Category: Federal Bureau of Investigation FBI Crime News

Source: Federal Bureau of Investigation FBI Crime News

As prepared for delivery

Good morning, Chairman Green, Ranking Member Thompson, and members of the committee.

It’s been more than five weeks since Hamas terrorists carried out their brutal attacks against innocent Israelis, dozens of American citizens, and others from around the world, and our collective efforts remain on supporting our partners overseas and seeking the safe return of the hostages. But this hearing, focused on threats to our homeland, is well-timed given the dangerous implications the fluid situation in the Middle East has for our homeland security.

In a year when the terrorism threat was already elevated, the ongoing war in the Middle East has raised the threat of an attack against Americans in the United States to a whole other level.

Since October 7th, we’ve seen a rogue’s gallery of foreign terrorist organizations call for attacks against Americans and our allies. Hizballah expressed its support and praise for Hamas and threatened to attack U.S. interests in the Middle East. Al-Qaida issued its most specific call to attack the United States in the last five years. Al-Qaida in the Arabian Peninsula called on jihadists to attack Americans and Jewish people everywhere. ISIS urged its followers to target Jewish communities in the United States and Europe.

Given those calls for action, our most immediate concern is that individuals or small groups will draw twisted inspiration from the events in the Middle East to carry out attacks here at home. That includes homegrown violent extremists inspired by a foreign terrorist organization and domestic violent extremists targeting Jewish Americans or other faith communities, like Muslim Americans.

Across the country, the FBI has been aggressively countering violence by extremists citing the ongoing conflict as inspiration. In Houston, we arrested a man who’d been studying bomb-making and posted about killing Jewish people. Outside Chicago, we’ve got a federal hate crime investigation into the killing of a six-year-old Muslim boy. At Cornell University, we arrested a man who threatened to kill members of that university’s Jewish community. And in Los Angeles, we arrested a man for threatening the CEO and other members of the Anti-Defamation League. I could go on.

On top of the so-called “lone actor” threat, we cannot—and do not—discount the possibility that Hamas or another foreign terrorist organization may exploit the current conflict to conduct attacks here, on our own soil.

We’ve kept our sights on Hamas and have multiple investigations into individuals affiliated with that foreign terrorist organization. And while, historically, our Hamas cases have identified individuals located here who are facilitating and financing terrorism overseas, we continue to scrutinize our intelligence to assess how the threat may be evolving.

But it’s not just Hamas. As the world’s largest state sponsor of terrorism, the Iranians have directly, or by hiring criminals, mounted assassination attempts against dissidents and high-ranking current and former U.S. officials, including right here on American soil. Or take Hizballah, Iran’s primary strategic partner, which has a history of raising money and seeking to obtain weapons here in the United States. FBI arrests in recent years also indicate that Hizballah has tried to seed operatives, establish infrastructure, and engage in spying here domestically—raising our concern that they may be contingency planning for future operations in the United States.

And while we’re not currently tracking a specific plot, given that disturbing history, we’re keeping a close eye on what impact recent events may have on those terrorist groups’ intentions here in the United States, and how those intentions might evolve. 

Now, I want to be clear: While this is certainly a time for heightened vigilance, it is by no means a time to panic. Americans should continue to be alert and careful, but they shouldn’t stop going about their daily lives.

All across the country, the FBI’s men and women are working with urgency and purpose to confront the elevated threat. That means working closely with our federal, state, and local partners through our FBI-led Joint Terrorism Task Forces; taking an even-closer look at existing investigations and canvassing sources to increase awareness across the board; and doing all we can—working with our partners—to protect houses of worship here in the U.S.

Bottom line: We’re going to continue to do everything in our power to protect the American people and support our partners in Israel.

Protecting Americans from the threat of terrorism is and remains our number one priority. But as you all know, the range of threats we battle each and every day is enormous.

From cyber attacks, to economic espionage, to violent crime and narcotics trafficking—and everything in between—the problems we tackle are not getting any easier, but we’ve continued to work to outpace our adversaries. We disrupted over 40% more cyber operations last year and arrested over 60% more cybercriminals than the year before. We’ve got 2,000 active investigations across all 56 FBI field offices into China’s relentless efforts to steal our innovation and intellectual property. And over the past two years alone, we’ve seized enough fentanyl to kill 270 million people—that’s more than 80% of Americans.

Just this month, working with our partners, FBI Boston seized nearly 8 million doses of fentanyl- and methamphetamine-laced pills and powder, including nearly 20 pounds of fentanyl-laced pills pressed to look like heart-shaped candy. That’s one of the largest single seizures in New England history, and demonstrates the deadly reach of the cartels trafficking dangerous drugs to every corner of our nation.

I’m incredibly proud of the FBI’s 38,000 skilled and dedicated professionals who tackle all these complex challenges, and I think it’s our shared responsibility to make sure they’ve got the tools they need to keep us all safe. Indispensable in that toolkit against foreign adversaries are the FBI’s FISA 702 authorities.

I’m happy to talk about all the things the FBI has done over the past couple years to make sure we’re good stewards of our 702 authorities.

But I can tell you, it would be absolutely devastating if the next time an adversary like Iran or China launches a major cyberattack, we don’t see it coming because 702 was allowed to lapse. Or, with the fast-moving situation in the Middle East, imagine if a foreign terrorist organization overseas shifts intentions and directs an operative here who’d been contingency-planning to carry out an attack in our own backyard. And imagine if we’re not able to disrupt that threat because the FBI’s 702 authorities have been so watered-down.

I want to close by thanking you for your continued support of the FBI’s men and women who work tirelessly and selflessly to protect their fellow Americans.

Thank you for having me here today. I look forward to your questions.

Source: Federal Bureau of Investigation FBI Crime News

Statement for the Record

Good morning, Chairman Peters, Ranking Member Paul, and members of the Committee. Today, I am honored to be here, representing the people of the Federal Bureau of Investigation (“FBI”), who tackle some of the most complex and most grave threats we face every day with perseverance, professionalism, and integrity—sometimes at the greatest of costs. I am extremely proud of their service and commitment to the FBI’s mission and to ensuring the safety and security of communities throughout our nation. On their behalf, I would like to express my appreciation for the support you have given them in the past and ask for your continued support in the future.

Despite the many challenges our FBI workforce has faced, I am immensely proud of their dedication to protecting the American people and upholding the Constitution. Our country continues to face challenges, yet, through it all, the women and men of the FBI stand at the ready
to tackle those challenges. The list of diverse threats we face underscores the complexity and breadth of the FBI’s mission: to protect the American people and to uphold the Constitution of the United States. I am prepared to discuss with you what the FBI is doing to address these threats and what the FBI is doing to ensure our people adhere to the highest of standards while it conducts its mission.

Key Threats and Challenges

Our nation continues to face a multitude of serious and evolving threats ranging from homegrown violent extremists (“HVEs”) to hostile foreign intelligence services and operatives, from sophisticated cyber-based attacks to internet facilitated sexual exploitation of children, from violent gangs and criminal organizations to public corruption and corporate fraud. Keeping pace with these threats is a significant challenge for the FBI. As an organization, we must be able to stay current with constantly evolving technologies. Our adversaries take advantage of modern technology, including the internet and social media, to facilitate illegal activities, recruit followers, encourage terrorist attacks and other illicit actions, and disperse information on building improvised explosive devices and other means to attack the United States. The breadth of these threats and challenges are as complex as any time in our history. And the consequences of not responding to and countering threats and challenges have never been greater.

The FBI is establishing strong capabilities and capacities to assess threats, share intelligence, and leverage key technologies. We are hiring some of the best to serve as special agents, intelligence analysts, and professional staff. We have built, and are continuously enhancing, a workforce that possesses the skills and knowledge to deal with the complex threats and challenges we face today and tomorrow. We are building a leadership team that views change and transformation as a positive tool for keeping the FBI focused on the key threats facing our nation.

Today’s FBI is a national security and law enforcement organization that uses, collects, and shares intelligence in everything we do. Each FBI employee understands that, to defeat the key threats facing our nation, we must constantly strive to be more efficient and more effective. Just as our adversaries continue to evolve, so, too, must the FBI. We live in a time of persistent terrorist, nation-state, and criminal threats to our national security, our economy, and indeed our communities.

National Security

Terrorism Threats

As we saw earlier this month with the devastating attack in Israel, terrorist actors are still very intent on using violence and brutality to spread their ideologies. Protecting the American people from terrorism remains the FBI’s number one priority. The threat from terrorism is as persistent and complex as ever. We are in an environment where the threats from international terrorism, domestic terrorism, and state-sponsored terrorism are all simultaneously elevated.

The greatest terrorism threat to our homeland is posed by lone actors or small cells of individuals who typically radicalize to violence online, and who primarily use easily accessible weapons to attack soft targets. We see the lone offender threat with both domestic violent extremists (“DVEs”) and HVEs, two distinct threats, both of which are located primarily in the United States and typically radicalize and mobilize to violence on their own. DVEs are individuals based and operating primarily within the United States or its territories without direction or inspiration from a foreign terrorist group or other foreign power who seek to further political or social goals through unlawful acts of force or violence. In comparison, HVEs are individuals of any citizenship who have lived and/or operated primarily in the United States or its territories, who advocate, are engaged in, or are preparing to engage in ideologically motivated terrorist activities in furtherance of political or social objectives promoted by a foreign terrorist organization but are acting independently of direction by a foreign terrorist organization (“FTO”).

Domestic and homegrown violent extremists are often motivated and inspired by a mix of social or political, ideological, and personal grievances against their targets, and more recently have focused on accessible targets to include civilians, law enforcement and the military, symbols or members of the U.S. government, houses of worship, retail locations, and mass public gatherings. Lone actors present a particular challenge to law enforcement and intelligence agencies. These actors are difficult to identify, investigate, and disrupt before they take violent action, especially because of the insular nature of their radicalization and mobilization to violence and limited discussions with others regarding their plans.

The top domestic terrorism threat we face continues to be from DVEs we categorize as racially or ethnically motivated violent extremists (“RMVEs”) and anti-government or anti-authority violent extremists (“AGAAVEs”). The number of FBI domestic terrorism investigations has more than doubled since the spring of 2020. As of September 2023, the FBI was conducting approximately 2,700 investigations within the domestic terrorism program. As of September 2023, the FBI was also conducting approximately 4,000 investigations within its international terrorism program.

The FBI uses all tools available at its disposal to combat domestic terrorism. These efforts represent a critical part of the National Strategy for Countering Domestic Terrorism, which was released in June 2021. The strategy sets forth a comprehensive, whole-of-government approach to address the many facets of the domestic terrorism threat.

The FBI assesses HVEs as the greatest, most immediate international terrorism threat to the homeland. HVEs are people located and radicalized to violence primarily in the United States, who are not receiving individualized direction from FTOs but are inspired by FTOs, including the self-proclaimed Islamic State of Iraq and ash-Sham (“ISIS”) and al-Qaida and their affiliates, to commit violence. An HVE’s lack of a direct connection with an FTO, ability to rapidly mobilize without detection, and use of encrypted communications pose significant challenges to our ability to proactively identify and disrupt potential violent attacks.

While we work to assist our Israeli colleagues and understand the global implications of the ongoing conflict in Israel, we are paying heightened attention to how the events abroad could directly affect and inspire people to commit violence here in the homeland. Terrorist organizations worldwide, as well as individuals attracted to violence, have praised HAMAS’s horrific attack on Israeli civilians. We have seen violent extremists across ideologies seeking to target Jewish and Muslim people and institutions through physical assaults, bomb threats, and online calls for mass casualty attacks. Our top concern stems from lone offenders inspired by—or reacting to—the ongoing Israel-HAMAS conflict, as they pose the most likely threat to Americans, especially Jewish, Muslim, and Arab-American communities in the United States. We have seen an increase in reported threats to Jewish and Muslim people, institutions, and houses of worship here in the United States and are moving quickly to mitigate them.

As of right now, we have no information to indicate that HAMAS has the intent or capability to conduct operations inside the U.S., though we cannot, and do not, discount that possibility, but we are especially concerned about the possibility of HAMAS supporters engaging in violence on the group’s behalf. As always, we are concerned with any foreign terrorist organization who may exploit the attacks in Israel as a tool to mobilize their followers around the world. In recent years, there have been several events and incidents in the United States that were purportedly motivated, at least in part, by the conflict between Israel and HAMAS. These have included the targeting of individuals, houses of worship, and institutions associated with the Jewish and Muslim faiths with acts of physical assault, vandalism, or harassment. Antisemitism and anti-Islamic sentiment permeate many violent extremist ideologies and serves as a primary driver for attacks by a diverse set of violent extremists who pose a persistent threat to Jewish and Muslim communities and institutions in the United States and abroad. Foreign terrorist organizations have exploited previous conflicts between Israel and HAMAS via media outlets and online communications to call on their supporters located in the United States to conduct attacks. Some violent extremists have used times of heightened tensions to incite violence against religious minorities, targeting both Jewish and Muslim Americans.

The FBI remains concerned about the Taliban takeover of Afghanistan and that the intent of FTOs, such as ISIS and al-Qaida and their affiliates, is to carry out or inspire large-scale attacks in the United States.

Despite its loss of physical territory in Iraq and Syria, ISIS remains relentless in its campaign of violence against the United States and our partners—both here at home and overseas. ISIS and its supporters continue to aggressively promote its hate-fueled rhetoric and attract like-minded violent extremists with a willingness to conduct attacks against the United States and our interests abroad. ISIS’s successful use of social media and messaging applications to attract individuals is of continued concern to us. Like other foreign terrorist groups, ISIS advocates for lone offender attacks in the United States and Western countries via videos and other English language propaganda that have specifically advocated for attacks against civilians, the military, law enforcement and intelligence community personnel.

Al-Qaida also maintains its desire to conduct and to inspire large-scale attacks. Because continued pressure has degraded some of the group’s senior leadership, we assess that, in the near term, al-Qaida is more likely to continue to focus on cultivating its international affiliates and supporting small-scale, readily achievable attacks in regions such as East and West Africa. Nevertheless, propaganda from al-Qaida leaders continues to seek individuals inspired to conduct their own attacks in the United States and other Western nations.

Iran and its global proxies and partners, including Iraqi Shia militant groups, attack and plot against the United States and our allies throughout the Middle East. Iran’s Islamic Revolutionary Guard Corps-Qods Force (“IRGC-QF”) has too provided support to militant
resistance groups and terrorist organizations. And Iran has supported Lebanese Hizballah and other terrorist groups. Hizballah has sent operatives to build terrorist infrastructures worldwide. The arrests of individuals in the United States allegedly linked to Hizballah’s main overseas terrorist arm, and their intelligence-collection and -procurement efforts, demonstrate Hizballah’s interest in long-term contingency planning activities here in the homeland. Hizballah Secretary-General Hassan Nasrallah also has threatened retaliation for the death of IRGC-QF Commander Qassem Soleimani. This willingness to seek retaliation against the United States was reflected in charges the Department brought in 2022 against a member of the IRGC, working on behalf of the Qods Force, who was plotting to murder a former national security advisor.

While the terrorism threat continues to evolve, the FBI’s resolve to counter that threat remains constant. We continually adapt and rely heavily on the strength of our federal, state, local, tribal, territorial, and international partnerships to combat all terrorist threats to the United States and our interests. To that end, we use all available lawful investigative techniques and methods to combat these threats while continuing to collect, analyze, and share intelligence concerning the threats posed by violent extremists who desire to harm Americans and U.S. interests. We will continue to share information and encourage the sharing of information among our numerous partners via our Joint Terrorism Task Forces across the country, and our legal attaché offices around the world.

In addition to fighting terrorism, countering the proliferation of weapons-of-mass-destruction materials, technologies, and expertise, preventing their use by any actor, and securing nuclear and radioactive materials of concern are also top national security priority missions for the FBI. The FBI considers preventing, mitigating, investigating, and responding to weapons of mass destruction (“WMD”) terrorism a “no-fail” mission because a WMD attack could result in substantial injuries, illness, or loss of lives, while yielding significant social, economic, political, and other national security consequences. In collaboration with federal, state, local, tribal, territorial, and other partners, the FBI integrates complementary efforts to counter WMD terrorism. An example of this collaboration is the FBI-led Weapons of Mass Destruction Strategic Group. This interagency crisis action team spans more than 15 departments and agencies to coordinate the federal government’s response to WMD threats and incidents. Alongside the FBI, the Department of Homeland Security maintains the largest footprint on the strategic group.

Cyber

Cybercriminal syndicates and nation-states continue to innovate, using unique techniques to compromise our networks and maximize the reach and impact of their operations. Those techniques include selling malware as a service or targeting vendors to access scores of victims by hacking just one provider.

These criminals and nation-states believe that they can compromise our networks, steal our property, extort us, and hold our critical infrastructure at risk without incurring any risk themselves. In the last few years, we have seen the People’s Republic of China (“PRC”), the
Democratic People’s Republic of Korea (“DPRK”), and Russia use cyber operations to target U.S. research. We have seen the PRC working to obtain controlled dual-use technology, while developing an arsenal of advanced cyber capabilities that could be used against other countries in the event of a real-world conflict. And we have seen the disruptive impact a serious supply-chain compromise can have through the SolarWinds-related intrusions, conducted by the Russian Foreign Intelligence Service. As these adversaries become more sophisticated, we are increasingly concerned about our ability to detect specific cyber operations against U.S. organizations. One of the most worrisome facets is their focus on compromising U.S. critical infrastructure, especially during a crisis.

Making things more difficult, there is often no bright line that separates where nation-state activity ends and cybercriminal activity begins. Some cybercriminals contract or sell services to nation-states; some nation-state actors moonlight as cybercriminals to fund personal activities; and nation-states are increasingly using tools typically used by criminal actors, such as ransomware.

So, as dangerous as nation-states are, we do not have the luxury of focusing on them alone. In the past year, we also have seen cybercriminals target hospitals, medical centers, educational institutions, and other critical infrastructure for theft or ransomware, causing massive
disruption to our daily lives. Incidents affecting medical centers have led to the interruption of computer networks and systems that put patients’ lives at an increased risk.

We have also seen the rise of an ecosystem of services dedicated to supporting cybercrime in exchange for cryptocurrency. Criminals now have new tools to engage in destructive behavior—for example, deploying ransomware to paralyze entire hospitals, police departments, and businesses—as well as new means to better conceal their tracks. It is not that individual malicious cyber actors have necessarily become much more sophisticated, but that they can now more easily rent sophisticated capabilities.

We must make it harder and more painful for malicious cyber actors and criminals to carry on their malicious activities. Using its role as the lead federal agency for threat response, the FBI works seamlessly with domestic and international partners to defend their networks, attribute malicious activity, sanction bad behavior, and take the fight to our adversaries overseas. We must impose consequences on cyber adversaries, and use our collective law enforcement and intelligence capabilities to do so through joint and enabled operations sequenced for maximum impact. And we must continue to work with the Department of State and other key agencies to ensure that our foreign partners are able and willing to cooperate in our efforts to disrupt perpetrators of cybercrime.

An example of this approach is the coordinated international operation announced in April 2023 against Genesis Market, a criminal online marketplace offering access to data stolen from over 1.5 million compromised computers around the world containing over 80 million account access credentials. Genesis Market was also a prolific initial access broker in the cybercrime world, providing criminals a user-friendly database to search for stolen credentials and more easily infiltrate victims’ computers and accounts. As part of this operation, law enforcement seized 11 domain names used to support Genesis Market’s infrastructure pursuant to a warrant authorized by the U.S. District Court for the Eastern District of Wisconsin. A total of 22 international agencies and 44 FBI field offices worked with the FBI Milwaukee Field Office investigating the case. And on April 5, the U.S. Department of the Treasury announced sanctions against Genesis Market.

In total, along with our colleagues at the Department of Justice (“DOJ”), we took over 1,000 actions against cyber adversaries in 2022, including arrests, criminal charges, convictions, dismantlements, and disruptions. We enabled many more actions through our dedicated partnerships with the private sector, with foreign partners, and with federal, state, and local entities. We also provided thousands of individualized threat warnings and disseminated 70 public threat advisories by way of Joint Cybersecurity Advisories, FBI Liaison Alert System (“FLASH”) reports, Private Industry Notifications (“PINs”), and Public Service Announcements (“PSAs”)—many of which were jointly authored with other U.S. agencies and international partners.

Along with our partners in the interagency, the FBI has devoted significant energy and resources to partnerships with the private sector. We are working hard to push important threat information to network defenders, but we have also been making it as easy as possible for the private sector to share important information with us. For example, we are emphasizing to the private sector how we keep our presence unobtrusive in the wake of an incident, as well as how we protect identities and other information that the private sector shares with us. We are still committed to providing useful feedback and improving coordination with our government partners so that we are speaking with one voice. But, we need the private sector to do its part, too. We need the private sector to come forward to warn us and our partners when they see malicious cyber activity. We also need the private sector to work with us when we warn them that they are being targeted. Significant cyber incidents—SolarWinds, Cyclops Blink, the Colonial pipeline incident—only emphasize what we have been saying for a long time: the government cannot protect against cyber threats on its own. We need a whole-of-society approach that matches the scope of the danger. There is no other option for defending a country where nearly all of our critical infrastructure, personal data, intellectual property, and network infrastructure sits in private hands.

In summary, the FBI is engaged in myriad efforts to combat cyber threats, from improving threat identification and information sharing inside and outside of the government to developing and retaining new talent, to examining the way we operate to disrupt and defeat these threats. We take all potential threats to public and private sector systems seriously, and will continue to investigate and hold accountable those who pose a threat in cyberspace.

Foreign Intelligence Threats

Top Threats

Nations such as the PRC, Russia, and Iran are becoming more aggressive and more capable than ever before. These nations seek to undermine our core democratic, economic, and scientific institutions, and they employ a growing range of tactics. Defending American institutions and values against these threats is a national security imperative and a priority for the FBI.

With that, the greatest long-term threat to our nation’s ideas, innovation, and economic security is the foreign intelligence and economic espionage threat from the PRC. By extension, it is also a threat to our national security. The PRC government aspires to reshape the international rules-based system to its benefit. Often, with little regard for international norms and laws.

When it comes to economic espionage, the PRC uses every means at its disposal, blending cyber, human intelligence, diplomacy, corporate transactions, and other pressure on U.S. companies operating in the PRC, to steal our companies’ innovations. These efforts are consistent with the PRC government’s expressed goals to become an international power, modernize its military, and create innovation-driven economic growth.

To pursue this goal, the PRC uses human intelligence officers, co-optees, and corrupt corporate insiders, as well as sophisticated cyber intrusions, pressure on U.S. companies in China, shell-game corporate transactions, and joint-venture “partnerships” that are anything but a true partnership. There is nothing traditional about the scale of their theft. It is unprecedented. American workers and companies are facing a greater, more complex danger than they have dealt with before. Stolen innovation means stolen jobs, stolen opportunities for American workers, and stolen national power.

National Counterintelligence Task Force (“NCITF”)

As the lead U.S. counterintelligence agency, the FBI is responsible for detecting and lawfully countering the actions of foreign intelligence services and organizations as they seek to adversely affect U.S. national interests. Recognizing the need to coordinate similar efforts across agencies, the FBI established the NCITF in 2019 to create a whole-of-government approach to counterintelligence. The FBI established this national-level task force in the National Capital Region to coordinate, facilitate, and focus these multi-agency counterintelligence operations, and to programmatically support local Counterintelligence Task Force (“CITF”) operations. Combining the authorities and operational capabilities of the U.S. Intelligence Community, non-Title-50 departments and agencies, law enforcement agencies around the country, and local CITFs in each FBI field office, the NCITF coordinates and leads whole-of-government efforts to defeat hostile intelligence activities targeting the United States.

The Department of Defense (“DOD”) has been a key partner in the NCITF since its founding. While the FBI has had long-term collaborative relationships with DOD entities such as the Air Force Office of Special Investigations, Naval Criminal Investigative Service, and
Army Counterintelligence, the NCITF has allowed us to enhance our collaboration for greater impact. We plan to emphasize this whole-of-government approach as a powerful formula to mitigate the modern counterintelligence threat.

Transnational Repression and Other Counterintelligence Threats

In recent years, we have seen a rise in efforts by authoritarian regimes to interfere with freedom of expression and punish dissidents abroad. These acts of repression cross national borders, often reaching into the United States. Governments such as the PRC, the Russian Federation, and the Government of Iran stalk, intimidate, and harass ex-patriots or dissidents who speak against the regime from the United States.

Transnational repression can occur in different forms, including assaults and attempted kidnapping. Governments use transnational repression tactics to silence the voices of their citizens, U.S. residents, or others living abroad who are critical of their regimes. This sort of repressive behavior is antithetical to our values. People from all over the world are drawn to the United States by the promise of living in a free and open society that adheres to the rule of law.

To ensure that this promise remains a reality, we must continue to use all of our tools to block authoritarian regimes that seek to extend their tactics of repression beyond their shores.

In addition, our nation is confronting multifaceted foreign threats seeking both to influence our national policies and public opinion and to harm our national dialogue and debate. The FBI and our interagency partners remain focused on foreign malign influence operations, including subversive, undeclared, coercive, and criminal actions used by foreign governments in their attempts to sway U.S. citizens’ preferences and perspectives, shift U.S. policies, increase discord in the United States, and undermine the American people’s confidence in our democratic institutions and processes.

Foreign malign influence is not a new problem, but the interconnectedness of the modern world, combined with the anonymity of the internet, have changed the nature of the threat. The FBI is the lead federal agency responsible for investigating foreign malign influence threats. Several years ago, we established the Foreign Influence Task Force (“FITF”) to identify and counteract foreign malign influence operations targeting the United States. The FITF is led by our Counterintelligence Division, and comprises agents, analysts, and professional staff from the Counterintelligence, Cyber, Counterterrorism, and Criminal Investigative divisions. It is specifically charged with identifying and combating foreign malign influence operations targeting democratic institutions inside the United States.

The domestic counterintelligence environment is more complex than ever. We face a persistent and pervasive national security threat from foreign adversaries, particularly the governments of China and Russia, and Iran, who conduct sophisticated intelligence operations using coercion, subversion, malign influence, cyber and economic espionage, traditional spying, and non-traditional human intelligence collection. Together, they pose a continuous threat to U.S. national security and our economy by targeting strategic technologies, industries, sectors, and critical infrastructure. Historically, these asymmetric national security threats involved foreign intelligence service officers seeking U.S. government and U.S. Intelligence Community information. Now, however, the FBI has observed foreign adversaries employing a wide range of nontraditional collection techniques, including the use of human collectors not affiliated with intelligence services, foreign investment in critical U.S. sectors, and infiltration of U.S. supply chains. The FBI continues to adjust our counterintelligence priorities to address this evolution.

Criminal Threats

The United States faces many criminal threats, including financial and health care fraud, transnational and regional organized criminal enterprises, crimes against children and human trafficking, violent threats against election personnel, and public corruption. Criminal organizations—domestic and international—and individual criminal activity represent a significant threat to security and safety in communities across the nation.

Violent Crime

Violent crimes and gang activities exact a high toll on individuals and communities. Many of today’s gangs are sophisticated and well organized. They use violence to control neighborhoods and boost their illegal money-making activities, which include robbery, human trafficking, drug and gun trafficking, fraud, extortion, and prostitution rings. These gangs do not limit their illegal activities to single jurisdictions or communities. The FBI is vital to this fight in big cities and small towns throughout the nation because we are able to cross jurisdictions and investigate wherever the evidence leads.

Every day, FBI special agents partner with federal, state, local, territorial, and tribal officers and deputies on joint task forces and on individual investigations. FBI joint task forces—Violent Crime Safe Streets, Violent Gang Safe Streets, and Safe Trails—focus on identifying and targeting major groups operating as criminal enterprises. Much of the FBI criminal intelligence is derived from our state, local, territorial, and tribal law enforcement partners, who know their communities inside and out. Joint task forces benefit from FBI surveillance assets, and our sources track these gangs to identify emerging trends. Through these multi-subject and multi-jurisdictional investigations, the FBI concentrates its efforts on high-level groups engaged in criminal conspiracies and patterns of racketeering. This investigative model enables us to target senior gang leadership and develop enterprise-based prosecutions.

By way of example, the FBI has dedicated tremendous resources to combat the threat of violence posed by MS-13. The atypical nature of this gang has required a multi-pronged approach. We work through our task forces here in the United States, while simultaneously gathering intelligence and aiding our international law enforcement partners. We do this through the FBI’s Transnational Anti-Gang Task Forces. Established in El Salvador in 2007 through the FBI’s National Gang Task Force, Legal Attaché San Salvador, and the United States Department of State, each Anti-Gang Task Force is responsible for the investigation of, primarily, MS-13 operations in the northern triangle of Central America and the United States. This program combines the expertise, resources, and jurisdiction of participating agencies to investigate and counter transnational criminal gang activity in Central America and the United States. There are now Transnational Anti-Gang Task Forces in El Salvador, Guatemala, and Honduras. Through these combined efforts, the FBI has achieved substantial success in countering the MS-13 threat across Central America and the United States.

Transnational Organized Crime (“TOC”)

More than a decade ago, organized crime was characterized by hierarchical organizations, or families, that exerted influence over criminal activities in neighborhoods, cities, or states. But organized crime has changed dramatically. Today, international criminal enterprises run multinational, multibillion-dollar schemes from start to finish. Modern-day criminal enterprises are flat, fluid networks with global reach. While still engaged in many of the “traditional” organized crime activities of loan-sharking, extortion, and murder, modern criminal enterprises are also involved in trafficking counterfeit prescription drugs containing fentanyl, targeting stock market fraud and manipulation, cyber-facilitated bank fraud and embezzlement, illicit drug trafficking, identity theft, human trafficking, money laundering, alien smuggling, public corruption, weapons trafficking, kidnapping, and other illegal activities.

TOC networks exploit legitimate institutions for critical financial and business services that enable the storage or transfer of illicit proceeds. Preventing and combating transnational organized crime demands a concentrated effort by the FBI and federal, state, local, tribal, territorial, and international partners.

As part of our efforts to combat the TOC threat, the FBI is focused on the cartels trafficking narcotics across our border. The FBI has 328 pending investigations linked to cartel leadership, and 78 of those investigations are along the southern border. Additionally, the FBI actively participates in 17 Organized Crime Drug Enforcement Task Forces (“OCDETF”) across the United States, investigating major drug trafficking, money laundering, and other high-priority transnational organized crime networks. On top of that, we are pursuing health care fraud investigations against medical professionals and pill mills through our prescription drug initiative, investigating the gangs and criminal groups responsible for distributing substances like fentanyl through our Safe Streets Task Forces, and disrupting and dismantling darknet marketplaces that facilitate the sale of counterfeit prescription opioids and other illicit drugs through our Joint Criminal Opioid Darknet Enforcement team.

While the FBI continues to share intelligence about criminal groups with our partners and combines resources and expertise to gain a full understanding of each group, the threat of transnational crime remains a significant and growing threat to national and international security with implications for public safety, public health, democratic institutions, and economic stability across the globe. TOC groups increasingly exploit jurisdictional boundaries to conduct their criminal activities overseas. Furthermore, they are diversifying their use of the darknet and emerging technologies to engage in illegal activity, such as trafficking illicit drugs and contraband across international borders and into the United States.

Crimes Against Children and Human Trafficking

Every year, thousands of children become victims of crimes, whether it is through kidnappings, violent attacks, sexual abuse, human trafficking, or online predators. The FBI is uniquely positioned to provide a rapid, proactive, and comprehensive response. We help identify, locate, and recover child victims. Our strong relationships with federal, state, local, territorial, tribal, and international law enforcement partners also help to identify, prioritize, investigate, and deter individuals and criminal networks from exploiting children.

But the FBI’s ability to learn about and investigate child sexual exploitation is being threatened by the proliferation of sites on the darknet. For example, currently, there are at least 30 child sexual abuse material sites operating openly and notoriously on the darknet. Some of these exploitative sites are exclusively dedicated to the sexual abuse of infants and toddlers. The sites often expand rapidly, with one site obtaining as many as 200,000 new members within its first few weeks of operation.

Another growing area of concern involving the sexual exploitation of children is the explosion in incidents of children and teens being coerced into sending explicit images online and extorted for money. Known as financial sextortion, in 2022, law enforcement received over 13,000 reports of this type of crime, resulting in at least 12,600 victims here and abroad, and more than 20 suicides. A large percentage of these sextortion schemes originate outside the United States, primarily in West African countries such as Nigeria and Ivory Coast. The FBI continues to collaborate with other law enforcement partners and the National Center for Missing and Exploited Children to mitigate this criminal activity and provide the public with informational alerts and victim resources regarding these crimes.

The FBI has several programs in place to arrest child predators and to recover missing and endangered children. To this end, the FBI funds or participates in a variety of endeavors, including our Innocence Lost National Initiative, Innocent Images National Initiative, Operation Cross Country, Child Abduction Rapid Deployment Team, Victim Services, over 80 Child Exploitation and Human Trafficking Task Forces, over 74 International Violent Crimes Against Children Task Force officers, as well as numerous community outreach programs to educate parents and children about safety measures they can follow. Through improved communications, the FBI is able to collaborate with partners throughout the world quickly, playing an integral role in crime prevention.

The Child Abduction Rapid Deployment Team is a rapid-response team with experienced investigators strategically located across the country to quickly respond to child abductions. Investigators provide a full array of investigative and technical resources during the most critical time following the abduction of a child, such as the collection and analysis of DNA, impression, and trace evidence, the processing of digital forensic evidence, and interviewing expertise.

The FBI also focuses efforts to stop human trafficking of both children and adults. The FBI works collaboratively with law enforcement partners to disrupt all forms of human trafficking through Human Trafficking Task Forces nationwide. One way the FBI combats this pernicious crime problem is through investigations such as Operation Cross Country. Over a two-week period in 2023, the FBI, along with other federal, state, local, and tribal partners, executed approximately 350 operations to recover survivors of human trafficking and disrupt traffickers. These operations identified and located 59 minor victims of child sex trafficking, child sexual exploitation, or related state offenses and located 59 actively missing children. Furthermore, the FBI and its partners located 141 adults who were identified as potential victims of sexual exploitation, human trafficking, or related state offenses. In addition to identifying and recovering missing children and potential victims, the law enforcement activity conducted during Operation Cross Country led to the identification or arrest of 126 suspects implicated in potential child sexual exploitation, human trafficking, or related state or federal offenses.

Although many victims of human trafficking recovered by the FBI are adult U.S. citizens, the FBI and its partners recognize that foreign nationals, children, and other vulnerable populations are disproportionately harmed by both sex and labor trafficking. We take a victim-centered, trauma-informed approach to investigating these cases and strive to ensure the needs of victims are fully addressed at all stages. To accomplish this, the FBI works in conjunction with other law enforcement agencies and victim specialists on the federal, state, local, and tribal levels, as well as with a variety of vetted non-governmental organizations. Even after the arrest and conviction of human traffickers, the FBI often continues to work with partner agencies and organizations to assist victims and survivors in moving beyond their exploitation.

Reauthorization of Section 702 of the Foreign Intelligence Surveillance Act

Before closing, I would be remiss if I did not underscore an urgent legislative matter directly relevant to our discussion today. As the committee knows, at the end of December, Section 702 and other provisions of the Foreign Intelligence Surveillance Act (FISA) will expire unless renewed.

Loss of this vital provision, or its reauthorization in a narrowed form, would raise profound risks. For the FBI in particular, either outcome could mean substantially impairing, or in some cases entirely eliminating, our ability to find and disrupt many of the most serious security threats I described earlier in my statement.

I am especially concerned about one frequently discussed proposal, which would require the government to obtain a warrant or court order from a judge before personnel could conduct a “U.S. person query” of information previously obtained through use of Section 702. A warrant requirement would amount to a de facto ban, because query applications either would not meet the legal standard to win court approval; or because, when the standard could be met, it would be so only after the expenditure of scarce resources, the submission and review of a lengthy legal filing, and the passage of significant time—which, in the world of rapidly evolving threats, the government often does not have. That would be a significant blow to the FBI, which relies on this longstanding, lawful capability afforded by Section 702 to rapidly uncover previously hidden threats and connections, and to take swift steps to protect the homeland when needed.

To be sure, no one more deeply shares Members’ concerns regarding past FBI compliance violations related to FISA, including the rules for querying Section 702 collection using U.S. person identifiers, than I do. These violations never should have happened and preventing recurrence is a matter of utmost priority. The FBI took these episodes seriously and responded rigorously, already yielding significant results in dramatically reducing the number of “U.S. person queries” by the FBI of the Section 702 database and in substantially improving its compliance rate. Moreover, as we publicly announced in June, the FBI is implementing further measures both to keep improving our compliance and to hold our personnel accountable for misuse of Section 702 and other FISA provisions, including through an escalating scheme for employee accountability, including discipline and culminating in possible dismissal.

Together with other leaders of the Intelligence Community and the Department of Justice, I remain committed to working with this committee and others in Congress, on potential reforms to Section 702 that would not diminish its critical intelligence value. There are many options for meaningfully enhancing privacy, oversight, and accountability, while fully preserving Section 702’s efficacy. Doing that will be critical to fulfilling the FBI’s continuing mission of identifying and stopping national security threats within the U.S. homeland.

Conclusion

The strength of any organization is its people. The threats we face as a Nation have never been greater or more diverse, and the expectations placed on the FBI have never been higher. Our fellow citizens look to the FBI to protect the United States from those threats, and, every day, the men and women of the FBI continue to meet and exceed those expectations. I want to thank them for their dedicated service.

Chairman Peters, Ranking Member Paul, and members of the Committee, thank you for the opportunity to testify today. I am happy to answer your questions.

Source: Federal Bureau of Investigation FBI Crime News

Good morning, Chairman Peters, Ranking Member Paul, and members of the committee.

Discussions about the most-pressing national security threats and what we’re doing to tackle them are always important, but this year’s hearing is especially well-timed given the dangerous implications the very fluid situation in the Middle East has for our homeland security.The reality is that the terrorism threat has been elevated throughout 2023, but the ongoing war in the Middle East has raised the threat of an attack against Americans in the United States to a whole other level.

Since the horrific terrorist attacks committed by Hamas against innocent people in Israel a few weeks ago, we’ve been working around the clock to support our partners there and to protect Americans here at home.

We assess that the actions of Hamas and its allies will serve as an inspiration the likes of which we haven’t seen since ISIS launched its so-called caliphate years ago. In just the past few weeks, multiple foreign terrorist organizations have called for attacks against Americans and the West. Al-Qaeda issued its most specific call to attack the United States in the last five years. ISIS urged its followers to target Jewish communities in the United States and Europe. Hizballah has publicly expressed its support for Hamas and threatened to attack U.S. interests in the Middle East. And we’ve seen an increase in attacks on U.S. military bases overseas carried out by militia groups backed by Iran.

Here in the United States, our most immediate concern is that violent extremists—individuals or small groups—will draw inspiration from the events in the Middle East to carry out attacks against Americans going about their daily lives. That includes not just homegrown violent extremists inspired by a foreign terrorist organization but also domestic violent extremists targeting Jewish or Muslim communities. We’ve seen that already with the individual we arrested last week in Houston, who’d been studying how to build bombs and posted online about his support for killing Jews. And with the tragic killing of a 6-year-old Muslim boy in Illinois in what we’re investigating as a federal hate crime.

But as I said a few moments ago, on top of the HVE and DVE threat, we also cannot—and do not—discount the possibility that Hamas or another foreign terrorist organization may exploit the current conflict to conduct attacks here on our own soil. We’ve kept our sights on Hamas and have multiple ongoing investigations into individuals affiliated with that foreign terrorist organization.

And while historically our Hamas cases have identified individuals located here who are facilitating and financing Hamas’ terrorism overseas, we’re continuing to scrutinize our intelligence to assess how the threat may be evolving. But it’s not just Hamas.

As the world’s largest state-sponsor of terrorism, the Iranians, for instance, have directly, or by hiring criminals, mounted assassination attempts against dissidents and high-ranking current and former U.S. government officials, including right here on American soil. And, along those lines, Hizballah, Iran’s primary strategic partner, has a history of seeding operatives and infrastructure, obtaining money and weapons, and spying in this country going back years.

Given that disturbing history, we’re keeping a close eye on what impact recent events may have on those groups’ intentions here in the United States and how those intentions might evolve. For example, the cyber targeting of American interests and critical infrastructure that we already see—conducted by Iran and non-state actors alike—will likely get worse if the conflict expands, as will the threat of kinetic attacks.

But across the country, in each and every one of the FBI’s 56 field offices, we’re addressing these threats with a sense of urgency. That means working closely with our federal, state, and local partners through our FBI-led Joint Terrorism Task Forces, to ensure that together, we stay laser-focused on mitigating threats. Taking an even closer look at existing investigations and canvassing our sources to improve our intelligence and then sharing that information with our partners. And doing all we can—working with our partners—to protect all houses of worship and people of all faiths here in the U.S.

Bottom line, we will continue to do everything in our power to protect the American people and support our partners in Israel.

Protecting Americans from the threat of terrorism is and remains our number one priority. But as you all know, the range of threats we battle each and every day is enormous. From cyber attacks, to economic espionage, to violent crime and narcotics trafficking—and everything in between. And none of the problems we tackle are getting any easier.

But we’ve continued to work to outpace our adversaries by disrupting over 40% more cyber operations last year and arresting over 60% more cyber criminals than the year before. We’re aggressively working to protect America’s economic security from China’s relentless efforts to steal our innovation and intellectual property, with around 2,000 active investigations across all 56 FBI field offices.

And over the past two years, we’ve seized enough fentanyl to kill 270 million people—that’s more than 80% of Americans. I’m incredibly proud of the FBI’s 38,000 skilled and dedicated employees who tackle these complex challenges to protect their fellow Americans.

Which leads me to my final point—I think it’s our responsibility to make sure that the FBI’s men and women have the tools they need to keep us all safe. And indispensable in that toolkit against foreign adversaries are the FBI’s FISA 702 authorities.

It would be absolutely devastating if the next time an adversary like Iran or China launches a major cyberattack, we don’t see it coming because 702, one of our most important tools, was allowed to lapse. Or with everything going on in the world, imagine if a foreign terrorist overseas directs an operative to carry out an attack in our own backyard, but we’re not able to disrupt it because the FBI’s authorities have been so watered down. So I’m happy to talk more about all the things the FBI has done to make sure we are good stewards of our vital 702 authorities.

But I want to close by thanking you again for having me here today, and I’m happy to answer any questions you have.

Source: Federal Bureau of Investigation FBI Crime News

New Zealand Security Innovation Service Director-General of Security and Chief Executive Andrew Hampton said the coalition members have a common desire to use partnerships to tackle the threat—whether that looks like their governments exchanging threat intelligence or means trading notes with private-sector innovators to increase mutual understanding and collectively brainstorm threat response.

“For us, the key thing is awareness: Having your eyes open and being able to share that best practice to manage the threat,” Hampton said.

Canadian Security Intelligence Service Director David Vigneault echoed this dedication to using teamwork to protect innovation.

“What we are trying to do here … is to take the knowledge and the awareness that we have and bring it to you in your own respective way as experts working with government to find the right frameworks so that we can enable that openness, transparency and innovation, but at the same time, do it in a way that, you know, will protect what is important for us: freedom, democracy, [and], you know, freedom from interference and coercion, as well,” he said.

MI5 Director Ken McCallum concurred.

“The stakes are now incredibly high on emerging technologies; states which lead the way in areas like artificial intelligence, quantum computing, and synthetic biology will have the power to shape all our futures,” he said. ”We all need to be aware, and respond, before it’s too late.”

The outlook for this kind of teamwork seems to be bright. During pre-summit meetings, Wray said he’s observed that businesses are more open than ever to learning how to immunize themselves against the threat of innovation theft. Whereas private sector players once needed to be sold on the existence of a threat in the first place, he explained, they’re now hungry to learn how they and the FBI can fight back together.

“We’re arming the private sector with information that enables them to take better steps to protect themselves, and so, in that sense, we’re tapping into an alignment of interests,” Wray said.

From there, he noted, businesses can decide whether or not to act on that intelligence. In any case, the shared information can help companies stop intellectual property theft and strengthen their cyber defenses.

Source: Federal Bureau of Investigation FBI Crime News

Thanks, John.

It’s great to be here surrounded by so many friends and close partners. 

This is my seventh year participating in the IACP Annual Conference, and it strikes me that, in many ways, our partnerships are stronger today than ever before.

And I feel sure this is what Chief Webber Seavey had in mind back in 1893 when he called the first meeting of what was then the National Police Chiefs Union. 

That year, 51 chiefs met in Chicago to look for better ways to fight crime across the country by working together.

It’s in that spirit of cooperation that IACP and the FBI formed such a close bond, going all the way back to the Bureau’s creation in 1908.

It’s a partnership that’s been instrumental to both organizations, and one that remains close today—115 years later. 

The reason our relationships are so strong—both between IACP and the FBI and among the agencies we represent—is because we share the same values and commitment to working tirelessly and selflessly to protect our fellow citizens. Through our partnerships, we’re constantly looking for better ways to fulfill our critical, shared mission and protect the ones we serve. But we’re not just bound by a common mission; we also face similar challenges that bring us even closer together, whether it’s the budget constraints we all confront from time to time, the recruiting challenges so many state and local departments continue to deal with, or the recent attacks on our institutions and, worse, our people. 

Although the challenges we face may take different forms, in today’s world, no agency or department is immune. In that, too, there’s no doubt we’re all in this together. And I’m confident that through the partnerships we’ve built over decades—relationships that are stronger now than ever—we can tackle any threat and overcome any challenge when we work together. 
 
Israel Conflict 
Before I get into some of the specific ways we’re doing that work together, I want to take a moment to offer my heartfelt condolences to the people of Israel, and share the outrage I know we all feel at the sheer brutality and disregard for innocent lives there.

History has been witness to antisemitic and other forms of violent extremism for far too long. Whether that be from foreign terrorist organizations, or those inspired by them, or domestic violent extremists motivated by their own racial animus, the targeting of a community because of their faith is completely unacceptable.  

We remain committed to continue confronting those threats—both here in the United States and overseas. 

In this heightened environment, there’s no question we’re seeing an increase in reported threats, and we have to be on the lookout, especially for lone actors who may take inspiration from recent events to commit violence of their own. 

And I’d encourage you to stay vigilant, because as the first line of defense in protecting our communities, you’re often the first to see the signs that someone may be mobilizing to violence. And I’d also ask you to continue sharing any intelligence or observations you may have.

On our end, we’re committed to doing the same, so that together, we can safeguard our communities.  
 
Partnerships on Crime: Surging Federal Resources 
That’s something we have a long and successful history of doing together. 

And there’s no threat where that collaboration is more important than violent crime, a topic that remains front and center in the discussions I have with all of you when I travel around the country. 

Like you, we’ve been laser focused on combatting the violence that’s infecting so many of our communities, and we’re committed to continuing to work alongside you in that fight. In what we’ve seen as a terrible rise in violent crime over the past few years, we’ve strategically surged resources to communities that have been hit particularly hard.  

One way we’ve done that is by deploying FBI agents to help state agencies clear out their backlogs. For instance, we sent agents to Tucson in July to reduce the number of old state warrants and work side-by-side with state police to take criminals off the street and seize their firearms.

That took us about six months from planning to deployment to wrapping everything up and resulted in more than 70 arrests. And we plan to repeat that model soon in other cities and to get even faster. 

We’ve also pushed resources to double down on joint efforts that have proven successful in the past. Take Houston as an example—together, we built on what was already great work at the Texas Anti-Gang Center, a place where FBI agents and task force officers are within arm’s reach of their counterparts from the Houston Police Department, Harris County Sheriff’s Office, Texas Department of Public Safety, HSI, ATF, the U.S. Marshals Service, and DEA—all in the same physical facility.

Starting a year ago, the Bureau surged additional agents, analysts, and forensic experts to Houston as part of a violence-reduction initiative. And what was key in Houston is we had prosecutors on board who were ready, willing, and able to bring significant racketeering charges to put the criminals terrorizing communities away for a long time.

We quickly made arrests and brought indictments against the 100% Third Ward Gang—and that went along with a number of other law enforcement initiatives, including positive community engagements. By February, the Houston Police Department reported a drop of more than 10% in overall crime in just fivw months.

But we’re not just focused on big cities—last month, we began surging resources to tribal areas, sending special agents, intelligence analysts, and victim specialists to focus specifically on crimes affecting Native American women and children. And those efforts are already starting to bear fruit. In one case, for example, we were able to track down enough information to get a confession in a cold case. Our goal is to build on results like that—committing FBI resources to work some of the hardest cases and letting people who often feel neglected know that they have not been forgotten.
 
Sextortion
And our redoubled efforts against criminals extend to our international partnerships, too.

One of our most heartbreaking cases was that of 17-year-old Jordan DeMay of Marquette, Michigan. Jordan was found dead from a self-inflicted gunshot wound in March 2022. His case led our Detroit office to identify an increase in incidents of financially motivated sextortion, where abusers tricked or coerced child sexual abuse material out of their victims and then extorted money from those kids—mostly young boys—threatening to tell others what they had done or make their pictures public, even going so far as to push these young victims to take their own lives if they couldn’t pay. Some of whom, like Jordan, ultimately, and tragically, did.

As difficult as it is for them, Jordan’s family wants us to talk about him, to help educate other families and prevent more victims. So our Detroit office has started a national campaign to warn children about these dangers. And they’ve led an international effort across multiple continents to track down Jordan’s tormentors. That effort eventually led to a joint operation with one of counterparts—the Nigerian Economic and Financial Crimes Commission. And in August, that team successfully extradited two men from Nigeria to face prosecution for sexually extorting numerous young men and teenage boys across the U.S.—including Jordan DeMay.

That work not only put criminals behind bars, it also sent a message that we will tenaciously pursue those who prey on kids—even leveraging our international relationships to bring them back here to the U.S. from overseas to face justice.
 
Task Forces 
Of course, as great as surges and special initiatives are, we can’t always count on those who ultimately control our budgets to see the wisdom of providing the resources we need to support and sustain those efforts.

I’m not even going to try to make sense of the political climate we’re all having to operate in—we’ll leave those conversations for another time. But that context puts a premium on partnership and leveraging our collective resources to maximize impact. And the best tool we have in our toolkit to do just that, and to have a lasting impact, is our FBI task forces.

We’re now up to more than 6,000 task force officers from hundreds of departments and agencies across the country, all working together to combat violent crime, gangs, drugs, organized crime, and child exploitation. And I remain humbled that so many of you are willing to entrust your outstanding officers and investigators to serve on our task forces—knowing you don’t have personnel and resources to spare but that you realize the tremendous value of our collaboration. 
 
Small Town Wins: Charleston, West Virginia, and Brunswick, Georgia
And that’s true in communities large and small. This year, we worked with federal, state and local law enforcement agencies around Charleston, West Virginia, in one of the largest illegal narcotics investigations in state history, about 300 officers and agents total.

That investigation seized more than a hundred kilograms of methamphetamine, loads of deadly fentanyl powder, thousands of fentanyl pills, firearms, hundreds of thousands of dollars in cash, and resulted in close to 50 arrests. That operation—and so many others like it—make a real difference to the people who live in communities like Charleston.

Or take the work of our Coastal Georgia Safe Streets Violent Gang Task Force, run out of our Brunswick, Georgia, satellite office. In January, that task force arrested 74 members of the Ghost Face Gangsters and seized a number of illegal guns and drugs. That takedown didn’t make national headlines.

But what matters—to me, to you, and to the people of coastal Georgia—is that three months after that law enforcement action, the Brunswick Police Department reported a 50% reduction in fentanyl overdoses.

That’s making a difference in people’s lives.
 
Juveniles 
Another big part of the violent crime problem that I’ve discussed with many of you is that, more and more, the offenders responsible for so much of the violence we’re seeing are juveniles.

The national crime statistics the FBI plans to release this coming week confirm what we’ve all felt for some time, and that is that the number of juveniles committing violent crimes is on the rise.

Whether it’s carjackings, armed robberies, or even worse violence—juveniles committing serious violent crimes is a challenge we all face. And on top of that, hardly a week goes by when I’m not briefed on a juvenile here in the United States motivated to commit violence by some foreign terrorist organization or other ideology.

While I’m sure we all agree that our young people can benefit from services and community outreach and prevention programs, at the same time, there are repeat violent offenders who have to be held accountable, even if they are juveniles. And we need to work together, with prosecutors at all levels—federal, state, and local—to make sure that criminal prosecution is an effective deterrent. 
 
Innovations: IMD and CAST 
But partnership is about more than just going after the bad guys and making arrests. It’s also about bringing everyone’s expertise and unique capabilities to the fight. For our part, today more than ever, that includes keeping pace with emerging trends and technologies, and sharing those with all of you to make sure our collective response remains agile.

Take how we collect, handle, and use law enforcement data, for instance. Our Information Management Division recently processed, extracted, and converted 100,000 digital images to help our state and local partners in New York working the Gilgo Beach serial killer case.

Another asset we’ve increasingly been sharing with our partners is CAST—that’s the Cellular Analysis Survey Team. For anyone who may not be familiar with the program, CAST provides location information for cellular devices. We use CAST teams to locate fugitives or determine whether a suspect was nearby when a crime occurred. We have CAST assets around the country that can support every threat we cover, along with serious violent crimes investigated by agencies like yours.

Last year, CAST members provided expert testimony in over 400 criminal trials. They assisted in more than 5,000 cases and analyzed nearly 26,000 sets of call detail records—just in one year. And while CAST is of course an invaluable resource for federal investigations, the vast majority of that team’s work is to support state cases where there’s no federal prosecutorial interest.

CAST was used, for instance, in the recent kidnapping of that 9-year-old girl in the Albany area. A TFO who’d graduated from CAST certification school just a week earlier used analysis of the subject’s cell phone and car to place him near the crime scene. That information helped investigators get the search warrants that ultimately led to the little girl’s safe recovery.

And in September, we used CAST to locate and recover another minor who’d been kidnapped and held for ransom by a cartel to settle a drug debt—and, in the process, we arrested the three kidnappers.

But we’re finding more and more innovative uses for CAST, like helping to find people who have gone missing after natural disasters. I’m talking about things like tornadoes in the South and Midwest or the recent devastating fires in Maui.

This is just one more example of the ways we’re putting talent and innovation into action quickly to make a real difference in communities—large and small—around the country and the world. 
 
Training 
Another important part of our partnership over the years has been the sharing of ideas, best practices, and innovative concepts across the profession.

Many of you in the audience are graduates of our FBI National Academy. What you may not know is that National Academy dates all the way back to 1935 and owes much of its early success to the support and buy-in of IACP.

We later built on that foundation to add LEEDs, the Law Enforcement Executive Development Seminar for mid-sized agencies, and then in just the past few years, we added the National Command Course to reach even smaller departments. All in an effort to raise law enforcement standards and strengthen partnerships and networks across the board.
 
Danger to LEOs 
Before I close, I want to touch on one final subject—and that’s the danger our men and women face each and every day. Tragically, the number of officers killed and assaulted in the line of duty continues to increase each year.

Already this year, there have been 50 law enforcement officers feloniously killed in the line of duty. That’s right in line with last year when we had one of the highest totals in a decade and comes just two years after we saw the highest number of officers murdered on the job since 9/11.

The number of brave men and women killed on the job is extremely troubling, and it’s an issue that does not get anywhere near the attention it deserves. I’m out there trying to raise awareness on this topic every chance I get, and I know you are, too.

But beyond raising awareness, we’re taking concrete steps to try to make our agents and officers safer. To take just one example, we’re working to build out the violent person file within NCIC, so the same repository that has the wanted persons, sex offenders, and missing persons files. 
At the moment, we have almost 16,000 dangerous people listed in the file—that’s 16,000 people who may have a propensity for violence against law enforcement officers. I don’t have to convince any of you how critical that information can be for an officer running a check before approaching a stopped vehicle or responding to a domestic violence call.

So, I encourage you to continue submitting data on people with a violent criminal history or who have made credible threats. Getting our violent person file populated more comprehensively might make the difference between life and death for one of your officers when they make a stop some late night. And that’s the most important reason we’re working together—to save lives.
 
Conclusion 
There’s no question these are challenging times for law enforcement. The jobs you and your people have devoted their lives to aren’t easy—even in the best of circumstances. And these days, we often find ourselves operating in less than ideal circumstances—and that’s putting it mildly.

But we’ve been through other difficult times, and I’m confident that by working together we’ll continue to get the job done—and done well—for the people we all serve.

Our partnerships are stronger than they’ve ever been, and you have my commitment that from the FBI’s perspective, we’re going to make sure that remains true.

We recognize the immense responsibility you carry, and I’m incredibly grateful for your unwavering resolve in the face of challenging situations  
I’m proud of the difference every department here is making in the lives of Americans—in small towns and big cities alike—and in the lives of everyday people all around the world.

And the FBI will continue to stand with you and your officers in protecting the people we serve.

Thank you.

Source: Federal Bureau of Investigation FBI Crime News

So this evening, I want to talk to you not just about our assessment of the most pressing national security challenges we face today, but where we see the threat landscape evolving in the coming years. And, most importantly, what we’ll need to successfully tackle those threats—namely, the contributions of dedicated public servants committed to making a difference.

If you happen to know anyone like that, please send ’em our way.

Nation-State Adversaries

Today’s national security threats are as complex and sophisticated as ever, and it can be easy to get caught up in the day-to-day work of responding to those challenges.

But to stay ahead of the danger, we need to look five, 10 years down the road to anticipate where the threats are going.

When I look ahead, I expect hostile nation-states to become even more aggressive in their efforts to steal our secrets and our innovation, target our critical infrastructure, interfere with our democratic institutions, and export their repression to our shores.

Front-and-center in that expanded threat is China.

As I’ve said before, there’s no doubt that the greatest long-term threat to our nation’s ideas, our economic security, and our national security is that posed by the Chinese Communist government.

And to be clear—that threat stems from the Chinese government, not the Chinese people themselves, and certainly not Chinese Americans.

The current Chinese regime will stop at nothing to steal what they can’t create and to silence the messages they don’t want to hear—all in an effort to surpass us as a global superpower and shape a world order more friendly to their authoritarian vision.

What makes China’s economic espionage program so insidious is that they’re set on using every tool at their disposal to steal American technology, undercut our businesses, and dominate the market. They use human intelligence to target our most precious information, multiplying their efforts by working extensively through scores of “co-optees”—people who aren’t technically Chinese government officials but assist in intelligence operations—spotting and assessing sources to recruit, providing cover and communications, and helping steal secrets in other ways. And the PRC [People’s Republic of China] combines those efforts with a cyber hacking program that’s bigger than that of every other major nation combined, using cyber as the pathway to cheat and steal on a massive scale.

The result of all this theft is lost American leadership in key industries, lost American jobs, and lost opportunity.

Now I want to thank Texas A&M for your efforts to convey the seriousness of this threat to our partners across academia, because this is a threat that’s only going to increase in the coming years—both in sophistication and scale.

More and more, China is also targeting people inside the U.S. for personal and political retribution, trampling on the basic rights and freedoms of people here on U.S. soil who express opinions they don’t like.

Take the example of China’s recent repression on another college campus, in Indiana, where a Chinese American student posted online praise for the students killed in the Tiananmen Square massacre in 1989. Almost immediately, Chinese intelligence threatened the student’s parents back in China, and groups of Chinese students mobilized to threaten him personally, as well—demonstrating the lengths the Chinese government is willing to go to when it runs across even a hint of criticism of the regime.

But China is not the only foreign adversary that will pose a threat to our national security in the coming years.

The Iranian regime, for instance, has engaged—and, I expect, will continue to engage—in brazen behavior directed at the United States.

In recent years, people associated with Iran have plotted to kill a former U.S. national security advisor on American soil, launched a ransomware attack on a children’s hospital in New England, and carried out a covert influence campaign during our 2020 elections to undermine Americans’ confidence in our democratic system.

In January, we announced charges against three Iran-directed members of an organized crime group who plotted to kill an American journalist living in New York City.

Iran will continue to try to evade international sanctions by stealing our military technology through cyber hacking and illegal technology transfers—and of course, they remain the world’s leading state sponsor of terrorism.

And what about Russia?

Russia is carrying out persistent malign influence operations, hoping to sow divisions that will weaken our country.

They blend covert intelligence efforts—such as cyber activity—and “trolls” operating on social media, with activities by Russian government agencies out in the open, like state-funded media campaigns.

They’re targeting our secrets—especially our military technology—in a variety of ways, from traditional spying to sophisticated cyber intrusions, signals collection platforms, and other technical means.

Russia also uses its cyber resources as a weapon. During their invasion of Ukraine, for instance, we’ve seen Russia conduct reconnaissance against U.S. energy infrastructure right here at home.

Cyber Threats

These hostile nation-states and others will continue to present a serious challenge in years to come. As you’ve probably noticed, a common thread running throughout their activity is cyber.

In the coming years, cyber threats will become even more pervasive, hit a wider variety of victims, and carry the potential for greater damage than ever before. 

We’ve seen countless examples of this, from the Solar Winds supply chain attacks by the Russian foreign intelligence service, the SVR, at the end of 2020 to the Chinese government’s Microsoft Exchange Server intrusions revealed two years ago, to our indictments last fall of three Iranian nationals for their roles in a multi-year scheme to compromise the networks of hundreds of organizations whose services Americans rely on every day. And recently, we’ve seen cybercriminals target hospitals, schools, and other critical infrastructure for theft or ransomware, causing massive disruption to our daily lives.

What makes confronting the cyber threat even more difficult is that there’s no bright line that separates where nation-state activity ends and cybercriminal activity begins. Some cybercriminals sell services to nation-states; some nation-state actors moonlight as cybercriminals to fund personal activities; and nation-states are increasingly using tools typically used by criminal actors, such as ransomware.

So, as dangerous as nation-states are in the cyber realm, we don’t have the luxury of focusing on them alone. Our opponents in this space are relentless and constantly evolving, so we’ve got to keep responding in kind.

Terrorism

With all the nation-state and cyber threats on the horizon, the threat of terrorism can get lost in the discussion. But I can tell you that protecting the American people from terrorism—both international and domestic—remains the FBI’s number one priority, and the terrorism threat today is as persistent and complex as ever.

For perhaps the first time in our history, the FBI’s counterterrorism operational tempo remains high for international terrorism, state-sponsored terrorism, and domestic terrorism, simultaneously.

ISIS continues to pose a threat in their ability and desire to direct, enable, and, in particular, inspire attacks inside the United States.

While that last category of inspired, or what we call homegrown violent extremists, remains our most immediate concern, groups like ISIS and al-Qaida remain committed to attacking U.S. and Western interests domestically and abroad. And our intelligence collection against these threats has been further strained without U.S. and coalition militaries on the ground and in the air above Afghanistan, making it harder to detect operational plotting against the West.

As I tell my folks all the time, we’ve got to be creative and leverage the partnerships we’ve built so we can keep getting the best intelligence possible on what’s actually happening on the ground.

The Challenges of Technology

These are just some of the national security challenges I see over the next five to ten years. The list doesn’t end there. I could also talk about the surge in violent crime in so many cities, the continual flow of fentanyl claiming thousands and thousands of American lives, or any number of the other serious threats coming across our Southwest border.

Cutting across all these threats, every criminal or national security threat the FBI investigates is growing more complex because of advances in technology.

The FBI’s bread-and-butter work involves following the money, collecting evidence, and talking to people. Unfortunately, technology is making all three of these things harder to do.

First, following the money is becoming harder because of the rise of cryptocurrency. Ransomware and other cyberattacks are one area where this issue comes into play, but it’s hardly limited to cyber investigations.

Second, collecting the stuff—the evidence—is also getting harder, because so much of that evidence now lives in the digital realm. Terrorists, hackers, child predators, and more are taking advantage of end-to-end encryption to conceal their communications and illegal activities from us.

Unfortunately, this means that even when we have rock-solid legal process—a warrant issued by a judge, based on probable cause—the FBI and our partners often can’t obtain digital evidence, which makes it even harder for us to stop the bad guys.

The issue is not encryption itself; we’re big fans of encryption, and want people and companies to be able to keep their data safe. But our country has a well-established, constitutional process for balancing individual privacy interests with law enforcement’s need to access evidence to protect the American people.

The public should not have to choose between safe data and safe communities. We should be able to have both—and we can have both.

But right now, the reality is we have an entirely unfettered space that’s completely beyond fully lawful access—a place where child predators, terrorists, and spies can conceal their communications and operate with impunity—and we’ve got to find a way to deal with that problem.

That’s why we want providers to design secure decryption capabilities that they alone can use if presented with a valid court order. That solution would keep data safe—but not warrant-proof.

So the money, the stuff or data, and third and finally, the people. Technology is making it harder for us to recruit, retain, and protect our human sources.

Our name for this problem is “ubiquitous technical surveillance.” That’s just fancy jargon for how our adversaries can combine things like facial recognition and AI [artificial intelligence] with the digital breadcrumbs we all leave behind these days, making it easier for them to track and jeopardize our people and our sources.

Bottom line, technology is making it harder to follow the money, collect evidence, and develop sources—so the way the FBI investigates threats has to continue evolving to overcome these changes in technology.

Looking Forward

This was meant to be a conversation, and I want to make sure there’s plenty of time for that, but before I close, I want to emphasize that the challenges we’ve discussed this evening are not insurmountable.

To meet them effectively, we’ll need the right tools—and most importantly, we’ll need strong public institutions full of talented, innovative people ready to join the fight.

Fortunately, innovation has always been a hallmark of the FBI. Our innovations in law enforcement, like the FBI Lab, are world-renowned. And the good news is that advances in technology don’t just give the bad guys more ways to hurt us. They also provide us with more ways to fight back.

We’ve built deep expertise in virtual currency, for example—using advanced analytic techniques and tools to map illicit payment networks, seizing ill-gotten cryptocurrency gains to hit the bad guys where it hurts, and working to take down their technical infrastructure to disrupt future attacks.

In fact, just today, we struck another blow with the takedown of the Genesis Market, a global criminal marketplace used to steal and sell victim account credentials.

Before we took it offline, users on the Genesis marketplace had access to over 1.5 million different computer systems and held over 80 million access credentials—information those cybercriminals used to launch ransomware attacks, gain unauthorized access, steal intellectual property, and conduct millions of dollars of fraud. Victims of the Genesis Market can be found in almost every country in the world.

Disrupting and dismantling this international enterprise required an international operation of our own. The FBI leveraged our international partnerships and worked with law enforcement counterparts in 12 countries to collect data, identify infrastructure, and coordinate a global takedown of Genesis Market.

As with every cyber case we investigate, we leveraged the unique skillsets of our agents and computer scientists, and the tools they’ve developed to gain access to and acquire information from Genesis Market—information that led us to identify the users, and even several key administrators who hosted and ran the site.

With the actions taken here in the U.S. in combination with those by our international partners, this takedown represents the largest operation involving criminals dealing in stolen credentials we’ve ever conducted.

Turning to other key areas, we’ve also built or developed tools to help us meet the mission in everything from advanced biometrics, like facial and voice recognition, to improved tools for bomb techs to disable IEDs [improvised explosive devices]—and I’m confident we’ll continue to innovate to meet the challenges of tomorrow.

But we need more than just new technical tools. Given the range of threats we’re facing, the speed they’re coming at us, and the ever-expanding battlefield we’re fighting on, we need to make the best use of every tool at our disposal—including the unique combination of authorities the FBI has as both a national security and law enforcement agency.

Section 702

One of those tools is our authorities under the Foreign Intelligence Surveillance Act, or FISA.

Many of you are probably familiar with, or have at least heard about, the FBI’s “traditional” FISA authority, which—like a criminal wiretap—requires an agent to submit an application to the FISA Court establishing probable cause on a particular foreign target in the U.S. What may be less familiar to you is our FISA Section 702 authority, which provides an indispensable way to identify, investigate, and mitigate threats to our homeland coming from foreign adversaries operating outside our borders.

702 allows us to collect on a target who is a non-U.S. person, outside the United States, for foreign intelligence purposes.

To put that in terms I think everyone can appreciate, 702 is the tool we use to collect foreign intelligence by targeting, say, an ISIS-K terrorist in Afghanistan—someone located overseas who is not a U.S. citizen, someone not covered by the constitutional protections we hold so dear.

With our querying authority, we can lawfully run searches against that collection to see who that foreign-based terrorist may be talking to here in the United States to build out the network and identify their potential targets. It’s how we connect the dots between foreign threats and targets here in our own backyard, using information already within our holdings—information that was already lawfully obtained.

But it’s not just counterterrorism. 702 is the tool we turn to when a suspected foreign actor launches a cyberattack—to quickly determine which of our foreign adversaries has hit us, to identify and reach out to victims who may not even know they’ve been compromised, and to warn those who may be targeted next. In a technology environment where foreign threat actors can move to new communication accounts and infrastructure in a matter of hours—if not minutes—702 provides the agility we need to stay ahead.

I say all of this because 702 is up for renewal by Congress at the end of this year, and we cannot afford to lose this critical tool. It’s too important to our ability to stay ahead the threats I’ve discussed this evening—threats the American people rightly expect us to protect them from. Imagine a future without 702—one in which we’re largely blind to China’s efforts, and unable to effectively protect ourselves from the PRC’s aggressive attempts to steal our intellectual property, hack our most sensitive systems, and disrupt essential services.

In recent years, people have raised some understandable compliance concerns about the FBI’s use of FISA. To fix these issues, we’ve made a whole host of important reforms—to our process, electronic systems, training, and oversight—ensuring we’re using our FISA authorities in a surgical and judicious way. And I’m happy to report we’re seeing improvements from these reforms and we’re confident they’re working, now that they’ve had time to take effect.

Bottom line, we’re committed to being good stewards of this tool, because 702 will only become more critical as all the threats become broader and more complex over the next five to ten years.

The Importance of Public Service

But over the long-term, more important for us than any technical tool or legal authority is maintaining a talented FBI workforce that has the trust and confidence of the American people.

There’s never been a more important time to have gifted people choose public service, and I can’t miss this chance to encourage you to consider the FBI as the place to do it.

I know many young people today value “optionality” in their careers—the ability to “reinvent” themselves, pick up new skills, and change gears often. As I hope you’ve seen tonight, there’s a wide range of challenging work to do at the Bureau—so if you pursue a career with us, I can guarantee you will never get bored.

Now, more than ever, we need people who believe, as President Bush said and demonstrated, that “public service is a noble calling.” And I’m told that here, at the Home of the 12th Man, I’m in a place where people are used to—in fact, look forward to—serving when called to do so. So Aggies, consider this your invitation.

Thanks for having me, and I look forward to continuing the conversation.

Source: Federal Bureau of Investigation FBI Crime News

Thank you, Ken. It’s an honor to be here this week, talking about common threats our nations face, and the superb cooperation between our two agencies

The FBI has no closer partner than MI5. We work together on almost every mission our agencies confront—from countering terrorism to cybertheft and transnational repression to espionage.

Now, you’ll notice that there’s a common thread running through all the challenges we tackle together, which is that they’re all hard.

Our world is certainly filled with enduring, difficult challenges. Not least, Russia’s invasion of Ukraine and their ruthless killing of civilians and destruction of homes and infrastructure.

As laser-focused as both our agencies are on the Russia threat, though, I want to talk today about another complex, enduring, and pervasive danger to the kinds of innovative businesses we have here in the audience.

We consistently see that it’s the Chinese government that poses the biggest long-term threat to our economic and national security, and by “our,” I mean both of our nations, along with our allies in Europe and elsewhere.

And I want to be clear that it’s the Chinese government and the Chinese Communist Party that pose the threat we’re focused on countering. Not the Chinese people, and certainly not Chinese immigrants in our countries—who are themselves frequently victims of the Chinese government’s lawless aggression.

Now, we understand the appeal of doing business in and with China. Before returning to public service, I spent 12 years in the private sector, advising and representing some of the world’s leading companies. And at the FBI, we’re engaged with businesses of all sizes and stripes every day, so we understand the perspective of firms looking to the China market, as they try to find and keep a competitive edge.

But the point I want to leave you with today is that the Chinese government poses an even more serious threat to Western businesses than even many sophisticated businesspeople realize. So, I want to encourage you to take the long view as you gauge that threat and as you plan to meet it.

I’ll start with what this danger looks like. The Chinese government is set on stealing your technology—whatever it is that makes your industry tick—and using it to undercut your business and dominate your market. And they’re set on using every tool at their disposal to do it.

For one, they use intelligence officers to target valuable private sector information—multiplying their efforts by working extensively through scores of “co-optees,” people who aren’t technically Chinese government officials but assist in intelligence operations, spotting and assessing sources to recruit, providing cover and communications, and helping steal secrets in other ways.

We’ve seen the regional bureaus of China’s MSS—their Ministry of State Security—key in specifically on the innovation of certain Western companies it wants to ransack. And I’m talking about companies everywhere from big cities to small towns—from Fortune 100s to start-ups, folks that focus on everything from aviation, to AI, to pharma. We’ve even caught people affiliated with Chinese companies out in the U.S. heartland, sneaking into fields to dig up proprietary, genetically modified seeds, which would have cost them nearly a decade and billions in research to develop themselves.

And those efforts pale in comparison to their lavishly resourced hacking program that’s bigger than that of every other major country combined.

The Chinese Government sees cyber as the pathway to cheat and steal on a massive scale. 

Last spring, for instance, Microsoft disclosed some previously unknown vulnerabilities targeting Microsoft Exchange Server software. Chinese hackers had leveraged these vulnerabilities to install more than 10,000 webshells, or backdoors, on U.S. networks, giving them persistent access to data on those systems. That’s just one example of the Chinese government finding and exploiting vulnerabilities, albeit a big one.

But over the last few years, we’ve seen Chinese state-sponsored hackers relentlessly looking for ways to compromise unpatched network devices and infrastructure. And Chinese hackers are consistently evolving and adapting their tactics to bypass defenses. They even monitor network defender accounts and then modify their campaign as needed to remain undetected. They merge their customized hacking toolset with publicly available tools native to the network environment—to obscure their activity by blending into the “noise” and normal activity of a network

The point being, they’re not just big. They’re also effective.

But in addition to traditional and cyber-enabled thievery, there are even more insidious tactics they’ll use to essentially walk through your front door—and then rob you. The Chinese government likes to do this by making investments and creating partnerships that position their proxies to steal valuable technology.

To start with, a whole lot of Chinese companies are owned by the Chinese government—effectively the Chinese Communist Party. And often that ownership is indirect and not advertised. And those that aren’t owned outright are effectively beholden to the government all the same, as Chinese companies of any size are required to host a Communist Party cell to keep them in line.

So, when you deal with a Chinese company, know you’re also dealing with the Chinese government—that is, the MSS and the PLA—too, almost like silent partners.

But the problem is bigger than that China often disguises its hand in order to obtain influence and access where companies don’t suspect it. 

Outside of China, their government uses elaborate shell games to disguise its efforts from foreign companies and from government investment-screening programs like CFIUS, America’s Committee on Foreign Investment in the U.S.

For example, they’re taking advantage of unusual corporate forms like SPACs, or Special Purpose Acquisition Companies, and buying corporate shares with overweight voting rights that let their owners exert control over a company out of proportion with the actual size of their stake in it.

The Chinese government has also shut off much of the data that used to enable effective due diligence, making it much harder for a non- Chinese company to discern if the company it’s dealing with is, say, a subsidiary of a Chinese state-owned enterprise.

We’re working with MI5 and other partners to identify these types of hidden investments. In the U.S., we’ve identified and pulled into our CFIUS screening hundreds of concerning transactions that participants failed to notify us about. Within China, you’ve got all those same problems—and then some.

You probably all know that the Chinese government requires U.S. and U.K. companies to partner with Chinese businesses, partners that often turn into competitors. But they’re also legislating and regulating their way into your IP and your data.

Since 2015, they have passed a series of laws that eat away at the rights and security of companies operating in China. For example, a 2017 law requires that if the Chinese government designates a company as “critical infrastructure,” that company must store its data in China—where, of course, their government has easier access to it.

Another 2017 law would allow them to force Chinese employees in China to assist in Chinese intelligence operations. And a series of laws passed in 2021 centralizes control of data collected in China and gives their government access to and control of that data.

Other new laws give the Chinese government the ability to punish companies operating in China that assist in implementing international sanctions, putting those businesses between a rock and hard place. And one requires companies with China-based equities to report cyber vulnerabilities in their systems, giving Chinese authorities the opportunity to exploit those vulnerabilities before they’re publicly known.

If their government could be trusted with that kind of information, that’d be one thing, but we’ve seen the Chinese government take advantage of its laws and regulations to steal intellectual property and data

In 2020, for example, we learned that a number of U.S. companies operating in China were being targeted through Chinese government- mandated tax software. To comply with Chinese law, these businesses had to use certain government-sanctioned software. The U.S. companies then discovered that malware was delivered into their networks through this same software. So, by complying with Chinese laws for conducting business in China, they ended up unwittingly installing backdoors into their systems that enabled hackers’ access into what should have been private networks.

This is all just a small sampling, and I could go on.

What makes the Chinese government’s strategy so insidious is the way it exploits multiple avenues at once: They identify key technologies needed to dominate markets, like the ones they highlight in their “Made in China 2025” plan. Then, they throw every tool in their arsenal at stealing those technologies—causing deep, job-destroying damage across a wide range of industries, like when they tried to steal cutting edge jet engine technology, recruiting an insider at GE’s joint venture partner to enable access by hackers back in China.

Or in another example, combining human spying with hacking in a joint effort to try to steal COVID research from one of our universities.

So it’s long been clear that the danger China poses to businesses is complex and challenging.

Where we see some companies stumble is in thinking that by attending to one, or a couple, of these dangers, they’ve got the whole Chinese government danger covered—when really, China just pivots to the remaining door left unattended.

But the danger China poses to companies isn’t just complex. It’s also getting worse.

That’s in part because, as you all know, there’s been a lot of discussion about the potential that China may try to forcibly takeover Taiwan. Were that to happen, it would represent one of the most horrific business disruptions the world has ever seen. More on that in a minute.

But it’s also because the Chinese government is using intimidation and repression to shape the world to be more accommodating to China’s campaign of theft.

Examples of the intimidation the Chinese government wields to bend people, companies, and governments to its will could keep us here all day.

But to take just one example, this spring, the Chinese government went so far as directly interfering in a Congressional election in New York, because they did not want the candidate—a Tiananmen Square protester and critic of the Chinese government—to be elected.

A former Chinese intelligence officer hired a private investigator to dig up derogatory information and derail the candidate’s campaign. When they couldn’t find anything, they decided to manufacture a controversy using a sex worker. And when that didn’t work out, they even suggested using violence, such as arranging for the candidate to be struck by a vehicle and making it look like an accident.

The Chinese government’s crackdown on dissidents crosses borders all over the world, including here in the U.K. In the U.S., they’ve gone after Chinese-national college students for participating in pro-democracy rallies at U.S. universities or even just for expressing themselves in class.

The FBI battles the Chinese government’s transnational repression because it’s an evil in its own right and an assault on the freedoms of an open society.

The FBI and MI5 are united in this fight—from our leadership teams down to our case agents and officers. But this audience should bear in mind that China’s repression is also a means to an end—and we counter it for that reason, too.

Repression is part of how the Chinese government tries to shape the world in its favor, making the world more pliable and susceptible to its nefarious campaign to steal our data and innovation. That connection—between the Chinese government’s ugly repression and its strategic economic goals—is too little recognized. So, I want to take a few minutes to focus on it.

The Chinese government is trying to shape the world by interfering in our politics (and those of our allies, I should add), like the Congressional example I just mentioned. In other instances, using GPS trackers and other technical surveillance against activists inside the U.S. speaking out against the Chinese government. Even covertly and deceptively running a purported pro-democracy organization to collect information on Americans opposed to them.

But they try to shape the world by going after companies, too—sometimes just for being associated with people Beijing wants to silence.

Like when, after one U.S.-based employee of a major hotel chain “liked” a social media post by a Tibetan separatist group, the Chinese government made that U.S. hotel chain shut down all of its Chinese websites and applications for a solid week.

Or when an executive with one NBA basketball team appeared to tweet in support of Hong Kong democracy protests, the Chinese government banned all NBA broadcasts in China for an entire year.

Part of that effort is strong-arming companies to do Beijing’s bidding and actually help it undermine our political and judicial processes.

Like last November, when the Chinese Embassy warned U.S. companies that, if they want to keep doing business in China, they need to fight bills in our Congress that China doesn’t like. That’s not something listed in the brochure when you sign up to work with China. And you won’t find those types of requirements—or a warning that you’re about to lose your I.P.—in any contract you might sign.

But if you’re considering partnering with a Chinese-owned company, you should ask their Ministry of Commerce: Can they assure you that your employees won’t be dragooned into working for their Ministry of State Security and against you? That you won’t have to load their tax software or any other state-sanctioned software onto your systems? That your company won’t be punished because of one of your employees’ tweets?

Their ministry’s not going to give you a satisfactory answer—at least not one that’s not belied by the text of the laws on their books or by the way they’ve actually been treating foreign companies operating there.

All of that is to say—China poses a far more complex and pervasive threat to businesses than even most sophisticated company leaders realize

But as I said earlier, I’m not here to tell you to avoid doing business in or with China altogether. Of course, sophisticated Western businesses have long found ways to succeed in tough environments. It’s risk versus reward, with a premium on accurately assessing that risk.

But I do have just a few suggestions for those who do plow ahead, because we’re not in the business of just articulating problems. We’re doing something about them, together—with MI5, with the private sector itself, with other government partners. 

First, I would encourage everyone to work with the two agencies up here. We can arm you with intelligence that bears on just what it is you’re facing.

For example, when it comes to the cyber threat, everything from details about how Chinese government hackers are operating to what they’re targeting.. And when incidents do occur, we can work together—our agencies and you—to degrade the threat.

Our folks will race out to give you technical details that will help you lessen the effects of an attack. Together, we can also run joint, sequenced operations that disrupt Chinese government cyber attacks, like we did in that Microsoft Exchange example I noted earlier, working with the private sector, including Microsoft itself, and our government partners to slam shut those backdoors the Chinese government had installed on corporate networks across the U.S.

And we can also help you to ascertain whether the cyber problem you’ve encountered is actually part of a larger intelligence operation, whether the hackers you do see may be working with insiders, or in concert with other corporate threats, that you don’t see.

Finally, I’d ask you to take the long view.

I’m thinking of the view that high-performing boards of directors bring to a company. Looking past the nearest earnings report, to maximizing the value of the company over the course of years, long after today’s management team may have moved on. Consider that it may be a lot cheaper to preserve your intellectual property now than to lose your competitive advantage and have to build a new one down the road.

I’d encourage you to keep in mind the complexity of that threat to your innovation I just talked about—how hard it is to recognize and close every avenue. Maintaining a technological edge may do more to increase a company’s value than would partnering with a Chinese company to sell into that huge Chinese market, only to find the Chinese government, and your “partner,” stealing and copying your innovation, setting up a Chinese competitor, backed by its government, that is soon undercutting you—not just in China, but everywhere.

Now, when it comes to the threat against Taiwan I mentioned a minute ago, I’m confident in saying that China is drawing all sorts of lessons from what’s happening with Russia and its invasion of Ukraine—and you should, too.

We’ve seen China looking for ways to insulate their economy against potential sanctions, trying to cushion themselves from harm if they do anything to draw the ire of the international community. In our world, we call that kind of behavior a clue

But it’s not just Russia that’s hurt by what’s happened to their economy today as a result of sanctions and disruptions. There were a lot of Western companies that had their fingers still in that door when it slammed shut. 

Even a few weeks ago, a Yale study reported in the Wall Street Journal assessed that Western businesses had already lost $59 billion in Russia because of the conflict. The losses grow every day.

And if China does invade Taiwan, we could see the same thing again, at a much larger scale. 

Just as in Russia, Western investments built over years could become hostages, capital stranded, supply chains and relationships disrupted. Companies are caught between sanctions and Chinese law forbidding compliance with them.

That’s not just geopolitics. It’s business forecasting

As I’ve heard one business leader put it recently, companies need to be wrestling with the strategic risks China poses to their growth in the long-term—and thinking about what actions they can and should be taking now, to prevent catastrophe later.

I know this all sounds alarming. But while the threat is immense, that doesn’t mean harm is inevitable.

Because while the private sector can’t stand alone against the danger—you’re not alone. The FBI and MI5 share a relentless focus on a common mission: protect our countries and keep our people safe.

I spend a lot of my time talking with other leaders focused on national security, both at home in the U.S. and abroad. I know Ken does too. And I’ll say the frequency with which this threat dominates the discussion is striking. Because our counterparts say they’re fighting to protect their students from intimidation, too. That Chinese officials are targeting their policies and candidates with malign influence, too.

That hackers in China are carrying their companies’ innovation off. That Chinese companies or proxies are using quasi-legal investments to undermine their economies, too.

But the lesson the Chinese government has been unable to learn is that by targeting countries around the world that value the rule of law, they band us even closer together.

Beijing may think our adherence to the rule of law is a weakness. But they’re wrong.

As rule-of-law agencies in rule-of-law nations with rule-of-law partners, we see how our democratic and legal processes arm us.

We’re confronting this threat and winning important battles, not just while adhering to our values—but by adhering to our values and by continuing to foster close partnerships with all of you.

In the process, we’re showing why the Chinese government needs to change course—for all our sakes.

All of us in America, in the U.K., and across the free world, are in this together—and together, we’re an awfully formidable team.

Source: Federal Bureau of Investigation FBI Crime News

Good morning. On behalf of all the men and women of the FBI, it’s an honor to be here today to remember Bryan and honor his life.

For those of you who may not know, Bryan joined the Bureau in March of 1992, and he spent his 30 years of dedicated FBI service here in Mobile.

His father, Clay, was also a Bureau employee, working 42 years with the FBI before retiring as FBI Mobile’s photographer.

And Bryan’s mom, Mary, had also been an FBI employee before Bryan was born.

So it’s clear that the FBI was in Bryan’s blood. And it was also clear to me from the conversations I had with Bryan—last fall in Mobile and again recently on the phone—that he loved the Bureau.

He loved our mission. He loved our people.

He loved getting his hands dirty, and he loved the process of investigating and digging, problem solving, and finding facts and evidence in search of the truth.

Bryan started his FBI career on the night shift as a mail and file clerk before working his way to becoming an investigative operations analyst. He would go on to do investigative work supporting the violent crimes squad for many years.

And he continued to work on Mobile’s ERT—our evidence response team—throughout his career.

Because for Bryan, no work was too dirty, and no case was too difficult.

He investigated serial murder cases, including Israel Keyes up north and Jeremy Jones here in Alabama.

In fact, I’m told that quite a few people here worked the Jones case with him.

But he also worked countless cases that many of us have never heard about—and he worked those with the same dedication and commitment to this community, and to his colleagues.

Bryan would find out, for instance, that a woman just north of here had gone missing.

And he’d spend hours and hours trying to find out where she ended up—trying to find her or, if nothing else, to at least bring closure to those she left behind.

Whenever he was given a case like that, he had a relentless drive to find out what happened.

And he loved working on ERT.

He volunteered for every temporary duty assignment that came up.

That might mean digging through a landfill in Vermont, sifting through evidence of mail bombs in Texas, or sorting through rubble and debris from the 9/11 attacks that had been hauled from Manhattan and dumped on Staten Island—looking for human remains, personal effects, or anything that might help us identify those who’d been lost in those terrorist attacks.

No job was too big or too small. No task was too dirty.

Bryan was known for saying—Let’s go. Let’s get in it.

And that passion for discovery never left him.

In fact, when I sat down with him last fall, one of the things on his mind was solving a mystery he’d wondered about for years.

Bryan was immensely proud of his family’s service with the FBI.

We talked about his Dad’s 42 years with the Bureau, and he said he believed his mother had worked for the Bureau, too, but he’d never known in what capacity.

But like any open question in his life, that was not something he could just let go.

So, he’d dug around in records and called around, but he didn’t find any records of his mom’s employment.

Then, he even submitted a Freedom of Information Act request.

You heard me right. Bryan FOIA-ed his own agency.

Now that still did not find answers, but Bryan was tenacious.

So, when we talked in December, he asked me if I could help find out the details of his mom’s employment.

Fortunately, the Bureau has spent the past two decades ingesting and sorting nearly all of our records into a high-tech facility in Virginia.

And, as luck would have it—or perhaps as a credit to Bryan’s unwillingness to give up—our incredible staff in the Information Management Division managed to track down the hard copy of Mary Myers’ final pay card, confirming her service as an FBI file clerk from 1955 to 1961.

I sincerely hope getting a copy of that card brought a smile to Bryan’s face. I’m pretty sure it did. And it certainly did to mine.

That dogged approach to finding his mom’s history with the FBI is precisely the tenacity that Bryan brought to his job, each and every day.

But I don’t want to leave the impression that Bryan was only focused on the job.

For one thing, I’m told that whenever an ERT mission came up, Bryan’s first response was to say, “Yes.” But his second response was to find out what restaurants were around the search site.

He was a foodie, who wanted to try whatever the local cuisine was.

And everyone knew that when they deployed, Bryan was going to be in charge of the schedule—and the schedule always considered when restaurants opened and closed, and what the travel distance was.

He loved good food and was always looking for or planning the next great meal.

He loved working on his tractor and getting out in the woods.

He loved hiking, skiing, and camping.

And I’m told that every fall, he arranged his schedule so that he could take off Friday at 3 p.m. and head to the hunting camp.

He also loved interacting with people, and he saw the goodness in everyone he met.

People in the Mobile Office have said he was easy to talk to, to laugh and joke with—that he made them feel like he was genuinely interested in them.

In many ways, he approached relationships the way he approached working on ERT.

He liked to dig and to discover and bring out the best in everyone.

I’m told a common conversation with Bryan would start with asking him about his weekend or how his hunting was going or how his family was. And five minutes later, you’d realize you weren’t talking about Bryan anymore.

You were talking about yourself and your life and concerns.

And you’d have no idea how he’d managed to turn the conversation around in the meantime.

Every morning, he’d get his coffee and walk around the office to find out what was going on, how everyone was doing.

Fittingly, he had a hunting analogy for this habit. He said he was, “checking his traps.”

I also think it’s no coincidence that Bryan served as the coordinator for Mobile’s Employee Assistance Program. Because he was fixated on helping people with their problems—personal or professional.

And people who needed help described Bryan as “the calming breeze that walked into the room.”

Bryan is said to have always wanted to hear both sides of any issue. And he always met you where you were and never judged you.

I’m told, for instance, that when he heard one agent was having a particularly hard time, he immediately jumped in his car and drove two hours to have lunch with the guy.

I’d bet both the food and the conversation were reassuring.

Because Bryan believed that you could handle any problem as it comes.

And anyone in the Mobile Office who has been through something terrible has talked to Bryan.

Because anyone who came to Bryan looking for help—which was darn near everyone—left that conversation knowing what support they had and with a feeling that everything was going to be okay.

He has been the support system for the majority of people in the office—unassumingly, and without looking for attention.

Serving as the office therapist and support coordinator also led to Bryan being the de facto historian for the Mobile Office.

I am told he knew every story of every person who has ever worked here over the past three decades—and he kept up with them even after they retired and left.

Because he truly cared about everyone here in Mobile. That instantly struck me, both times I spoke with him—what jumped out at me was how laser-focused he was, not on himself, but on helping, looking out for, a whole series of other people in the organization.

For example, I remember Bryan earnestly advocating to me about another colleague, specifically because of how well that person treated everyone else in the office, agents and professional staff alike, regardless of their position or tenure.

The level at which Bryan cared for others speaks volumes about his character.

His seemingly bottomless well of compassion is extraordinary, although from what I’ve heard, I think a lot of that came from the support he found in his own family.

For those who may not know, he lost his first wife, Rhoda, and their unborn daughter, Amanda, back when his son, Nicholas, was still very young.

That’s a tragedy that’s hard to imagine.

But Bryan found Cindi, and she brought joy to his and Nicholas’s lives. In their words, they “rescued each other.” That sounds about right to me.

And that includes the past year, as they continued to find joy, even while he fought cancer, and I know he treasured the trip to Yellowstone and Glacier National Parks last summer.

Before I close, I want to take a moment to illustrate just how much family meant to Bryan.

This is something that might not mean as much for those not from Alabama, but it will resonate with almost everyone here.

Bryan graduated from the University of South Alabama, but as everyone in this state knows, you can’t live here and not declare whether you root for Bama or Auburn.

Well, Bryan pulled for Auburn—the Bama fans here have said he just has a soft spot for the underdog.

But being an Auburn fan didn’t stop him from marrying a Bama grad.

Then, Nicholas decided to attend Bama himself.

And the very next day, if you can believe it, Bryan showed up to work wearing a Crimson Tide sweatshirt.

Now that’s love.

I’ve heard there was a similar act of love that happened this week.

On Tuesday, we called down to Mobile and asked for Bryan’s credentials, so that we could mount them for today.

Well, apparently no one knew where they were, so Nicholas was deployed on a search and rescue mission to go find them.

I can picture Bryan looking down, watching Nicholas on the hunt for those creds and not giving up until he found them.

I think Bryan would be proud.

I have one final note to add, about Bryan’s legacy here at the FBI.

When we spoke, he was very focused on a letter he got from Director Hoover—when Bryan was very young—about what a hero his dad had been.

I was honored to write a similar letter for Nicholas last year.

But far beyond that letter, I want Cindi and Nicholas, and everyone here to know that Bryan will be remembered by the Bureau.

At Headquarters and in every field office across the country, there’s a Wall of Honor where the names of fallen FBI employees are inscribed.

Each one represents the kind of extraordinary people we have in the FBI—people who answer the call of duty, no matter the cost.

And that includes FBI members who lost their lives to 9/11-related illnesses.

In November 2001, Bryan answered the call to deploy with ERT to Staten Island to sort through debris from the attacks.

And we’ve determined exposures from that painstaking work eventually led to his death.

Each May, we hold a ceremony to honor those whose names are on our Wall of Honor. 

We will be putting Bryan’s name on the wall, and everyone in the Bureau will know why it’s there. Because Bryan—without hesitation, without reservation—answered the call to service.

So today, we say goodbye to a beloved member of the FBI family gone too soon.  

But we’ll work to honor him in the way we carry forward the FBI mission, and we’ll remember him, and the ways he touched and changed lives for the better along the way.  

Cindi and Nicholas, we know you’ll remember him—his compassion, caring, and tenacity—better than anyone.  

Thank you for sharing Bryan with us for so many years. Please know that you and Bryan will always be a part of our FBI family.

Source: Federal Bureau of Investigation FBI Crime News

Introduction

It’s good to be back here at BC, particularly since I couldn’t participate in the virtual conference last year. In fact, the last time I was able to participate was in March 2020, right before everything went into lockdown. It’s pretty incredible how quickly our lives—work, school, social events —shifted to being online.

I can’t say I was a fan of shifting from interacting with my staff around a conference table to seeing a fair number of folks show up only on screen, usually from elsewhere in the building.

It worked, sort of. But I’m glad we’ve been able to go back to meeting in person. For the FBI, a lot of our work is hard to accomplish online. We work with a lot of classified information that can’t go home, and we certainly can’t conduct crime scene investigations remotely.

But I recognize that we’re fairly unique, and a lot of businesses have been able to cut costs by keeping employees at home instead of leasing office spaces.

So, it’s clear that our world and our society are not just going back to where we were two-and-a-half years ago. And people are going to continue to take advantage of the connectivity that cyberspace provides.

But, at the same time, the shift of our personal and professional lives even more online has created new vulnerabilities. And malicious cyber actors are going to continue to take advantage of people and networks.

That includes cybercriminals holding data for ransom and nation states like China stealing defense and industrial secrets.

And lately, that’s included Russia trying to influence what happens in the ground war they started—by threatening attacks against the West in cyberspace.

I think, if we’re going to address cyber security properly, we’ve got to talk about how we’re responding to each of those threats.

We’ve got to hold the line on multiple fronts—all at once—to help people and businesses protect themselves, to support victims, and to inflict costs on criminals.

And we can’t let up on China or Iran or criminal syndicates while we’re focused on Russia. So that’s what we’re doing, taking on all these threats and shifting resources quickly to respond.

And I think it’s worth covering some of those threats with you today.

Russia

I do want to start with Russia because we’re laser focused on them right now.

I’m not breaking any new ground or compromising any intelligence sources by saying they’ve been absolutely reckless on the battlefield. They really don’t care who they hurt—civilians, noncombatants, women, children. And their recklessness with human lives carries over into how they act in cyberspace.

Of course, that’s not new. In 2017, the Russian military used the NotPetya malware to hit Ukrainian critical infrastructure. The attack was supposed to look like a criminal heist but was actually designed to destroy any systems it infected.

They targeted Ukraine but ended up also hitting systems throughout Europe, plus the U.S. and Australia, and even some systems within their own borders. They shut down a big chunk of global logistics.

That reckless attack ended up causing more than 10 billion dollars in damages—one of the most damaging cyberattacks in the history of cyberattacks—and spread world-wide before anyone knew to do anything.

Now, in Ukraine, we see them again launching destructive attacks, using tools like wiper malware. And we’re watching for their cyber activities to become more destructive as the war keeps going poorly for them.

At the FBI, we’re on what I’d call combat tempo.

We’ve got a 24/7 cyber command post running, and we’ve been pushing out intelligence products and technical indicators—not just to government partners, but also to private companies and others.

We’ve seen the Russian government taking specific preparatory steps towards potential destructive attacks, here and abroad. We’re racing out to potential targets to warn them about the looming threat, giving them technical indicators they can use to protect themselves. And we’re moving rapidly to disrupt Russian activity.

Russia/WatchGuard

Just this April, the FBI disrupted a botnet that the Russian GRU intelligence service had created and could have used to obfuscate malicious and damaging cyber activity.

This is the same Russian agency behind NotPetya and that attacked the Ukrainian electric grid in 2015, attacked the Winter Olympics and Paralympics in 2018, and conducted attacks against Georgia in 2019.

The GRU’s Sandworm team had implanted Cyclops Blink malware on ASUS home routers and Firebox devices, which are firewall devices produced by WatchGuard Technologies and largely used by small to medium businesses.

By infecting and controlling thousands of these devices worldwide, the GRU could string them together to use their computing power in a way that would hide who was really running the network.

This past November, we alerted WatchGuard about the malware targeting their devices, and we collaborated with CISA and WatchGuard on mitigation.

We collected additional malware samples from U.S. victims, while WatchGuard developed mitigation tools.

We reverse-engineered the malware samples and developed a sophisticated technical operation to sever the GRU’s ability to communicate with the botnet’s command-and-control layer.

And in March, we executed the operation and successfully cut their ability to control the botnet.

We removed malware from the “Firebox” devices—used by small businesses for network security all over the world—and then shut the door the Russians had used to access them.

Clearly, that’s not the only threat coming out of Russia, and we’re certainly not resting on our laurels. But that was a pretty solid hit against Russian intelligence. And it shows that we can do quite a bit to counter threats and help companies hit by threats like that posed by the Russian government.

Reminders and Lessons

As I mentioned earlier, even while we’re at full tilt against Russian cyber threats, we’re also countering other nation-state and criminal cyber actors. So we’re particularly attuned to lessons from the Ukraine conflict that apply more broadly.

We’re not the only ones. We know that China is studying the Ukraine conflict intently. They’re trying to figure out how to improve their own capabilities to deter or hurt us in connection with an assault on Taiwan.

So, take for example the blended threat where we see Russia—like China, Iran, and sometimes other nation states—essentially hiring cyber criminals, in effect cyber mercenaries.

We see Russian cyber criminals explicitly supporting, and taking actions to assist, the Russian government, as well as some just taking advantage of the very permissive operating environment that exists in Russia.

In some instances, we also see Russian intelligence officers, moonlighting, making money on the side, through cybercrime or using cybercriminal tools to conduct state-sponsored attacks because they think it gives them some plausible deniability or will hide who’s behind it.

So one key question for us today is, when do criminal actors become agents of their host nation?

Does money have to change hands, or is publicly pledging support to a foreign government enough?

We are realizing the value of our accumulated investigative work, with our partners, against all manner of Russian cyber threats. That work has established connections, motives, and tactics among Russian hackers before the current crisis.

It gives us a basis for potentially holding the Russian government accountable for the actions of a Russian ransomware gang. Because we’ve been able to show that their government sometimes supports, uses, and protects, cybercriminals.

A second thing we’re thinking about is the speed and scope of attribution. How do we balance the need for speed, to get to an operational level of attribution, supporting actions we or our partners need to take next, against specificity? 

It won’t surprise you to learn that we can figure out which country is responsible for something, or even which specific intel service, faster than we can identify which individual was sitting at the keyboard.

For victims, we’re helping as we respond to malicious cyber activity in this kinetic, destructive context, we’ve found that speed trumps pretty much everything else. It’s more important for us to get to their doorstep in an hour than it is to tell them whether we’re looking at nation-state cyber activity or cyber criminals.

But it’s also important to keep marching toward more-specific attribution even while we hand off defensive information before we build the full picture of who’s responsible. Because for the broader government’s response calculations—for us to meaningfully degrade, disrupt, and deter a cyber adversary—we often need to be a lot more specific about who’s responsible.

A third lesson, or really a reminder, from this conflict with broad application: When it comes to the threat of destructive attack, the adversary’s access is the problem.

This is something we’ve talked about a lot, but that has acquired heightened resonance lately. Russia has, for years and years, been trying to infiltrate companies to steal information.

In the course of doing so, they’ve gained illicit access to probably thousands of U.S. companies, including critical infrastructure. Just look at the scope of their Solar Winds campaign.

They can use the same accesses they gained for collection and intelligence purposes to do something intentionally destructive. It’s often not much more than a question of desire.

That’s why, when it comes to Russia today, we’re focused on acting as early, as far “left of boom,” as we can against the threat.

That is, launching our operations when we see the Russians researching targets, scanning, trying to gain an initial foothold on the network, not when we see them later exhibit behavior that looks potentially destructive.

As broad as Russia’s potential cyber accesses across the country may be, they pale in comparison to China’s.

So the same reminder that this conflict has given the community about the urgency of battling adversaries at the point of access, or earlier, applies in spades when we think about how to defend against the Chinese Communist Party’s potential aggression toward Taiwan.

We need to study what’s going on with Russia and learn from it because we’re clearly not the only ones paying attention.

China

Now, China is clearly a very different threat than Russia. The Chinese government is methodical, hacking in support of long-term economic goals.

And China operates on a scale Russia doesn’t come close to. They’ve got a bigger hacking program than all other major nations combined. They’ve stolen more American personal and corporate data than all nations combined. And they’re showing no sign of tempering their ambition and aggression.

Even their hacks that may seem noisy and reckless actually fit into a long-term, strategic plan to undermine U.S. national and economic security.

China’s economy also gives it leverage and tools, sway over companies, that Russia lacks. For many U.S. and foreign companies doing business in China, or looking to, the cost effectively amounts to a blanket consent to state surveillance in the name of security—at best.

At worst, they’ve got to accept the risk that their sensitive information may be co-opted to serve Beijing’s geopolitical goals.

In 2020, we became aware that some U.S. companies operating in China were being targeted through Chinese government-mandated tax software. The businesses were required to use certain government-sanctioned software to comply with the value-added tax system and other Chinese laws.

A number of U.S. companies then discovered that malware was delivered into their networks through this software. So, by complying with Chinese laws for conducting lawful business in China, they ended up with backdoors into their systems that enabled access into what should be private networks.

That’s just one example of how the Chinese government is pursuing their goal to lie, cheat, and steal their way into global domination of technology sectors. It’s really a whole-of-government operation to steal research and proprietary secrets from U.S. companies and then undercut prices on the global market. So that companies that play by the rules can’t compete.

That effort is not limited to cyber. Heck, we’ve caught Chinese agents out in the heartland of the U.S. targeting our agricultural innovation, sneaking into fields to dig up proprietary, experimental, genetically modified seeds.

But China’s other means of stealing technology—things like human spies, corporate transactions—often run in concert with, and even in service of, its cyber program. Like when the MSS recently used a human agent on the inside to enable hackers in mainland China to penetrate GE Aviation’s joint venture partner and steal proprietary engine technology.

The Chinese government sees cyber as the pathway to cheat and steal on a massive scale. In March 2021, Microsoft and other U.S. tech and cybersecurity companies disclosed some previously unknown vulnerabilities targeting Microsoft Exchange Server software.

The hackers, operating out of China, had compromised more than 10,000 U.S. networks, moving quickly and irresponsibly to do so prior to the public disclosure of the vulnerabilities. Through our private sector partnerships, we identified the vulnerable machines.

And learned the hackers had implanted webshells—malicious code that created a backdoor and gave them continued remote access to the victims’ networks. So, we pushed out a joint advisory with CISA to give network defenders the technical information they needed to disrupt the threat and eliminate those backdoors.

But some system owners weren’t able to remove the webshells themselves, which meant their networks remained vulnerable. So, we executed a surgical, court-authorized operation, copying and removing the harmful code from hundreds of vulnerable computers.

Those backdoors the Chinese government hackers had propped open? 

We slammed them shut, so the cyber actors could no longer use them to access victim networks. So, while that’s another win we can celebrate, it is also a stark reminder that the Chinese government remains a prolific and effective cyber espionage threat.

Iran and Boston Children’s Hospital

And China and Russia aren’t the only nation states exhibiting malicious behavior on the international stage. Iran and North Korea also continue to carry out sophisticated intrusions targeting U.S. victims.

In fact, in the summer of 2021, hackers sponsored by the Iranian government tried to conduct one of the most despicable cyberattacks I’ve seen—right here in Boston—when they decided to go after Boston Children’s Hospital.

Let me repeat that, Boston Children’s Hospital.

We got a report from one of our intelligence partners indicating Boston Children’s was about to be targeted. And, understanding the urgency of the situation, the cyber squad in our Boston Field Office raced to notify the hospital.

Our folks got the hospital’s team the information they needed to stop the danger right away. We were able to help them ID and then mitigate the threat.

And quick actions by everyone involved, especially at the hospital, protected both the network and the sick kids who depend on it.

It’s a great example of why we deploy in the field the way we do, enabling that kind of immediate, before-catastrophe-strikes response.

Ransomware

Unfortunately, hospitals these days—and many other providers of critical infrastructure—have even more to worry about than Iranian government hackers.

If malicious cyber actors are going to purposefully cause destruction or are going to hold data and systems for ransom, they tend to hit us somewhere that’s going to hurt. That’s why we’ve increasingly seen cybercriminals using ransomware against U.S. critical infrastructure sectors.

In 2021, we saw ransomware incidents against 14 of the 16 U.S. critical infrastructure sectors, including healthcare, but also many of the other things we depend on.

Ransomware gangs love to go after things we can’t do without.

We’ve seen them compromise networks for oil and gas pipelines, grade schools, 9-1-1 call centers. They also go after local governments.

The FBI cyber team here in Boston, for example, last May uncovered important indicators of compromise for the Avaddon ransomware strain.

Avaddon was one of the most prolific ransomware variants in the world at the time. Our folks quickly published what they found to warn the public.

And just two days after that, a local police department in the Southwest told FBI Boston that they’d seen some of those indicators of compromise we published—newly identified malicious IP addresses—connecting to the department’s network.

The police department was able to use our Boston Division’s information to stop Avaddon from infecting their network.

So, that’s our folks here helping out a city on the other side of the country and a lot of other potential victims nationwide, but also a reminder of the kind of damage ransomware groups are able and willing to inflict.

Lessons Learned from Disrupting Hackers

Hopefully, as you listen, you’ve been gleaning a bit about our focus. We aim to stop attacks, and degrade actors, as early as we can.

It’s worth taking a few minutes to think about what we’ve learned from the operations of the past couple of years, as more and more of society has moved online, and as cyberattacks and intrusions have accelerated.

For one, we’ve learned that in cyber, as with other parts of our work countering criminal organizations, we can impose costs on cybercriminals by focusing on three things: the people, their infrastructure, and their money. We make the most durable impact when we disrupt all three together and when we set aside who gets credit and just equip the best athlete with the information they need to take action.

First: To go after the people, we work with like-minded countries to identify who’s responsible for the most damaging ransomware schemes and take them out of the game. That may mean arresting and extraditing them to the U.S. to face justice. Or it may mean prosecution by a foreign partner.

Crucially, we cast a broad net, going after everyone from the ransomware administrators building the malware, to affiliates deploying it, to the hosting providers and money launderers making the criminal enterprise possible.

Second: Simultaneously, taking down cybercriminals’ technical infrastructure disrupts their operations.

For instance, last year, the FBI led an international operation that seized control of a botnet called Emotet, consisting of tens of thousands of infected computers, which had been used in a range of cybercrime schemes including ransomware.

And that Russian botnet we just disrupted in March is another great example of how we can take infrastructure offline before it causes damage.

Third: By going after their money, when we seize virtual wallets and return stolen funds, we hit them where it hurts, taking resources away from the bad guys, helping to prevent future criminal operations.

And we’ve had even bigger successes in disrupting operations by shutting down illicit currency exchanges.

Bottom line: We believe in using every tool we’ve got to impose risk and consequences and to remove bad guys from cyberspace.That includes leveraging every partnership we have.

FBI’s Role and the Virtuous Cycle

So how do we make all that happen. How do we make sure the best athlete has the proverbial ball at the right time and that we’re all making each other stronger?

There’s a symmetry to the way we identify threats and the way we deal with them.

At the FBI, as both a law enforcement and intelligence service, we’re pulling in information about hostile cyber activity from a wide range of sources, from on one end of the spectrum, providers, incident response firms, victims, and others in the private sector, and from our partnerships with CISA, Treasury, and other SRMAs.

From our FISA collection, human sources, our fellow USIC agencies’ signals and human collection, and from intelligence and law enforcement partners around the world, many of whom have overseas FBI cyber agents working alongside them daily.

Then, we analyze what the adversaries are trying to do, and how. We take, for example, information shared by one victim we know they hit and work back to find others either already being hit or about to be.

We dissect their malware to see what it’s capable of and compare what we see in the field to what we know about their strategic intent.

Then—the other side of that symmetry I mentioned—we quickly push the information we’ve developed to wherever it can do the most good, whether that means employing our tools or arming partners to use theirs, or both. Often that means racing information to victims or potential victims.

We’ve developed the ability to get a technically trained agent out to just about any company in America in an hour, and we use it a lot.

Almost every week, we’re rushing cyber agents out to help companies figure out what they’ve got on their systems, how to disrupt it, how to interrupt it, how to mitigate, and how to prevent this from becoming something much worse.

Other times, we work jointly with CISA, and often NSA, to disseminate the information even more broadly, if more companies and public entities can make use of it.

For example, in the last couple of months you’ve seen us publish indicators of compromise for Russian cyber operations targeting U.S. critical infrastructure, helping companies prepare defenses and enabling threat hunting.

And not long ago, you saw us and NSA push out details on malware the GRU was using to help companies defend against it.

But we’re also pushing what we learn to government partners in order to enable joint, sequenced operations that disrupt the harm at its source, at the same time we’re helping companies mitigate on their own networks.

We push targeting information about hostile infrastructure abroad either to foreign law enforcement, to seize or shut down; or to government partners here with a mandate to conduct offensive operations overseas; or to Treasury or Commerce, for sanctions.

And so on.

But it’s important to keep in mind that we aren’t playing a one-move game. What we need to do is kick off a virtuous cycle that feeds on itself.

We use the information one company might give us to develop information about who the adversary is, what they’re doing, where, why, and how, taking pains to protect that company’s identity just as we do our other sources.

Then, when we pass what we develop to partners here and abroad—our fellow U.S. and foreign intel services, foreign law enforcement, CISA and sector risk management agencies, providers like Microsoft.

Crucially, those partners can then in turn leverage what we’ve given to provide us with more information.

Enhancing our Global Investigations

Helping us discover more malicious infrastructure we can target ourselves, or alert private sector partners to more opportunities to arrest or otherwise disrupt the adversaries, which leads us to more useful information to pass back to that first company, to better remediate and protect itself, maybe find more technical info it can share back to us and to our partners, to take further steps. And so on.

It’s why we’re deployed all over this country and in nearly 80 countries around the world.

What these partnerships let us do is hit our adversaries at every point—from the victims’ networks, back all the way to the hackers’ own computers.

Of course, for this virtuous cycle of information to work, we rely on companies to work with us the way WatchGuard and Boston Children’s Hospital did.

So, for companies that conduct any work on the internet, I would encourage you to have an incident response plan and to include contacting your local FBI field office as part of that plan. It’s immensely helpful for any business to have an existing relationship with their local office before an attack occurs.

In fact, that’s one of the reasons we were able to help Boston Children’s Hospital so quickly.

The FBI Boston Field Office had worked with Children’s on a series of attacks in 2014—those stemming from a misguided online protest. We worked closely with Children’s all the way through our investigation, which led to a conviction and sentencing of the hacker in 2019.

So, Children’s and our Boston office already knew each other well before the attack from Iran, and that made a difference.

So, I’d encourage everyone to give us a call and talk with your local FBI cyber team.

But whether you take that proactive step or not, if you suspect a cyber intrusion, please report the compromise by contacting your local field office immediately—the more quickly we get involved, the more we can do to help.

Conclusion

Thank you all for being here and for inviting me to speak.

Our goal at the FBI is to make sure Americans and our partners and families overseas can use cyberspace safely and securely. To do that, we rely on help from everyone in this room—whether you’re a government partner, a service provider, or an online content writer. And I want you to know you can rely on us to help you.

Thank you for your trust and for your ideas on how to do this better.

I’m looking forward to helping the Bureau work with each of you.

Source: Federal Bureau of Investigation FBI Crime News

“This case is one of the highest priorities for the San Francisco Field Office,” said FBI San Francisco Special Agent in Charge Robert K. Tripp. “Law enforcement officers bear a tremendous responsibility to police our communities lawfully in keeping with the Constitution, and we must always be true to that guiding principle…The citizens of our communities deserve law enforcement personnel who practice what they enforce. Any breach to the public’s trust is absolutely unacceptable.” 

Four separate indictments were issued on August 17, 2023. In the first indictment, referred to as the “college degree benefits fraud indictment,” six defendants allegedly engaged in a conspiracy to defraud Antioch and Pittsburg police departments out of taxpayer dollars by claiming they had earned college credits toward degrees when, instead, they paid others to attend classes and take exams for them.

In June of 2019, an officer of the Pittsburg Police Department allegedly used a person identified as “Individual 1” to complete multiple college courses on his behalf that were credited toward the officer’s Bachelor of Science degree in Criminal Justice. Once the officer allegedly received a degree, they applied for and received reimbursements and pay increases from the Pittsburg Police Department. The same officer allegedly promoted the services of Individual 1. Five other members of the police departments ended up paying Individual 1 to complete similar coursework towards their degrees. As with the initial officer, they also applied for reimbursements and pay increases from their law enforcement employer.  

In the second indictment, two officers from the Antioch Police Department allegedly conspired to illegally distribute anabolic steroids to an unnamed customer. One of the officers allegedly possessed the drugs, and the other officer attempted to delete incriminating evidence from their cell phone before handing it over to law enforcement for investigation. 

In the third indictment, a defendant from the Antioch Police Department received three charges, two involving alleged interference with a wiretap investigation, and the third involving the illegal seizure and destruction of a telephone. On March 23, 2021, the defendant was assigned to a wire room where they were supposed to monitor communications between a target and others who contacted the target by telephone. The defendant allegedly used his personal cellphone to call a target, covering up any evidence of the call. On May 6, 2021, the defendant was present when another officer used a deployed a police dog while making an arrest. When the defendant saw a witness recording the aftermath of the incident on a cell phone, they allegedly seized and destroyed it. 

The fourth indictment charges three Antioch police officers with conspiracy against rights and deprivation of rights under color of law. The indictment describes several incidents of excessive force, among others. Allegedly, the defendants deployed excessive force as “punishment” to subjects “beyond any punishment appropriated imposed by the criminal justice system.”   

For example, on August 24, 2021, one of the defendants, along with Antioch police officers, executed a search warrant at a residence, located a subject inside a locked bedroom holding a video game controller with a video game on a television screen. When the defendant and other officers entered the room, the subject raised his hands. The officers surrounded the subject, and while one of the officers held down the subject’s arm to arrest him, the defendant deployed the 40mm less lethal launcher, injuring the subject.  

“Color of law violations strike at the very heart of our justice system. They undermine public confidence in the law and law enforcement and erode the fundamental right of our citizens,” said Tripp.  

The indictment includes several other incidents of excessive force as well as the collection and sharing of pictures and munitions to memorialize the acts of violence. 

Note that an indictment merely alleges that crimes have been committed, and all defendants are presumed innocent until proven guilty beyond a reasonable doubt.