gun to his head,” Mr. Peralta said of her husband. “That’s your wife. What kind of man are you to throw your wife under the bus?”
WASHINGTON — The Russian military buildup at the Ukraine border and in Crimea could provide enough forces for a limited military incursion, the C.I.A. director, William J. Burns, told senators on Wednesday as he and other senior officials outlined a range of threats facing the United States.
Russia could simply be sending a signal to the United States or trying to intimidate the Ukrainian government, but it had the abilities in place to do more, Mr. Burns told the Senate Intelligence Committee.
“That buildup has reached the point that it could provide the basis for a limited military incursion, as well,” Mr. Burns said. “It is something not only the United States but our allies have to take very seriously.”
Mr. Burns testified alongside Avril D. Haines, the director of national intelligence, and other officials about an array of threats from global powers like Russia and China as well as challenges that have been less of a focus of intelligence agencies in the past, including domestic extremism and climate change.
annual threat assessment report, released Tuesday ahead of the hearing, the intelligence community said that China’s push for global power posed a threat to the United States through its aggression in its region, its expansion of its surveillance abilities and its attempts to dominate technological advances.
Russia has also pushed for a sphere of influence that includes countries that were part of the Soviet Union, like Ukraine, the report said.
Both China and Russia, however, wanted to avoid direct confrontation with the United States, the report said.
Mr. Burns said the Russian actions have prompted internal briefings as well as consultations with allies. President Biden’s call on Tuesday to President Vladimir V. Putin of Russia was intended to “register very clearly the seriousness of our concern,” Mr. Burns said.
The United States has been tracking the Russian troops for some time, at least since late March. American officials have said privately that the Russians have done little to hide their troop buildup, unlike in 2014 when they first attacked Ukraine. That has convinced some, but not all, officials briefed on the intelligence that the Russian activities may be mostly for show.
penetrated nine federal agencies, and another by China that compromised Microsoft Exchange servers. The Biden administration is expected to respond to the Russian hacking soon, most likely with sanctions and other measures.
Ms. Haines said Russia used hackings to sow discord and threaten the United States and its allies. “Russia is becoming increasingly adept at leveraging its technological prowess to develop asymmetric options in both the military and cyberspheres in order to give itself the ability to push back and force the United States to accommodate its interests,” she said.
Lawmakers also raised the issue of a series of mysterious episodes that have injured diplomats and C.I.A. officers overseas. Some former officials believe Russia is behind the episodes, which they have called attacks.
Mr. Burns said he was working with his colleagues to ensure better medical care for C.I.A. officers. He also said he was working to “get to the bottom of the question of what caused these incidents and who might have been responsible.”
Questions on China dominated the earlier Senate confirmation hearings for Ms. Haines and Mr. Burns, and lawmakers again pressed on Wednesday for assessments on China and its efforts to steal American technology. Ms. Haines outlined how China uses technological might, economic influence and other levers of power to intimidate its neighbors.
“China is employing a comprehensive approach to demonstrate its growing strength and compel regional neighbors to acquiesce to Beijing’s preferences,” she told senators.
another recent intelligence report, on global trends, highlighted how the coronavirus pandemic and climate change, along with technological change, were testing “the resilience and adaptability” of society. The “looming disequilibrium,” she said, compels intelligence agencies to broaden their definition of national security.
But at least one lawmaker, Senator Richard M. Burr, Republican of North Carolina, also asked a more practical question: How many intelligence officers have received coronavirus vaccines?
Mr. Burns said 80 percent of the C.I.A. work force was fully vaccinated and another 10 percent have had their first shot. He said all C.I.A. officers serving overseas “have the vaccine available to them directly.”
Mr. Wray was unable to give an estimate of how many of his agents had received a shot, saying that the vaccination rates varied in field offices in different states. Ms. Haines said 86 percent of her work force had had at least one shot, with a “fair percentage” being fully vaccinated. General Nakasone also had no estimate but said a vaccination center had been set up at Fort Meade, Md., where the National Security Agency’s headquarters is.
Lawmakers have also been pressing intelligence agencies to help examine the problem of domestic extremism. Senator Mark Warner, Democrat of Virginia and the chairman of the intelligence committee, linked the rise of domestic extremism to the same trends promoting disinformation produced by Russia and others. And he said he wanted the intelligence chiefs to outline how they could help provide better warnings of potential violence like the Jan. 6 attack on the U.S. Capitol.
“go back to school.” Mr. Trump’s last director of national intelligence, John Ratcliffe, chose not to release a threat assessment or testify before Congress last year.
After revelations in 2013 by the former intelligence contractor Edward J. Snowden that set off a debate about government surveillance, American technology companies are wary of the appearance of sharing data with American intelligence agencies, even if that data is just warnings about malware. Google was stung by the revelation in the Snowden documents that the National Security Agency was intercepting data transmitted between its servers overseas. Several years later, under pressure from its employees, it ended its participation in Project Maven, a Pentagon effort to use artificial intelligence to make its drones more accurate.
Amazon, in contrast, has no such compunctions about sensitive government work: It runs the cloud server operations for the C.I.A. But when the Senate Intelligence Committee asked company officials to testify last month — alongside executives of FireEye, Microsoft and SolarWinds — about how the Russians exploited systems on American soil to launch their attacks, they declined to attend.
Companies say that before they share reporting on vulnerabilities, they would need strong legal liability protections.
The most politically palatable headquarters for such a clearinghouse — avoiding the legal and civil liberties concerns of using the National Security Agency — would be the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency. Mr. Gerstell described the idea as “automated computer sensors and artificial intelligence acting on information as it comes in and instantaneously spitting it back out.”
The department’s existing “Einstein” system, which is supposed to monitor intrusions and potential attacks on federal agencies, never saw the Russian attack underway — even though it hit nine federal departments and agencies. The F.B.I., lawmakers say, does not have broad monitoring capabilities, and its focus is divided across other forms of crime, counterterrorism and now domestic extremism threats.
“I don’t want the intelligence agencies spying on Americans, but that leaves the F.B.I. as the de facto domestic intelligence agency to deal with these kinds of attacks,” said Senator Angus King, a Maine independent, member of the Senate Intelligence Committee and co-chairman of the cyberspace commission. “I’m just not sure they’re set up for this.”
There are other hurdles. The process of getting a search warrant is too cumbersome for tracking nation-state cyberattacks, Mr. Gerstell said. “Someone’s got to be able to take that information from the N.S.A. and instantly go take a look at that computer,” he said. “But the F.B.I. needs a warrant to do that, and that takes time by which point the adversary has escaped.”