Category: Federal Bureau of Investigation FBI Crime News

Source: Federal Bureau of Investigation FBI Crime News

Director Wray joined past and present CJIS leaders, lawmakers, FBI staff, and dozens of retired fingerprint examiners at the July 10 event, which celebrated 100 years since the Bureau established its Identification Division on July 1, 1924. The new division consolidated 810,000 fingerprint files from the United States Penitentiary in Leavenworth, Kansas, and the National Bureau of Criminal Identification, which had been the keeper of crime data for the International Association of Chiefs of Police since 1896.

Wray described the history of fingerprint technology in investigations spanning a century.

“I’m proud that we’ve maintained that focus on growing our capabilities, because there’s simply no other way to remain as effective as a law enforcement and intelligence agency when the threats are as dynamic and evolving as they are today,” Wray said. He also highlighted the introduction of new biometric modalities—like facial recognition, palm prints, and iris scans—as innovations that will help the FBI and its partners better carry out their missions into the future. NGI’s National Iris Service, for example, allows users like police and prison staff to enroll iris images without physical contact, linking a subject’s irises to their respective fingerprint records. “You want to talk about the textbook illustration of innovation,” Wray said. 

Source: Federal Bureau of Investigation FBI Crime News

And when an agency—anywhere in the country or really around the globe—submits a ten-print card, NGI can fire back an accurate search result within minutes.

In fiscal year 2023 alone, CJIS received and processed 74 million fingerprints.

And, not too long ago, we processed—you processed—our one-billionth (that’s with a “b”) electronic fingerprint transaction.

So, it’s no wonder the NGI System is renowned as such a vital tool among our law enforcement partners everywhere—not just with state and local departments across the country, but also among our international partners throughout the world. 

You know, it can be hard to grasp what the impact of these figures—162 million, 74 million, and especially one billion—actually looks like. So instead of just rattling off numbers, let me just talk about that impact—some of the cases the repository has helped solve over the years:

• In 2002, fingerprint evidence helped us identify one of the infamous Beltway Snipers and piece together his crimes as we raced to stop the rampage.
• In 2019, a fingerprint query helped confirm the identity of the subject who mailed those improvised explosive devices targeting multiple U.S. government officials, the news media, and others.
• And in 2020, fingerprints revealed the identity of a woman who had mailed deadly ricin powder to prison employees in Texas and to the president. 

Those are just a few examples of the impact you have every day. 
 
It’s impossible to know how many lives you’ve saved, cases you’ve helped close, thanks to our fingerprint identification services over the years, but there is not a doubt in my mind that the American people are safer because of your work.  

How We Got Here

That’s where we are today, but we didn’t get here overnight.

The FBI’s biometrics story stretches out back to a time not just before CJIS’ existence, but before the FBI was even known as “the FBI.” In about two weeks, we’ll celebrate the Bureau’s 116th anniversary. That means this organization—then simply called the Bureau of Investigation—was just 16 years old when it saw a need in the law enforcement community and answered that call, pioneering a national fingerprint repository.

It was as true to our ethos of innovation then as it is now. In fact, in his first report to Congress on the FBI after its founding in 1908, Attorney General [Charles] Bonaparte described the Bureau itself—described us—as “an innovation.” And we’ve never stopped holding ourselves to that standard, including when it comes to the speed and sophistication of our biometric services.

What began with paper fingerprint cards sent through snail mail and manually filed became IAFIS, Integrated Automated Fingerprint Identification System, in 1999, and was then transformed into the NGI System in 2014—shrinking fingerprint processing time from months to minutes.

Today, about 97% of all criminal and civil electronic fingerprint submissions to the NGI System are fully automated—a far cry from the paper method used a few decades ago. It’s important to note, too, that we not only search and analyze fingerprints for open cases. We also process latent fingerprints for use in cold cases and use fingerprints to help uncover the identities of victims and bring closure to families.

We can even detect whether fingerprints have signs of being intentionally altered, and, at times, have been able to work around those alterations to achieve a positive identification. 

Not only that, but the NGI System has expanded to include biometric capabilities, biometric modalities, as well—things like:

• Facial recognition and palm print searches;
• Text-based searches for scars, marks, and tattoos; and
• The latest innovation: the NGI Iris Service that allows users to enroll and search iris images quickly and easily, and can even easily link to other biometric records within the system. 

You want to talk about the textbook illustration of innovation.

And I’m proud that we’ve maintained that focus on growing our capabilities, because there’s simply no other way to remain as effective as a law enforcement and intelligence agency when the threats are as dynamic and evolving as they are today. As you saw in those case examples I mentioned, fingerprints advance both criminal and national security investigations. 

And our biometric services don’t just stretch from coast to coast—they extend beyond our borders, as we forge relationships and agreements with our foreign law enforcement partners. Through those agreements and CJIS’ foreign biometric exchange program, we share fingerprint records with our partner federal agencies here in the U.S., who can then identify and stop criminals and terrorists before they can enter the country and harm our citizens. So, even though times have changed, today—just like 100 years ago—the FBI’s leadership in biometrics is saving lives in innovative ways. 

Celebrating People

That’s a lot to celebrate, and what makes it all possible are the people behind all those services. 

CJIS’ Biometric Services Section is made up of about 600 personnel, which may sound like a lot until you realize they’re responsible for keeping the trains moving on criminal justice repositories containing hundreds of millions of records. Our biometrics teams work around the clock to provide quick, reliable identification and investigative services, in addition to supporting non-criminal-justice agencies with things like employment vetting and processing. 

They also update, analyze, research, compare, and review identity histories to keep them accurate, and they process the 3% of fingerprint submissions that are still done manually—which amounts to a whopping two million entries just in the last fiscal year. 

That’s not a 9-to-5 job. It’s a 24-hour-a-day, 365-days-a-year mission. 

And as much as we associate innovation with automation, the excellence I see every day at CJIS proves just how critical the human element is. Thanks to the people of CJIS—many of you—the FBI’s biometrics capabilities are saving lives. 

So, today, we celebrate not just this centennial anniversary, but the people behind the advances. And we pay tribute to the generations of FBI employees who kept pushing us forward, because they’ve shown us that, while our adversaries can be, at times, formidable, working with our partners across law enforcement, we—the good guys—can be unstoppable.

Conclusion

And I believe that if we continue on this road, with an enduring commitment to innovation and our partnerships, we’re gonna stay on the cutting edge of criminal justice technology. We’ll have a more agile and resilient FBI. And, working together, we’ll have a safer nation. 

So, with that, I’d like to give a hearty congratulations to the folks of CJIS, once again, for carrying forward the FBI’s legacy of innovation and the importance of partnerships. I can’t wait to see where you take us next. 

Thanks for having me.

Resources:

Source: Federal Bureau of Investigation FBI Crime News

Police initially reported Ashley as a runaway, likely due to recent tensions with her family and because she frequently spent time at other relatives’ homes.

But her family didn’t believe she had disappeared on her own accord.

The FBI joined the investigation in 2008 when the National Center for Missing and Exploited Children (NCMEC) alerted the FBI Cleveland Field Office about Ashley’s case.

At the time, there was another missing girl from the west side of Cleveland—Gina DeJesus, one of three women who were held hostage by Ariel Castro. Ashley and Gina were similar in age and from the same part of Cleveland. Initially, there was speculation that Ashley may have also been one of Castro’s victims. However, no evidence supported this, and Ashley’s case became an independent investigation.

Throughout the investigation, law enforcement has interviewed family members, neighbors, and anyone who could have potentially offered information leading to Ashley’s whereabouts. Gene—Ashley’s boyfriend at the time—and his family cooperated with authorities, and there has been no evidence to suggest that foul play was involved on Gene’s part.

“I can’t think of a single agent on our squad or analyst that hasn’t touched this investigation,” said McCaskill. “And this is including a lot of victim specialist support, analyst support, and support from agents and analysts on other squads, as well as the FBI Evidence Response Team and Child Abduction Rapid Deployment (CARD) team.”

From the start of the investigation, FBI Victim Specialist Jennifer Piero has been the primary contact for Ashley’s family. In her role, Piero offers support and shares case updates. “Any time we have received tips and conducted searches or canvasses, we have notified Ashley’s family,” explained Piero. “If we have anticipated something in the investigation that would make the news, we’ve contacted Ashley’s family in advance to ensure they learned about it first.” 

In 2018, a series of inquiries—as a result of the investigation into Ashley’s disappearance—led to the discovery that Ashley’s great uncle, Kevin Donathan, was actively abusing young children. Donathan was indicted on multiple counts, including rape, attempted rape, and five counts of gross sexual imposition. He pleaded guilty, and in 2020, he was sentenced to 35 years in prison, where he still resides.

Source: Federal Bureau of Investigation FBI Crime News

Douglas Edward Robertson, 56, of Olathe, Kansas, the former vice president of KanRus Trading Company Inc., pleaded guilty today for his role in a years-long conspiracy to circumvent U.S. export laws by filing false export forms with the U.S. government and, after Russia’s unprovoked invasion of Ukraine in February 2022, continuing to sell and export sophisticated and controlled avionics equipment to customers in Russia without the required licenses from the U.S. Department of Commerce.

“Robertson, by his own admission, conspired to sell advanced U.S. avionics equipment to Russian customers in violation of U.S. law,” said Assistant Attorney General for National Security Matthew G. Olsen. “The Justice Department will not tolerate those who seek to undermine the effectiveness of export controls that protect critical U.S. technology and deter Russia’s aggression in Ukraine.”

“Robertson’s guilty plea is reflective of the strong evidence gathered against him by federal investigators and the solid case presented by federal prosecutors,” said U.S. Attorney Kate E. Brubacher for the District of Kansas. “Our nation is both proud and grateful to these men and women at the Department of Justice who seek to protect the United States and our national security interests from adversaries both foreign and domestic.”

“Those who seek to profit by illegally selling sophisticated U.S. technology to our adversaries are putting the national security of our country at risk and that cannot be tolerated,” said Executive Assistant Director Robert Wells of the FBI’s National Security Branch. “It is appalling that the defendant schemed to smuggle avionics equipment to customers overseas including Russia, a nation engaged in a long-running military conflict with Ukraine. The FBI will work with our partners to stop the illegal flow of sensitive U.S. equipment and technology to foreign adversaries.”

“You might think that smuggling sensitive U.S.-origin technology to Russia, including to their Federal Security Service (FSB), means we’re not in Kansas anymore. Unfortunately, in this case, we were,” said Assistant Secretary for Export Enforcement Matthew A. Axelrod. “We will continue to hold individuals everywhere, including those at the highest rungs of the corporate ladder, accountable when they violate our laws by lying on forms and transshipping items through third countries.”

According to court documents, as part of his guilty plea, Robertson admitted that between 2020 and when he was arrested in March 2023, he conspired with others – including co-defendants Cyril Gregory Buyanovsky of Lawrence, Kansas, and Oleg Chistyakov, aka Olegs Čitsjakovs, of Riga, Latvia, – to smuggle U.S.-origin avionics equipment to end users in Russia, as well as Russian end users in other foreign countries by, among other actions, knowingly filing false export forms and failing to file required export forms with the U.S. government. In these forms, Robertson and his conspirators lied about the exports’ value, end users, and end destinations.

Robertson further admitted that on at least one occasion in 2021, he, Buyanovsky, and Chistyakov smuggled a repaired Traffic Alert and Collision Avoidance System (TCAS) to the FSB by removing the FSB sticker from the device before sending the device to a U.S. company to be repaired and then exporting the TCAS back to the FSB in Russia. At the time, the FSB was sanctioned by the U.S. Department of Treasury’s Office of Foreign Assets Control for its interference in the 2016 U.S. Presidential Election.  

Robertson further admitted that after Russia invaded Ukraine in February 2022 and the U.S. government tightened export controls concerning Russia, he, co-defendants Buyanovsky and Chistyakov, and other conspirators continued to purchase and export U.S.-origin avionics equipment to customers in Russia and took numerous steps to hide their illegal activity from law enforcement, including by lying to U.S. suppliers about the intended end users; shipping goods through intermediary companies in Armenia, Laos, the United Arab Emirates, and Cyprus; continuing to file false export forms with the U.S. government; and using foreign bank accounts in countries other than Russia, such as Armenia, Kazakhstan, Kyrgyzstan, Cyprus, the United Arab Emirates, and the Czech Republic, to promote their illegal export activity.

On Dec. 6, 2023, the U.S. Department of Commerce added many of the entities and individuals involved in KanRus and Robertson’s illegal export scheme to the Commerce Department’s Entity List as part of the U.S. government’s interagency efforts to dismantle Russian procurement networks designed to circumvent U.S. export controls and sanctions imposed in response to Russia’s invasion of Ukraine. The Entity List imposes specific license requirements on all listed individuals and entities.

In December 2023, Buyanovsky, the former President and owner of KanRus, pleaded guilty to conspiracy and money laundering and consented to the forfeiture of over $450,000 worth of avionics equipment and accessories, and a $50,000 personal forfeiture judgment.

On March 19, Chistyakov, a former KanRus broker, was arrested in Riga, Latvia, for his role in the illegal smuggling scheme. Chistyakov remains detained in Latvia pending extradition proceedings.

As a result of today’s guilty plea, Robertson faces a statutory maximum penalty of five years in prison for the conspiracy count, 20 years in prison for each of the two Export Control Reform Act counts, and 20 years in prison for the money laundering count. A sentencing hearing is scheduled for Oct. 3.

The FBI and the Department of Commerce’s Office of Export Enforcement are investigating the case. The Latvian authorities are assisting the investigation. The U.S. Customs and Border Protection provided substantial assistance.

Assistant U.S. Attorneys Scott Rask and Ryan Huschka for the District of Kansas and Trial Attorney Adam Barry of the National Security Division’s Counterintelligence and Export Control Section are prosecuting the case. The Justice Department’s Office of International Affairs is providing valuable assistance.

The investigation was coordinated through the Justice Department’s Task Force KleptoCapture, an interagency law enforcement task force dedicated to enforcing the sweeping sanctions, export controls and economic countermeasures that the United States, along with its foreign allies and partners, has imposed in response to Russia’s unprovoked military invasion of Ukraine. Announced by the Attorney General on March 2, 2022, and under the leadership of the Office of the Deputy Attorney General, the task force will continue to leverage all of the department’s tools and authorities to combat efforts to evade or undermine the collective actions taken by the U.S. government in response to Russian military aggression.

Source: Federal Bureau of Investigation FBI Crime News

“Our goal is to get bystanders, who are the most important part of the prevention cycle, to be able to consistently identify concerning behaviors that are backed by research and experience,” said Taylor Cilke, a crime analyst in the unit of BAU that studies threats. BAU resides in the FBI’s Critical Incident Response Group and is part of the National Center for the Analysis of Violent Crime, which was established in 1984 to develop strategies to combat serial and violent crimes.

“In order to prevent a threat, we have to identify it, and we have to assess it, and then we have to take steps to manage it,” Cilke said. “The hardest part is that identification piece. And that’s where the public and potential bystanders can really help us empower our communities and force-multiply our work. But if we never identify the threat, we can’t assess and manage it.”

To that end, BAU this week launched a Prevent Mass Violence campaign that includes a new webpage and brochures containing tips and strategies to help potential bystanders understand what types of behaviors may be concerning and ways to respond.

“The most important thing is to tell someone,” the webpage says. That may not necessarily mean law enforcement; it could be a school administrator, employee assistance peer, a boss, or someone else you trust.

“We’ve seen time and again that there are noticeable, observable behaviors,” said Brad Hentschel, a supervisory special agent in BAU, pointing to nearly three decades of academic research, along with BAU’s findings from studying mass violence events. “Mass shooters don’t just snap. Recognizing and reporting the warning signs of someone thinking about and preparing for violence can be lifesaving.”

Source: Federal Bureau of Investigation FBI Crime News

“It’s become a gold-standard for community-led threat assessment teams,” said Special Agent Sam Ukeiley, an FBI threat management coordinator in the San Antonio Field Office. A former profiler in BAU, Ukeiley helped an earlier iteration of BTAG formalize their process in 2019 and integrate BAU’s threat assessment and threat management approach.

SAPD manages the program and has become a model for law enforcement agencies around the country that are considering something similar. “You make sure you’re addressing all the threats in an accountable and defensible manner, so nobody falls through the cracks at a minimum,” Ukeiley said. “That’s what it’s all about.”

It was, in part, that accountability model that alerted the BTAG to new concerning behaviors by the Laredo, Texas, man in late 2022. After being released from treatment, he posted a video clip on social media of himself driving past Robb Elementary, site of the mass shooting, and an image of a hand holding a rifle magazine. 

On December 11, 2022, the man tried to buy a shotgun in San Antonio. When his application was delayed because he provided an incorrect home address, the FBI notified the local investigator, who arrested him on a state charge of making terroristic threats related to the Uvalde school shooting. The man was sentenced to jail, followed by a three-year period of supervised release. Post-release conditions will provide a structured reentry to society and enhance law enforcement’s options to monitor for concerning changes in behavior.

In a statement at sentencing, the prosecutor praised the effort that led up to the young man’s arrest and detention. “This is a great example of coordinated efforts by local and federal and law enforcement to keep our community safe using the full panoply of prosecutorial options at our disposal,” said Jaime Esparza, United States attorney for the Western District of Texas.

Sgt. Matthew Porter, supervisor of BTAG, said not every reported threat requires the team’s attention, but he would rather people err on the side of caution. “I would rather someone report something to us that’s not beneficial, rather than the alternative,” he said.

Source: Federal Bureau of Investigation FBI Crime News

When a Florida auctioneer was asked to auction off a pocket watch from the late 1800s, his research led him to believe that he may be holding a piece of U.S. presidential history.

The auctioneer realized that the watch may have belonged to Theodore “Teddy” Roosevelt, the 26th president of the United States. He contacted two historic sites closely associated with Roosevelt—Sagamore Hill National Historic Site and Theodore Roosevelt Inaugural National Historic Site—who confirmed the authenticity of the watch.

Roosevelt’s watch had been in possession of Sagamore Hill National Historic Site since he died in 1919. They loaned the watch to the Theodore Roosevelt Inaugural National Historic Site in 1971 for a six-year term to be shown in an exhibition. The loan was extended, but, unfortunately, the watch was reported stolen from the site in Buffalo, New York, on July 21,1987, and wouldn’t be identified again until 2023 at the Florida auction house.

Since Sagamore Hill National Historic Site and the Theodore Roosevelt Inaugural National Historic Site fall under the jurisdiction of the National Park Service (NPS), they reached out to NPS to recover the stolen artifact. NPS, the lead investigative agency, contacted the FBI Art Crime team for additional assistance. Both the NPS and FBI confirmed that this was the watch stolen almost 40 years earlier.

“This watch was a fairly pedestrian Waltham 17 jewel watch with an inexpensive coin silver case. It’s a ‘Riverside’ grade and model ‘1888’ with a hunter-style case, meaning it has a lid on either side which fold and encase the dial and the movement,” said Special Agent Robert Giczy, a member of the FBI Art Crime Team who investigated the provenance of the watch in this case.

Source: Federal Bureau of Investigation FBI Crime News

¹  See 18 U.S.C. § 4206(a).

² Id. § 4206(a)(1)–(2).

³ Peltier v. Booker, 348 F.3d 888, 896 (10th Cir. 2003) (Peltier VI) (“[T]he officers were on a routine law enforcement mission when they encountered overwhelming firepower from Native American activists.”).

⁴ United States v. Peltier, 585 F.2d 314, 318 (8th Cir. 1978) (Peltier I).

⁵ Peltier VI, 348 F.3d at 896 (concluding that “description of the murders . . . as ‘executions’ and ‘cold-blooded’ was warranted” and “quite apt”).

⁶ Peltier I, 585 F.2d at 319 (“The murderer shot Coler, who was unconscious, across the top of the head. The bullet carried away a part of his forehead at the hairline. The shot was not fatal, however. The murderer then lowered his rifle a few inches and shot Coler through the jaw. The shell exploded inside his head, killing him instantly.”).

⁷ Id. at 318–19 (“The murderer placed the barrel of his gun against Williams’ hand and fired. The bullet ripped through Williams’ hand, into his face, and carried away the back of his head. He was killed instantly.”).

⁸ United States v. Peltier, 800 F.2d 772, 779 (8th Cir. 1986) (Peltier III) (“Norman Brown testified that he saw Peltier firing a weapon from the treeline similar to the one introduced into evidence. . . . Michael Anderson testified that he saw Peltier at the agents’ cars and that Peltier was carrying a weapon similar to the one introduced in evidence. Moreover, no witness testified that anyone other than Peltier was seen firing an AR–15 at the agents’ cars, or that anyone other than Peltier was seen by the agents’ cars with an AR–15.”).

⁹ Peltier I, 585 F.2d at 319–20.

¹⁰ Id. at 320 (“Peltier was stopped by police months later in the State of Oregon. He fled the scene, turning to fire on one of the police officers.”).

¹¹ Peltier and his associates had “fourteen firearms, eight of which had obliterated serial numbers,” “tool boxes containing wiring, pocket watches with wires leading out of them, tools, pliers, and empty shell casings,” and “nine hand grenades.” Id. at 322.  

¹² Id. at 320.

¹³ Id. at 334.

¹⁴ Id. at 327 (“[A]t the time of his arrest, Peltier had in his possession the .30/30 rifle stolen in Oregon, other property stolen from the Oregon ranch house, two pistols, and an M-1 semiautomatic rifle.”).

¹⁵ Peltier VI, 348 F.3d at 889–90.

¹⁶ United States v. Peltier, 693 F.2d 96, 98 (9th Cir. 1982) (Peltier II) (“No imaginable set of circumstances could be drawn . . . to justify the armed jail break that took place.”).

¹⁷ Peltier I, 585 F.2d at 335 (affirming Peltier’s first-degree murder convictions); Peltier II, 693 F.2d at 98 (affirming Peltier’s escape and unlawful firearm possession convictions); Peltier III, 800 F.2d at 775 (denying Peltier’s first collateral attack); Peltier v. Henman, 997 F.2d 461, 468–69 (8th Cir. 1993) (Peltier IV) (denying Peltier’s second collateral attack); United States v. Peltier, 312 F.3d 938, 943 (8th Cir. 2002) (Peltier V) (affirming denial of Peltier’s motion to reduce his consecutive life sentences);  Peltier VI, 348 F.3d at 892 (rejecting Peltier’s collateral attack challenging the denial of his parole application); United States v. Peltier, 446 F.3d 911, 914 (8th Cir. 2006) (Peltier VII) (affirming denial of Peltier’s motion to correct sentence). 

¹⁸ Peltier III, 800 F.2d at 779 (“Norman Brown testified that he saw Peltier firing a weapon from the treeline similar to the one introduced into evidence. . . . Michael Anderson testified that he saw Peltier at the agents’ cars and that Peltier was carrying a weapon similar to the one introduced in evidence. Moreover, no witness testified that anyone other than Peltier was seen firing an AR-15 at the agents’ cars, or that anyone other than Peltier was seen by the agents’ cars with an AR-15.”).

¹⁹ Peltier VI, 348 F.3d at 894 (citing Peltier I, 585 F.2d at 319–20; Peltier III, 800 F.2d at 779).

²⁰ Peltier IV,997 F.2d at 464.

²¹ United States v. Peltier, 609 F. Supp. 1143, 1148–54 (D. N.D. 1985).

²² Id. at 1150–54.

²³ Peltier III, 800 F.2d at 777 (emphasis added).

²⁴ Peltier VI, 348 F.3d at 894 (emphasis added); see also Peltier IV, 997 F.2d at 464 (“The court found that the teletype did not refer to the .223 casing found in the agent’s car, but to other casings found at the scene.”).

²⁵ Peltier VI, 348 F.3d at 892 (emphasis added).

²⁶ Peltier IV, 997 F.2d at 469 (emphasis added).

²⁷ Peltier III, 800 F.2d at 775 (emphasis added). Further reinforcing that there was no concession, the court observed that it could have more easily resolved the appeal if the government had exclusively presented the case on an aiding-and-abetting theory. Id.

²⁸ Peltier IV, 997 F.2d at 465–71.

²⁹ Id. at 469 (emphasis added).

³⁰ Peltier V, 312 F.3d at 940 (observing that the government’s theory included “that Mr. Peltier personally killed the agents at point blank range”). Peltier’s citation to a letter from the former United States Attorney and isolated remarks by a prosecutor in a pro-Peltier film are also misplaced, as the United States Attorney was gone from office at the time of the alleged change in position, and the film predated and lacked the context of the Eighth Circuit’s 1993 deep dive into the alleged admission. See Peltier IV, 997 F.2d at 465–71 (examining and rejecting Peltier’s argument that the government had conceded it could not prove Peltier was the shooter). 

³¹ Peltier VI, 348 F.3d at 891 (emphasis added).

³² Id. at 893–95 (quoting the Parole Commission) (emphasis added).

³³ Ltr. from Dan Williams (Special Agent Williams’ cousin) to Director Christopher A. Wray (Feb. 25, 2022) (Attachment A)

³⁴ Ltr. from Paul Coler (Special Agent Jack Coler’s son) to FBI Director Christopher A. Wray (Feb. 25, 2022) (Attachment B)

³⁵ Ltr. from Michael Titone (Special Agent Williams’ 98-year-old uncle) to Director Christopher A. Wray (Feb. 24, 2022) (Attachment C).

³⁶ Ltr. from Ronald Coler (Special Agent Coler’s son) to Director Christopher A. Wray (Mar. 3, 2022) (Attachment D)

³⁷ Williams Ltr.

³⁸ Paul Coler Letter.

³⁹ Ltr. from Peggy Coler (Special Agent Coler’s widow) to FBI Director Christopher A. Wray (Attachment E) (describing her experience as a “never-ending nightmare”).

⁴⁰ “It is all very strange to me.  Strange, that after executing two defenseless men, that it could ever be considered that Peltier would get our of prison.”  Peggy Coler Letter. 

⁴¹ Ltr. from Linda Miller and Susan Gregg (Special Agent Coler’s sisters) to FBI Director Christopher A. Wray (Mar. 1, 2022) (Attachment F).

⁴² Ltr. from FBI Director Louis J. Freeh, to Attorney General Janet Reno (Dec. 5, 2000) (“The entire episode by Peltier remains an affront to the very principles to which you and I have dedicated our lives and to which every employee in the FBI stands firm.”); Ltr. from FBI Director Robert S. Mueller, III, to Isaac Fulwood, Jr., Chairman, United States Parole Commission (July 20, 2009) (“The passage of time does not diminish the brutality of these crimes or the incalculable damage done by Mr. Peltier to the surviving families, friends, and colleagues of Agents Coler and Williams.”); Ltr. from Ernest Babcock, FBI Deputy General Counsel to Cynthia K. Dunne, Attorney for Peltier (June 22, 2016) (declining Dunne’s request to meet with Director Comey and explaining “[Peltier’s] crimes resulted in pain and loss that will forever be felt by the families of the victims and by the FBI family.”) (Attachment G).

⁴³ Ltr. from Michael J. Clark, President, Society of Former Special Agents of the FBI to Acting Chairman Patricia K. Cushwa, Parole Commission (May 13, 2024) (“Peltier deserves no compassion in return for the executions he intentionally chose to commit.”); Ltr. from Natalie Bara, President, FBI Agents Association to Patricia K. Cushwa, Acting Chairperson, Parole Commission (June 5, 2024) (“Special Agents Coler and Williams made the ultimate sacrifice for our country, and that sacrifice should be honored. The loss of Agents Coler and Williams is felt as sharply today by the FBI family as it was in 1975, which is why the FBIAA and Special Agents have argued against early release for Peltier at every opportunity since his conviction.”) (Attachment H). 

⁴⁴ 18 U.S.C. § 4206(a).

Source: Federal Bureau of Investigation FBI Crime News

I stand before you today on behalf of Director Christopher Wray and the entire Federal Bureau of Investigation to vehemently express our opposition to the parole request of Leonard Peltier, who is serving two consecutive life sentences for the cold-blooded murders of FBI Special Agents Jack R. Coler and Ronald A. Williams.

On June 26, 1975, Special Agents Coler and Williams were attempting to locate and arrest a fugitive on the Pine Ridge Indian Reservation. Through their investigation, a vehicle of interest was identified and stopped. The vehicle’s occupants, to include Leonard Peltier, immediately exited the stopped vehicle and began firing at Special Agents Coler and Williams, being fully aware of their identity as FBI agents. Peltier and his associates discharged over 125 rounds into the vehicles of Coler and Williams. (This does not include the rounds that struck the agents or missed rounds). In direct contrast, Coler and Williams only discharged five rounds before being incapacitated and ultimately executed¹ by Peltier.

As described by the Court of Appeals, citing the trial record, “[T]he agents were killed with a high velocity, small caliber weapon fired at point blank range. Williams attempted to shield his face from the blast with his right hand, turning his head slightly to the right. The bullet ripped through Williams’ hand, into his face, and carried away the back of his head. The murderer shot Coler, who was unconscious, across the top of his head. The bullet carried away a part of his forehead at the hairline. The shot was not fatal, however. The murderer then lowered his rifle a few inches and shot Coler through the jaw. The shell exploded inside his head, killing him instantly.”² As noted by the United States Court of Appeals for the Tenth Circuit, a previous United States Parole Commission’s “description of the murders…as ‘executions’ and ‘cold-blooded’ was warranted.”³ 

Physical evidence indicated that at least three .223 caliber bullets were fired from close range at the agents. Testimony established Peltier was the only person carrying an AR-15 rifle at the time of the murders, and it was the only weapon present and capable of firing a .223 round.⁴

At the time of the incident, Peltier was a fugitive for attempted murder of an off-duty police officer in Milwaukee, Wisconsin. By Peltier’s own admission, he believed the agents were looking to arrest him. Basically, they were executed for doing their job: upholding the law.

After several months on the run, Peltier and his American Indian Movement (AIM) associates were stopped near the Canadian border. Subsequent to his escape and the capture of his associates, the vehicle was searched, and an arsenal of weapons and explosives were discovered,⁵ including Special Agent Coler’s FBI service revolver bearing Peltier’s thumbprint.⁶

Even after being found guilty of first-degree murder in the deaths of the agents, Peltier continued on his path of lawlessness and violence. In 1979, he participated in an orchestrated prison break from the Federal Correctional Institution in Lompoc, California.⁷ Peltier received an additional seven-year consecutive sentence for this violent escape attempt that resulted in the death of another inmate and the assault of a civilian bystander.

On a personal note, I can vividly recall hearing about the brutal murders of Special Agents Coler and Williams during my New Agent Training at Quantico, Virginia, in 1998. I can recount trying to grasp the details of the horrific killings of two of the FBI’s own. It was during this portion of the agent training process when I fully recognized the commitment I was embarking on, and it made me even more committed to protecting the American people.

Upholding the Constitution and protecting American citizens has been at the core of the FBI’s mission since 1908. It’s a commitment recited by every new FBI special agent at graduation. Special Agents Coler and Williams vowed that same oath and selflessly gave their lives to uphold that commitment.

At the time of their murders, Special Agent Coler was 28 years of age and Special Agent Williams was 27 years of age. The agents were assigned to help investigate and reduce crime on the Pine Ridge Indian Reservation, which is located in the southwest corner of South Dakota.⁸

The FBI has represented federal law enforcement on tribal lands since the 1920s. Today, the FBI remains even more committed to and responsible for investigating the most serious crimes within Indian Country, which include homicide, rape, child sexual assault, and violence against women and children.

Throughout all our investigations across Indian Country, the FBI remains steadfast in upholding tribal sovereignty while investigating violations of federal law—and is committed to working alongside our partners to prosecute these heinous crimes to the fullest and protect innocent lives. 

On June 26, 1975, Special Agents Jack R. Coler and Ronald A. Williams found themselves at the mercy of a killer. They made the greatest sacrifice that day—their lives—protecting others. We owe it to them and their families to uphold justice. We cannot and should not allow the facts surrounding their deaths to be forgotten by anyone.

Leonard Peltier deserves to fulfill the two consecutive life terms he was sentenced to on April 18, 1977. If granted parole, Peltier will have only served one of the two life sentences, and the parole would absolve the additional seven-year sentence for his escape from federal prison.

We cannot allow history to be erased. The facts surrounding this case have not changed. For nearly 50 years, the same concrete evidence has been outlined again and again during multiple appellate records. With each appeal and parole hearing, the wounds from this tragedy reopen for the Coler and Williams families, along with the current and former FBI workforce. Over two dozen federal judges have evaluated the evidence and considered Peltier’s legal arguments, and each has reached the same conclusion: Leonard Peltier’s convictions and sentence must stand.

I speak for myself and on behalf of the entire FBI family when I say granting parole to an unrepentant murderer would not only be justifying an attack on the rule of law, it would inflict more pain and unnecessary suffering on the families. For the reasons I have outlined here today, the FBI respectfully requests that Mr. Leonard Peltier’s request for parole be denied.  

Source: Federal Bureau of Investigation FBI Crime News

I want to begin by briefly discussing how FBI executes its strategy to disrupt our cyber adversaries.

First, given FBI’s history, it should not be surprising that one of our core focuses is investigating and attributing cyber activity to disrupt cybercriminals and raise their cost to operate. Bottom line, we want to punish cybercriminals and take them off of the playing field.

Next, we must gather and operationalize domestic intelligence to bolster victim recovery and support operational activity, or, as we say, we must pressure the common threats we face. We pressure these common threats by initiating joint and sequenced operations and on network operations to fight back against cyber adversaries from a domestic position and as a foothold for USIC [U.S. Intelligence Community] partners to engage. It’s an all-tools/all-partners approach.  
 
When I say “all-partners,” I mean it. We look to partner with domestic and global partners in both the public and private sectors. This is how we have the most significant impact on our adversaries. 

And the final way we execute the FBI’s cyber strategy is perhaps the most important one: victim engagement. We must provide rapid, comprehensive threat response and victim support in the wake of significant cyber intrusions, so, what authorities allow us to do our work.

Briefly:

• We have Title 18 authority to investigate computer intrusions.
• We have specific authorities within Rule 41, which governs search and seizure, allowing [the] FBI to seize malware covertly installed on U.S. infrastructure by our adversaries.
• We have specific counterintelligence authorities allowing [the] FBI to be integrally involved in any nation-state campaigns targeting U.S.-based organizations.
• And, then, we have FISA [Foreign Intelligence Surveillance Act] authority, including Title 1, Title 3, and Section 702. FISA Title I and Title III govern FBI’s activities inside the United States, and FISA Section 702 governs [the] FBI’s collection outside the United States. These authorities logically create two halves, the cybercriminal and national security investigations.

Almost all of the criminals developing sophisticated malware to enable ransomware attacks are based in Russian-speaking countries and operate as organized crime syndicates, similar to traditional organized crime elements. They’re entrepreneurial and have successfully lowered barriers to entry through ransomware-as-a-service. There are four key services to this business model: infrastructure, communications, malware, and currency. 

Specific to the malware key service, highly skilled malware coders are developing more-and-more sophisticated malware. Their affiliate model allows less technically skilled criminals who are obscured from the enterprise leaders to deploy highly sophisticated malware for their personal gain, while paying a percentage of their proceeds to the highly skilled malware coders.

Any organization’s goal should be to prevent these attacks, and prevention efforts should be commensurate with acceptable downtime. If acceptable downtime is one day, increasing prevention effort should be a high priority. Without effective steps taken in advance of the breach, an organization can find themselves wholly reliant on the honesty and integrity of bad actors to give them their data back.  

Let’s talk about target identification. 

Ransomware actors evaluate three key things.

• First, who is easily targetable?
• Second, who is likely to pay based on brand damage?
• Finally, who will pay the most?

Put in more industry standard terms: who doesn’t have good net defense, has a high willingness to pay, and will suffer the most economic impact from the encryption of key systems?

Ransomware attacks are almost always coupled with data theft—which we refer to as “double extortion”—or data theft and harassment of the victims and company officials, called “triple extortion.”
 
Let me make one additional note: When companies are extorted and choose to pay to prevent the leak of data, you are paying to prevent the release of data right now—not in the future. Even if you get the data back from the criminals, you should assume it may one day be released, or you may one day be extorted again for the same data.  

And when we are pursuing cybercriminal finances, infrastructure, and actors, one area we are specifically focused on is disrupting key services. 

One of the big developments from specialization is that malicious coders can write malware and then just sell access to other criminals who want to use it to attack or infect victims’ computer systems. 

By going after this key service, we can have a massive impact on cybercrime. 

Just a week ago, our field offices in Charlotte, Indianapolis, Jacksonville, Los Angeles, and Cleveland worked with the Defense Criminal Investigative Service and U.S. Secret Service—along with international partners from Denmark, France, Germany, and the Netherlands—to conduct a technical operation against four groups who offer malware as a service, in the first such operation ever conducted. 
 
That operation, Endgame, defeated multiple malware variants, took down more than 100 servers, and dismantled the infrastructure for four key pieces of global malware, which had been responsible for hundreds of millions of dollars in damages and had even compromised the critical-care online system a hospital needed to keep patients alive. 

Additionally, the five nations who conducted the technical operation worked with law enforcement in Portugal, Ukraine, and the U.K. [United Kingdom]—as well as with Europol and Eurojust—to arrest and interview suspects, conduct searches, and seize or take down servers all over the world.  

We’re still gathering information from that operation, but it is already a huge success, just in removing the malware that those groups were selling to other criminals. 

And let’s not forget about the Warzone Remote Access Trojan which was investigated by the FBI Boston Field Office, with support from the United States Attorney’s Office here in Boston. The Warzone RAT—the industry acronym for Remote Access Trojan—provided cybercriminals the ability to browse victim file systems, take screenshots, record keystrokes, steal victim usernames and passwords, and watch victims through their web cameras, all without the victims’ knowledge or permission. 

In February, 2024, the FBI Boston Cyber Task Force conducted a joint sequenced operation with authorities in Nigeria and Malta that included five lines of effort: 

• The seizure of four domains; 
• The destruction on infrastructure which facilitated Warzone’s operations;
• The tracing and seizure of cryptocurrency;
• The covert purchase of the malware; and
• The arrest, conviction, and sentencing of the primary subject in Nigeria.  

This year, FBI also conducted a complex operation against LockBit—a huge operation that functioned with a ransomware-as-a-service model.  

LockBit was set up by a Russian coder named Dimitri Khoroshev.  

He maintains the image of a shadowy hacker, using online aliases like “Putinkrab,” “Nerowolfe,” and “LockBitsupp.” But, really, he is a criminal, more caught up in the bureaucracy of managing his company than in any covert activities. 
 
Essentially, he licenses LockBit ransomware, allowing hundreds of affiliate criminal groups to run shakedowns. 

In exchange for the use of his software, he gets a 20% cut of whatever ransoms they collect from innocent people and companies around the world. 

To help his affiliates succeed, he provides them assistance through hosting and storage, by estimating optimal ransom demands, and by laundering cryptocurrency.  

He even offers discounts for high-volume customers. 

These LockBit scams run the way local thugs used to demand “protection money” from storefront businesses. LockBit affiliates steal your data, lock it down, and demand a payment to return your access to it. Then, if you pay the ransom, they return your access to your data. But they also keep a copy, and sometimes they demand a second payment to stop them from releasing your personal or proprietary information online. 

Since September 2019, Khoroshev has leased-out his virus and enabled his affiliates to extort people all over the world. 

They have used LockBit ransomware to attack people and organizations in financial services, food and agriculture, education, energy, government and emergency services, healthcare, manufacturing, and transportation. 

By 2022, LockBit was the most-deployed ransomware variant in the world. 

It was used by hundreds of unconnected affiliates and has been responsible for over 1,800 attacks in the U.S. and more than 2,400 attacks globally, causing billions of dollars in damages to victims. 

Disrupting LockBit and its affiliates became a global effort, involving FBI work with agencies from 10 other countries, particularly the British National Crime Agency, over more than three years. 

In February, we announced the results of a major technical operation to disrupt and seize infrastructure, as well as to impose sanctions on LockBit and its affiliates.  

We determined that LockBit and its affiliates were still holding data they told LockBit victims they had deleted—after receiving ransom payments.  

Khoroshev then tried to get us to go easy on him by turning on his competitors, naming other ransomware-as-a-service operators. 

So, it really is like dealing with organized crime gangs, where the boss rolls over and asks for leniency. 

We will not go easy on him. 

Last month, the Justice Department unsealed charges against him and six co-conspirators for fraud, extortion, and other crimes. 

In total, that included 26 charges against Khoroshev. FBI will undoubtedly continue our pursuit of bringing him to justice here in the United States. 

Additionally, from our ongoing disruption of LockBit, we now have over 7,000 decryption keys and can help victims reclaim their data and get back online. 

We are reaching out to known LockBit victims and encouraging anyone who suspects they were a victim to visit our Internet Crime Complaint Center at ic3.gov. 

I want to briefly touch on some reflections about the cybercriminal ecosystem.

Doing the basics well in a repeatable fashion is the most important thing you can do. 

Well-established cybersecurity practices—including MFA [multi-factor authentication] and password management, effective logging and log management, vulnerability and patch management, and maintaining air-gapped, encrypted, and current backups—have to be done in a repeatable fashion by your entire organization. 

Next, you need to plan well. And I’ll spend some time here.  

These plans should cover business continuity, crisis management, disaster recovery, and computer intrusion incident response. 

It is very important these plans are not developed and exercised in isolation. It’s also important for the plans to be exercised at the operational, executive, and board levels. 

The goal of your exercises should be to:

1. Develop synergy amongst decision makers; and
2. Refine your decision-making process. 

Based on our experience, there are three key areas of focus for your exercises.

First, communications. Internal and external communications protocols (and decision making) should be the number-one focus area for all of your exercises.  

The second goal is related to a ransomware attack and focuses on the “pay/no-pay” decision. If you suffer a ransomware attack, does your organization and its board have clear expectations about when you will and won’t pay the ransom based on organizational impact (e.g. downtime)?  

The third goal of your exercises is determining whether you will or won’t share with the U.S. government. This is likely to be the most-debated topic during your exercises. And, even if there is an agreement to share, the second point of evaluation will be: “What do we want to share?”

Again, the most well-prepared organizations have worked through multiple scenarios and have scripted their decisions based on a host of variables. Having an information-sharing plan included in your incident-response plan can help you prepare to engage the USG [U.S. government] when the time comes. It is important your inside and outside counsel contribute to that plan.  

And one final note about the relationships you’ll need prior to an intrusion: Assuming you will retain outside counsel, what is the threshold for engaging outside counsel? What guidance have you agreed to with counsel about information sharing? Have you discussed what reports counsel will direct third-party incident response to draft (internal-eyes-only, privilege, non-privilege)? 

Who will you retain as third-party incident response, and what is the threshold for calling them? Do they know what reports they will be asked to write for the victim?  

The same questions apply for your insurance provider and negotiators. 

Specific to insurance providers, the gold standard is this: Your retained counsel must know what’s in your insurance policy prior to an intrusion. This will ensure efficiency in decision-making during a time of crisis. And from an FBI perspective, we’re looking right now at how we more holistically engage the insurance industry to ensure we’re being a force multiplier benefiting victims. 

With initial access brokers, criminals have the flexibility to lease as much power as they need for their crimes and to hold onto them as long as they need them. 

Another business model for bots is to string them together into a massive and powerful botnet and then sell use of it. 

Just last week, the FBI—working with partners in Thailand, Singapore, and Germany—disrupted the world’s largest botnet and residential proxy service: 911 S5. This botnet had victimized more than 19 million IP addresses in nearly 200 countries, including at least 600,000 in the U.S. alone. It was used to commit cyberattacks, large-scale fraud, child exploitation, harassment, bomb threats, and export violations.  
 
911 S5 allegedly enabled cybercriminals to bypass financial-fraud detection systems and steal billions of dollars from financial institutions, credit-card issuers, and federal lending programs. Most of the fraud enabled by the botnet came in the form of phony pandemic relief fund applications, taking advantage of government services at a time when the most vulnerable among us needed that assistance the most. That included more than half-a-million fraudulent unemployment applications and more then 47,000 fraudulent applications to the Economic Injury Disaster Loan program. 

Our international technical operation seized the botnet’s domains and $29 million dollars in cryptocurrency. Additionally, the U.S. Treasury imposed sanctions, and the botnet’s administrator, YunHe Wang, was arrested overseas.

When we talk about targeting by nation-states, our collective goal should focus on early detection, containment, and eviction.  

China is the most prolific threat. Other active nation-state actors include Russia, Iran, and North Korea. 

For private sector companies, the state-sponsored threat encompasses corporate espionage, destructive attacks, influence operations, and intelligence collection—either through direct adversarial action or through collateral collection.  

As we saw in SolarWinds, the Russian SVR [Russia’s foreign intelligence service] surgically targeted a handful of U.S. government agencies through a sophisticated software-based supply-chain compromise and, in doing so, compromised an additional 18,000 companies, all of whom were rendered vulnerable.  

I want to briefly touch on 3rd party applications and the “outsized” risk they pose to sectors or industries.

Imagine, for a moment, an entire sector or industry uses a niche, but common, third-party application to facilitate its business. This common third-party application is depicted by the red box on the screen. 

From an adversary’s perspective, targeting this application can allow criminals or a nation-state to have an outsized impact throughout an entire sector or industry. 
 

This is why, within sectors and industries, we must use the term “peer” instead of “competitor.” In cyber, if you are being targeted, so are your sector and industry peers. Information sharing with your peers is absolutely critical for entire sectors and industries to be more resilient to cyber threats.  

Okay, let’s get back to the threats themselves.

Theft of intellectual property [IP] or personally identifiable information [PII], specifically by China, remains highly probable. China then takes this IP or information and attempts to monetize it. We remain deeply concerned about the monetization of stolen IP for China’s economic gain.

We could provide hundreds of examples, but one discussed openly is China’s attempted theft of COVID[-19] vaccine research from multiple U.S. universities. The same is true in other areas of emerging technology and research, including artificial intelligence and machine learning, quantum computing and communications, clean energy, etc. 

We also remain very concerned about the skills being developed by Chinese state-affiliated proxies and actors and their moonlighting for personal gain. 

When actors are uncontrolled, they operate with fewer constraints and will undoubtedly seek to profit personally from their “off-the-record” work.

We saw China-sponsored hackers compromise United States state.gov domains for various reasons, including profit. To effectuate this monetary gain, these China-sponsored hackers used stolen PII.  

Next, “hack and dumps.” This is a term you don’t hear too much about but it’s our adversaries’ intent to compromise your network, acquire sensitive personal information, and then “dump” it onto the internet. This is often in an effort to promote competitive advantage. 

A simple question for you to ask your team is this: How long would it take for your organization to know there is sensitive information—or disinformation—on the internet about your organization that could influence others’ view of our reputation, or directly impact the short- or long-term valuation of our company?   
 
We should also assess internally if we have the ability to detect when sensitive information is removed from our networks.  
 
Lastly, access in furtherance of attacks. In military circles, this is referred to as “prepping the battlefield. It involves pre-positioning tools and capabilities to maximize advantage should a need for a future attack arise or should [a] specific red line be crossed. This access is generally very difficult to detect as the adversary sits dormant after initial exploit, which emphasizes the importance of penetration-testing and threat-hunting work.  

This is a really important conversation for companies who sit within critical infrastructure sectors, and the goal is simple: early detection and eviction. It’s the never-ending game of cat and mouse.  

However, while cybercriminals’ ecosystem and business models have changed and continue changing, and while our approach to disruption has changed with them, that does not mean the hostile nation-state threat from cyber has lessened in any way—nor that our efforts to disrupt hostile-government operations have slowed. 

For instance, in January, the FBI Field Office here in Boston led Operation Dying Ember, an international effort against Russian military intelligence: the GRU. This is the same Russian agency behind NotPetya, and the same one that attacked the Ukrainian electric grid in 2015, attacked the Winter Olympics and Paralympics in 2018, and conducted attacks against the country of Georgia in 2019. 

Often, sophisticated actors like the GRU will use the same sort of botnets that criminals use, aiming to cover their tracks. 

By weaponizing common devices and technologies, the Russian government continues to blur the line between criminal activity and their operations. 
 
In this case, the GRU was taking advantage of a botnet to target the U.S. government, cleared defense contractors, NATO allies, and the Ukrainian aid shipment network. 

Our court-authorized technical operation kicked the GRU off more than 1,000 home and small-business routers belonging to unwitting victims all over the world—including here in Massachusetts. 

A computer scientist and a case agent here in the FBI Boston Field Office worked together to figure out how to remediate the routers—to get GRU malware off of them and to prevent reinfections. We removed surreptitiously installed malware from more than 400 routers here in the United States and hardened them against GRU re-attacks, and our international counterparts did so for about twice as many overseas. 

This was an operation we could not have accomplished without corporate partners, particularly Microsoft and the Shadowserver Foundation. 

By killing the GRU’s access to a botnet they were using to run cyber operations around the world, we both helped to protect unwitting businesses and individuals and put a dent in Russia’s cyber-enabled intelligence operations. 

As the Russian government continues to be reckless in cyberspace, the Chinese government can only be characterized as relentless. 

The Chinese government has the largest cyber program in the world, and it continues to use sophisticated tools to gain access to places they should not be. 

You may have heard about a group of China-sponsored hackers known as Volt Typhoon. 

We found persistent Chinese-government access inside our critical telecommunications, energy, water, and other infrastructure sectors. 

They were hiding inside our networks using tactics known as living off the land, essentially exploiting built-in tools that already exist on victim networks to get their sinister job done—tools that network defenders expect to see in use, so they do not raise suspicions.

Volt Typhoon also operated botnets to further conceal their malicious activity and the fact that the intrusion was coming from China. 

All this, with the goal of giving the Chinese government the ability to wait for just the right moment to deal a devastating blow. 
 
When Volt Typhoon’s malware was discovered in critical infrastructure, we joined our U.S. and international partners—beginning last spring, and again this February—to first author a series of joint cybersecurity advisories about what we saw, effectively calling out the hackers and sharing technical information victims can use to protect themselves. 

And then, we followed up those warnings with action aimed at the hackers.  Working with our partners in the private sector, the FBI was able to identify the threat vector and lead a multi-agency, court-authorized operation to not only remove Volt Typhoon’s malware from the routers it had infected throughout the U.S., but also to sever their connection to that network of routers and prevent their reinfection. 

And while the recent Volt Typhoon story understandably caused a stir because of the sheer magnitude of the operation, the fact is the Chinese government’s targeting of our critical infrastructure is both broad and unrelenting. 

So, what about the future? 

For China, this has been—and remains—simple math: What do American organizations possess that the Chinese want?
 
You do not have to look further than China’s 14th Five-Year Plan published in English on the internet. Why is it published in English? so they can use every vector and sympathetic party to steal to support their growth.   
 
The Chinese want intellectual property associated with information technology, biotechnology, new energy, new materials, high-end equipment, new energy vehicles, quantum, environmental protection, aerospace, and marine equipment—those are areas of extreme focus.
 
[The] FBI is also very focused on current SVR [Russian foreign intelligence service] activity and the ransomware affiliate group referred to as Scattered Spider. 

And other current focus areas include artificial intelligence, machine learning, and doing everything we can to ensure the 2024 election is secure.  

As I close here today, I want to reflect on a few things.

All threats evolve, and our collective strategies need to evolve with them. 

The FBI had its most prolific year ever in terms of disruptions of cyber adversaries in 2023, something we’re exceptionally proud of. 
 
But we should all remember we face extremely capable adversaries in China, Russia, Iran, North Korea, and with Russian-based cybercriminals who have safe-haven status in Russia.  

We should also remember that 85-90% of the most powerful cyber-threat intelligence lies in the hands of those other than the United States government, which brings me to a final point about partnerships: Not one of our past—or future—disruptions is possible without exceptional partnerships. We have to realize, and execute upon this theme, that we are in this together. We are stronger together. 

My ask of each of you today is this: Please be an ambassador for this message. We need everyone—private industry, nonprofits, academia, the U.S. government—in the boat, rowing in the same direction. This is how we will be most effective.  

And while not a Celtics fan—as I’m from Philadelphia—I can absolutely appreciate a great sports town, and Boston is certainly that. 

It’s my understanding the Celtics have a “win song.” So, as a fellow sports fan, I hope they play “All I Do Is Win” by DJ Khaled in Boston at least four times between now and June 23. 

Thank you for your time today.