Category: Federal Bureau of Investigation FBI Crime News

Source: Federal Bureau of Investigation FBI Crime News

I’m pleased to represent the FBI here today, as I oversee the FBI’s Cyber Operations Branch.

I am excited to speak about our multi-year disruption campaign against the LockBit ransomware group.

LockBit has hurt thousands of victims across the country and around the world to include in recent years, targeting all sectors, from government and public sector companies, such as hospitals and schools, to high-profile, global companies.

Today, a joint sequenced operation among 10 countries disrupted LockBit’s front- and back-end infrastructure in the U.S. and abroad.

The FBI seized four servers in the U.S. as part of this technical disruption, and we are announcing a total of five LockBit affiliates charged by the Department of Justice.

Two of those indictments are being publicly released today.

In addition, the cyber-related sanctions program implemented by the US Office of Foreign Assets Control (OFAC) imposed sanctions on two LockBit threat actors responsible for malicious cyber-enabled activities.

Lastly, we can proudly announce through the U.S. Department of State a reward of up to $15 million via the Transnational Organized Crime Rewards Program for anyone with information about LockBit associates.

This includes a reward of up to $10 million for information leading to the identification or location of any individual(s) who hold a leadership position in the LockBit ransomware variant transnational organized crime group and a reward offer of up to $5 million for information leading to the arrest and/or conviction of any individual conspiring to participate in or attempting to participate in LockBit ransomware activities.

This large operation could not have happened without the contributions of the National Crime Agency, FBI Newark, our international partners, the FBI’s Cyber Division—including our field office personnel across the country—and the FBI personnel stationed overseas, who led the collaboration with our foreign law enforcement partners all, standing shoulder to shoulder, pursuing the same goals, seeking to remediate victims and prevent LockBit from continuing its nefarious activities, it was these partnerships that were essential to today’s success.

I cannot go on without mentioning some of the other international partners who contributed to this effort including South West Regional Organized Crime Unit in the U.K., Metropolitan Police Service in the U.K., Europol, Gendarmerie-C3N in France, the State Criminal Police Office L-K-A and Federal Criminal Police Office in Germany, Fedpol and Zurich Cantonal Police in Switzerland, the National Police Agency in Japan, the Australian Federal Police in Australia, the Swedish Police Authority in Sweden, the National Bureau of Investigation in Finland, the Royal Canadian Mounted Police in Canada, and the National Police in the Netherlands.

This coordinated disruption of LockBit’s networks illustrates the power of collaboration between the FBI and our international partners.

The FBI’s strategy to combat ransomware leverages both our law enforcement and intelligence authorities to go after the whole cybercrime ecosystem by targeting the key services, namely the actors, their finances, their communications, their malware, and their supporting infrastructure.

And since 2021, that’s exactly how we’ve targeted the LockBit ransomware.

Our access to LockBit’s infrastructure was no accident.

Now, as we move to the next phase of the investigation, we’ve worked with our international partners to seize the infrastructure used by these criminal actors including nearly 11,000 domains and servers located all over the globe—hindering LockBit’s ability to sting again.

Through this operation, we have access to nearly 1,000 potential decryption capabilities, and the FBI, NCA, and Europol will be conducting victim engagement with over 1,600 known US victims.

I’m here today to ask those US victims and private sector partners who have been a victim of a LockBit ransomware attack to please go to our IC3 website to complete a questionnaire to see if the FBI can provide you with decryption capabilities found during this infrastructure disruption.

One example of our success helping victims occurred in October of 2023.

A Boeing distribution business, Boeing Distribution Inc. (BDI), was the victim of a LockBit ransomware attack.

Boeing immediately engaged the FBI, which provided timely coordination and information sharing that was instrumental to BDI’s investigation and recovery.

Today’s lesson for businesses large and small, hospitals and police departments, and all the other many victims of ransomware is this:

Reach out to your local FBI field office today and introduce yourselves, so you know who to call if you become the victim of a cyberattack. If you are a victim of LockBit, please reach out to your local FBI office or fill out the form on lockbitvictims.ic3.gov. The FBI is in possession of nearly 1,000 decryption keys, which we intend to provide to victims.

We’re ready to help you build a crisis response plan, so when an intruder does come knocking, you’ll be prepared.

And, like the LockBit victims here, when you talk to us in advance—as so many others have—you’ll know how we operate: quickly and quietly, giving you the assistance, intelligence, and technical information you want and need.

When victims report attacks to us, we can help them—and others, too.

Today’s announcement is only the beginning.

We’ll continue gathering evidence, building out our map of LockBit developers, administrators, and affiliates, and using that knowledge to drive arrests, seizures, and other operations, whether by the FBI or our partners here and abroad.

While this is, yes, a fight to protect our country, our citizens, and our national security, make no mistake—the fight for cybersecurity spans the globe. But the FBI’s presence and partnerships do, too.

So, a reminder to cybercriminals: No matter where you are, and no matter how much you try to twist and turn to cover your tracks—your infrastructure, your criminal associates, your money, and your liberty are all at risk. And there will be consequences.

Source: Federal Bureau of Investigation FBI Crime News

It’s an honor to join all of you here today.

For the past decade, this conference has given leaders from around the world and throughout industry, academia, and government the chance not just to talk about some of the biggest challenges we face—in other words, to share the bad news about the threats we’re all seeing—but also to discuss the solutions we’ve identified for overcoming those threats—to share the good news about our way forward.

So, I’m going to do a little of both and take you through what we at the FBI are seeing—both the good and the bad. And because a speaker should always be kind to his audience, I’m going to start with the good news.
 
What Success Looks Like 
As everyone in this room knows, today’s threat environment is constantly evolving—and it’s more severe and more complex than ever before. That’s especially true when it comes to the battles being waged in cyberspace. But the good news is, we’ve learned what success looks like—because we’ve lived it, together.

For the past several years, the Bureau has been laser-focused on what I consider one of our most valuable tools, and the core of our cyber strategy, leading joint, sequenced operations, conducted with our partners—many of whom are in this room today—and designed to maximize impact on our adversaries.

And I want to take a moment to reflect on and highlight some of those successes.   

I’m talking about things like Operation Medusa, a joint, sequenced operation that included using sophisticated technical means to force Snake—the Russian FSB’s most sophisticated malware—to effectively cannibalize itself. We took down Snake in over 50 countries with the help of our U.S. and more than half a dozen foreign partners.

Another example: the year-and-a-half-long campaign we waged—with our European partners—to hack the hackers of Hive, ransomware group targeting hospitals, schools, and emergency services, whose servers and websites we seized and shut down—and whose victims we saved from tens of millions in ransom payments.

Or how about the joint, sequenced operation that dismantled Genesis Market? Where working with our law enforcement counterparts in a dozen nations, we accomplished our biggest takedown ever of criminals dealing in stolen digital credentials. 

And just this morning, we announced yet another success, Operation Dying Ember, where working with our U.S.—and, again, worldwide law enforcement partners—we ran a court-authorized technical operation to kick the Russian GRU off well over a thousand home and small business routers, and lock the door behind them, killing the GRU’s access to a botnet it was piggybacking to run cyber operations against countries around the world, including America and its allies in Europe.

With these operations, and many more like them, we’ve set our sights on all the elements that we know from experience make criminal organizations tick: their people—a term we define broadly to include not just ransomware administrators and affiliates, but their facilitators, like bulletproof hosters and money launderers; their infrastructure; their servers, botnets, etc.; and their money, the cryptocurrency wallets they use to stash their ill-gotten gains, hire associates, and lease infrastructure.

Because we don’t just want to hit them—we want to hit them everywhere it hurts, and put them down, hard.
 
Importance of Global Partnerships 
Now, you might have noticed a common theme as I rattled off those successes, and that’s how heavily we rely on our partners—both at home and overseas—to get the job done. Because as everyone here knows, none of us can go it alone.

The bad guys aren’t constrained by international borders, so we shouldn’t be, either.  

At the Bureau, we’ve been doubling down in particular on our work with the private sector, in their capacity as victims of cyberattacks, of course, because the mission of the FBI always has been—and always will be—victim-centric—but also as integral partners, who can share valuable information about threats and trends, and, increasingly, join in our operations themselves.

Of course, our closest partners remain our intelligence and law enforcement colleagues in the U.S. and abroad. And I firmly believe one of the things that gives us a competitive advantage over our adversaries—authoritarians, criminals, and the toxic blend of the two—is that in those agencies we have real partners, partners who collaborate, not because they have to, but because they want to, out of shared values and a shared commitment to the rule of law.

To keep those partnerships strong, the FBI relies on our global presence.

Our broad, international footprint includes nearly a hundred satellite offices, providing coverage for more than 180 countries, territories, and islands around the world. And within many of those offices, our dedicated and quickly-expanding cadre of cyber assistant legal attachés work side-by-side with their host-nation counterparts to combat cyber threats—and I mean side-by-side literally. Often at desks in our partners’ space, right next to them, our Cyber Action Team and a host of experts also stand ready to deploy to critical cyber incidents at a moment’s notice as they did not long ago when they helped a NATO ally determine a cyberattack targeting critical public infrastructure had originated in Iran.

When you put all of that together, you’ll find we’ve got a pretty formidable arsenal that arms our partnerships and enables the joint, sequenced operations that represent success across the world.
 
The China Threat  
So, that’s the good news—and I’d love to be able to stop there and tell you I’ve only got good news to share. But that’s not really what people expect when they invite the FBI Director to speak—and I’d hate to disappoint you all today.

So, let’s get to the bad news.

The bad news is that while all of us have gotten a lot better at working together to combat the cyber threat, our adversaries have also been improving exponentially—and the world has become more dangerous than ever.

It won’t surprise any of you to hear that chief among those adversaries is the Chinese government, which has continued to attack the economic security, national security, and sovereignty of rule-of-law nations worldwide. The cyber threat posed by the Chinese government is massive. China’s hacking program is larger than that of every other major nation, combined. And that size advantage is only magnified because the PRC uses AI—built in large part on stolen innovation and stolen data—to improve its hacking operations, including to steal yet more AI tech and data.

But the PRC cyber threat is made even more harmful by the way the Chinese government combines cyber means with traditional espionage and economic espionage, foreign malign influence, election interference, and transnational repression. In other words, the CCP is throwing its whole government at undermining the security of the rule-of-law world. It’s hitting us indiscriminately, like in the so-called “Hafnium” Microsoft Exchange hack, where the PRC compromised managed service providers, hitting tens of thousands of victims. 

And not just in the United States, but in countries all over the world.

You’ll note a theme here, in the tools Beijing uses, and who it uses them against China doesn’t partner—it bullies and it bullies targets at every level—from individuals, to businesses and organizations, to governments. The PRC uses cyber as one of its means to that end.

Your country won’t toe Beijing’s line, and insists on standing up for freedom of association and expression, or for your partners?   

You might just find illegal PRC police stations in your territory, or MSS officers in China threatening your free-thinking students’ grandparents back home. You might find your companies harassed and hacked, targeted by a web of corporate CCP proxies. You might also find PRC hackers lurking in your power stations, your phone companies, etc., poised to take them down when they decide you stepped too far out of line, and that hurting your civilian population suits the CCP. And that targeting of our critical infrastructure is something I want to take a minute to address.

It’s certainly not anything new. 

In fact, China-sponsored hackers pre-positioned for potential cyberattacks against U.S. oil and natural gas companies way back in 2011. But these days, it’s reached something closer to a fever pitch. What we’re seeing now, is China’s increasing buildout of offensive weapons within our critical infrastructure, poised to attack whenever Beijing decides the time is right.

Take, for instance, persistent PRC access the U.S. found in our critical telecommunications, energy, water, and other infrastructure. China-sponsored hackers known as Volt Typhoon were hiding inside our networks, lying in wait for the moment China might choose to use their access to hurt American civilians. And while many of you may have seen the Volt Typhoon story as one about the PRC targeting the United States, in fact their targets spanned the globe—which shouldn’t be surprising, because in hack after hack, for years, we’ve seen the PRC hitting our partners around the world.
 
Now working with our partners, the FBI was able to shut down Volt Typhoon’s access through yet another one of those joint, technical operations we talked about a few minutes ago.

But there’s a lot more PRC cyber threat—in a lot more places—out there. And we’re only going to be able to battle back effectively if we do it together. Of course by “we,” I’m referring to rule-of-law nations united against criminality and abuse. I know there are some representatives of the CCP walking around town. But I don’t mind them knowing we’re onto them.
 
Other Cyber Threats 
Of course, everyone here is well aware China is not the only adversary we’re up against.

Russia, Iran, and North Korea are also determined to use cyber means to take aim at things we all hold sacred—our freedoms, prosperity, and democratic norms.

Take for instance, the 2022 cyberattack by an Iranian-sponsored group on a children’s hospital in the United States, one that showed a callous—and, frankly, despicable—disregard for the safety of the most vulnerable among us.

Or consider Russia’s continued targeting of critical infrastructure—including underwater cables and industrial control systems both in the United States and around the world. For instance, since its unprovoked invasion of Ukraine, we’ve seen Russia conducting reconnaissance on the U.S. energy sector. And that’s a particularly worrisome trend because we know that once access is established, a hacker can switch from information gathering to attack—quickly and without notice.

After all, Russia has made murder, rape, and mayhem its stock in trade.

So, no one should question its continuing willingness to launch destructive cyberattacks before and during military conflict.
 
Conclusion  
There’s no doubt we’re up against daunting threats, and adversaries growing more sophisticated and dangerous every day. 

That’s the bad news.

But everyone in this room—across government, academia, and the private sector—has the opportunity to stand together. And we’ve proven what we can accomplish together when we do.

That’s the good news.

We can make joint use of our collective expertise, capabilities, and authorities. And we should remember and capitalize on what sets us apart from our adversaries—our mutual trust, our shared values, and our desire to work together to keep people safe. That is how we’re going to stay ahead of the cyber threat. And at the FBI, we’re honored to stand alongside you in this fight.

Thank you. 

Source: Federal Bureau of Investigation FBI Crime News

It’s an honor to join all of you here today.

For the past decade, this conference has given leaders from around the world and throughout industry, academia, and government the chance not just to talk about some of the biggest challenges we face—in other words, to share the bad news about the threats we’re all seeing—but also to discuss the solutions we’ve identified for overcoming those threats—to share the good news about our way forward.

So, I’m going to do a little of both and take you through what we at the FBI are seeing—both the good and the bad. And because a speaker should always be kind to his audience, I’m going to start with the good news.
 
What Success Looks Like 
As everyone in this room knows, today’s threat environment is constantly evolving—and it’s more severe and more complex than ever before. That’s especially true when it comes to the battles being waged in cyberspace. But the good news is, we’ve learned what success looks like—because we’ve lived it, together.

For the past several years, the Bureau has been laser-focused on what I consider one of our most valuable tools, and the core of our cyber strategy, leading joint, sequenced operations, conducted with our partners—many of whom are in this room today—and designed to maximize impact on our adversaries.

And I want to take a moment to reflect on and highlight some of those successes.   

I’m talking about things like Operation Medusa, a joint, sequenced operation that included using sophisticated technical means to force Snake—the Russian FSB’s most sophisticated malware—to effectively cannibalize itself. We took down Snake in over 50 countries with the help of our U.S. and more than half a dozen foreign partners.

Another example: the year-and-a-half-long campaign we waged—with our European partners—to hack the hackers of Hive, ransomware group targeting hospitals, schools, and emergency services, whose servers and websites we seized and shut down—and whose victims we saved from tens of millions in ransom payments.

Or how about the joint, sequenced operation that dismantled Genesis Market? Where working with our law enforcement counterparts in a dozen nations, we accomplished our biggest takedown ever of criminals dealing in stolen digital credentials. 

And just this morning, we announced yet another success, Operation Dying Ember, where working with our U.S.—and, again, worldwide law enforcement partners—we ran a court-authorized technical operation to kick the Russian GRU off well over a thousand home and small business routers, and lock the door behind them, killing the GRU’s access to a botnet it was piggybacking to run cyber operations against countries around the world, including America and its allies in Europe.

With these operations, and many more like them, we’ve set our sights on all the elements that we know from experience make criminal organizations tick: their people—a term we define broadly to include not just ransomware administrators and affiliates, but their facilitators, like bulletproof hosters and money launderers; their infrastructure; their servers, botnets, etc.; and their money, the cryptocurrency wallets they use to stash their ill-gotten gains, hire associates, and lease infrastructure.

Because we don’t just want to hit them—we want to hit them everywhere it hurts, and put them down, hard.
 
Importance of Global Partnerships 
Now, you might have noticed a common theme as I rattled off those successes, and that’s how heavily we rely on our partners—both at home and overseas—to get the job done. Because as everyone here knows, none of us can go it alone.

The bad guys aren’t constrained by international borders, so we shouldn’t be, either.  

At the Bureau, we’ve been doubling down in particular on our work with the private sector, in their capacity as victims of cyberattacks, of course, because the mission of the FBI always has been—and always will be—victim-centric—but also as integral partners, who can share valuable information about threats and trends, and, increasingly, join in our operations themselves.

Of course, our closest partners remain our intelligence and law enforcement colleagues in the U.S. and abroad. And I firmly believe one of the things that gives us a competitive advantage over our adversaries—authoritarians, criminals, and the toxic blend of the two—is that in those agencies we have real partners, partners who collaborate, not because they have to, but because they want to, out of shared values and a shared commitment to the rule of law.

To keep those partnerships strong, the FBI relies on our global presence.

Our broad, international footprint includes nearly a hundred satellite offices, providing coverage for more than 180 countries, territories, and islands around the world. And within many of those offices, our dedicated and quickly-expanding cadre of cyber assistant legal attachés work side-by-side with their host-nation counterparts to combat cyber threats—and I mean side-by-side literally. Often at desks in our partners’ space, right next to them, our Cyber Action Team and a host of experts also stand ready to deploy to critical cyber incidents at a moment’s notice as they did not long ago when they helped a NATO ally determine a cyberattack targeting critical public infrastructure had originated in Iran.

When you put all of that together, you’ll find we’ve got a pretty formidable arsenal that arms our partnerships and enables the joint, sequenced operations that represent success across the world.
 
The China Threat  
So, that’s the good news—and I’d love to be able to stop there and tell you I’ve only got good news to share. But that’s not really what people expect when they invite the FBI Director to speak—and I’d hate to disappoint you all today.

So, let’s get to the bad news.

The bad news is that while all of us have gotten a lot better at working together to combat the cyber threat, our adversaries have also been improving exponentially—and the world has become more dangerous than ever.

It won’t surprise any of you to hear that chief among those adversaries is the Chinese government, which has continued to attack the economic security, national security, and sovereignty of rule-of-law nations worldwide. The cyber threat posed by the Chinese government is massive. China’s hacking program is larger than that of every other major nation, combined. And that size advantage is only magnified because the PRC uses AI—built in large part on stolen innovation and stolen data—to improve its hacking operations, including to steal yet more AI tech and data.

But the PRC cyber threat is made even more harmful by the way the Chinese government combines cyber means with traditional espionage and economic espionage, foreign malign influence, election interference, and transnational repression. In other words, the CCP is throwing its whole government at undermining the security of the rule-of-law world. It’s hitting us indiscriminately, like in the so-called “Hafnium” Microsoft Exchange hack, where the PRC compromised managed service providers, hitting tens of thousands of victims. 

And not just in the United States, but in countries all over the world.

You’ll note a theme here, in the tools Beijing uses, and who it uses them against China doesn’t partner—it bullies and it bullies targets at every level—from individuals, to businesses and organizations, to governments. The PRC uses cyber as one of its means to that end.

Your country won’t toe Beijing’s line, and insists on standing up for freedom of association and expression, or for your partners?   

You might just find illegal PRC police stations in your territory, or MSS officers in China threatening your free-thinking students’ grandparents back home. You might find your companies harassed and hacked, targeted by a web of corporate CCP proxies. You might also find PRC hackers lurking in your power stations, your phone companies, etc., poised to take them down when they decide you stepped too far out of line, and that hurting your civilian population suits the CCP. And that targeting of our critical infrastructure is something I want to take a minute to address.

It’s certainly not anything new. 

In fact, China-sponsored hackers pre-positioned for potential cyberattacks against U.S. oil and natural gas companies way back in 2011. But these days, it’s reached something closer to a fever pitch. What we’re seeing now, is China’s increasing buildout of offensive weapons within our critical infrastructure, poised to attack whenever Beijing decides the time is right.

Take, for instance, persistent PRC access the U.S. found in our critical telecommunications, energy, water, and other infrastructure. China-sponsored hackers known as Volt Typhoon were hiding inside our networks, lying in wait for the moment China might choose to use their access to hurt American civilians. And while many of you may have seen the Volt Typhoon story as one about the PRC targeting the United States, in fact their targets spanned the globe—which shouldn’t be surprising, because in hack after hack, for years, we’ve seen the PRC hitting our partners around the world.
 
Now working with our partners, the FBI was able to shut down Volt Typhoon’s access through yet another one of those joint, technical operations we talked about a few minutes ago.

But there’s a lot more PRC cyber threat—in a lot more places—out there. And we’re only going to be able to battle back effectively if we do it together. Of course by “we,” I’m referring to rule-of-law nations united against criminality and abuse. I know there are some representatives of the CCP walking around town. But I don’t mind them knowing we’re onto them.
 
Other Cyber Threats 
Of course, everyone here is well aware China is not the only adversary we’re up against.

Russia, Iran, and North Korea are also determined to use cyber means to take aim at things we all hold sacred—our freedoms, prosperity, and democratic norms.

Take for instance, the 2022 cyberattack by an Iranian-sponsored group on a children’s hospital in the United States, one that showed a callous—and, frankly, despicable—disregard for the safety of the most vulnerable among us.

Or consider Russia’s continued targeting of critical infrastructure—including underwater cables and industrial control systems both in the United States and around the world. For instance, since its unprovoked invasion of Ukraine, we’ve seen Russia conducting reconnaissance on the U.S. energy sector. And that’s a particularly worrisome trend because we know that once access is established, a hacker can switch from information gathering to attack—quickly and without notice.

After all, Russia has made murder, rape, and mayhem its stock in trade.

So, no one should question its continuing willingness to launch destructive cyberattacks before and during military conflict.
 
Conclusion  
There’s no doubt we’re up against daunting threats, and adversaries growing more sophisticated and dangerous every day. 

That’s the bad news.

But everyone in this room—across government, academia, and the private sector—has the opportunity to stand together. And we’ve proven what we can accomplish together when we do.

That’s the good news.

We can make joint use of our collective expertise, capabilities, and authorities. And we should remember and capitalize on what sets us apart from our adversaries—our mutual trust, our shared values, and our desire to work together to keep people safe. That is how we’re going to stay ahead of the cyber threat. And at the FBI, we’re honored to stand alongside you in this fight.

Thank you. 

Source: Federal Bureau of Investigation FBI Crime News

To combat this threat, the FBI has over 1,000 cyber personnel distributed throughout the United States who respond to incidents every single day. As the most geographically distributed cyber workforce in the federal government, the FBI responds to intrusions that affect not only U.S. critical infrastructure and big-name corporations, but also small businesses, our schools, and local government services in the communities you represent. The FBI’s response to each one of those incidents supports victims and allows us to learn how our adversaries operate—and who they might target next. We share that insight with cybersecurity agencies, the U.S. Intelligence Community (USIC), private industry, and international partners, so the global community of those fighting against cyber threats benefits from the FBI’s access and authorities.

“Investigations” are the umbrella under which the FBI conducts its activities, but that term should not imply that we only respond to events after the fact. Just the opposite: The FBI is focusing our unique authorities—and our ability to engage with international law enforcement, domestic targeted entities and victims, and key technology service providers—to identify and disrupt cyber adversaries before they compromise U.S. networks.

The information that the FBI uniquely collects assists our partner agencies, such as the Cybersecurity and Infrastructure Security Agency (CISA), as we work together to counter our adversaries. For example, FBI collection helps to identify other networks vulnerable to the same adversary technique. We help sector risk management agencies assess and mitigate cyber threats to critical infrastructure. We often provide U.S. Cyber Command or the National Security Agency (NSA) information on a piece of a malicious foreign actor’s infrastructure to disrupt or exploit. FBI collection facilitates the coordinative function of the Office of the National Cyber Director as they ensure coherence across federal cybersecurity. FBI’s collection also helps inform the National Security Council, so they can focus all the instruments of power the government might bring to bear against possible cyber threat actors. We also work with the State Department, including the new Bureau of Cyberspace and Digital Policy (CDP) and the Bureau of International Narcotics and Law Enforcement (INL), to build partner-country political and law enforcement support and partnerships for international investigations to counter cyber-enabled criminal activity impacting the United States. We value working with these federal partners toward the same goal, and when we use all these agencies’ complementary authorities together, we create a whole that’s greater than the sum of the agency parts.

This emphasis on sharing information and enabling our partners is part of the FBI’s continued move away from pursuing only indictments and arrests and towards a playbook where we work with government and industry partners around the world to execute joint, sequenced operations. That is how we impose the greatest possible costs on our adversaries and best protect our country. The willingness of the Department of Justice, including [the] FBI, to publicly attribute and expose damaging cyber intrusions by Russia, China, Iran, and North Korea has undermined those governments’ denials and created a platform for U.S. allies to condemn destabilizing cyber activity and impose costs of their own. Our decisions on how best to disrupt a cyber threat are guided by an assessment of which actions will most strengthen cybersecurity, regardless of who takes the shot or gets the credit.

In coordination with our partners, the FBI has successfully disrupted numerous nation-state campaigns and cybercriminal enterprises. Continued success will require repeated operations with our U.S. counterparts and foreign allies, and we must eliminate the sense of impunity many of these actors currently feel. Yes, the cyber threat is daunting, but when we combine the right people, the right tools, and the right authorities, we best protect our critical infrastructure.

Threat Overview

The USIC has assessed that China is attempting to preposition on U.S. critical infrastructure—setting up back doors to cripple vital assets and systems in the event China invades Taiwan and, therefore, limiting our ability to assist Taiwan.

We have observed the CCP target multiple critical infrastructure entities, attacks which could potentially jeopardize the physical safety of Americans. To give just one example, the FBI has identified PRC-backed hackers who gained access to the computer networks of a major U.S. transportation hub. In this case, the FBI quickly alerted the network operators to the particular portion of their network that had been compromised and assisted with fixing the vulnerabilities.

We are no longer in the Advanced Persistent Threat 1, or “APT1”, days of the PRC’s cyber program. In 2013, Mandiant, an American cybersecurity firm, publicly attributed APT1 activities to the People’s Liberation Army (PLA). Their pivotal report disclosed the bespoke malware commonly deployed by the PLA, which could easily be discovered by anti-virus/anti-malware programs. Today, we see PRC state-sponsored cyber actors, such as Volt Typhoon, “living off the land.” This technique uses legitimate network administration tools to perform malicious objectives, allows them to evade detection by blending in with normal operating system and network activities, avoid endpoint detection and response (EDR) products that would alert on the introduction of third-party applications to the host, and limit the amount of activity that is captured in default logging configurations.

The FBI’s Efforts to Counter PRC Cyber Actors

Together with our partners, we have released multiple Joint Cybersecurity Advisories on PRC state-sponsored cyber actors. These advisories provide details on PRC tactics, techniques, and procedures (TTPs) that can be used by network defenders to both find and prevent malicious cyber actors from accessing their networks. Increasingly, the scale and tradecraft of PRC cyber operations must be met with combined resources of the government and partners in the cybersecurity industry and others with broad insight into malicious activity on the internet.

Additionally, we work with our partners, such as CISA and other sector risk management agencies, to notify victims of cyber intrusions. These efforts include providing information to victim organizations to help respond to the intrusion, working with their IT [information technology] team to collect evidence, coordinating with attorneys, and conducing analysis to inform future responses. This evidence informs the public advisories that we release and other efforts to combat the threat.

Section 702 of the FISA Amendments Act of 2008

Section 702 of the FISA Amendments Act of 2008 is paramount to our ability to combat PRC state-sponsored cyber actors. In the last half of 2023, 97% of the FBI’s raw technical reporting on malicious cyber actors, and 93% of our reporting on emerging technologies, such as artificial intelligence, came from Section 702 collections. On average over the past 10 years, malicious foreign cyber actors have accounted for more than half of our Section 702 targets. The FBI’s Cyber Division uses this intelligence to conduct strategic disruption activities against those malicious cyber actors. Thanks to the foreign intelligence we receive from Section 702, the FBI’s Cyber Division is able to work with the FBI’s USIC partners and warn victims when cybercriminals are prepositioning for attacks—so, before the attack begins—and help the potential victims close identified backdoors and remove the opportunity for malicious actors to exploit their systems.

Section 702 has been pivotal for the FBI to detect and thwart PRC-backed cyber threat actors attempting to access U.S. critical infrastructure. The FBI has seen China-based cyber threat actors access a variety of critical infrastructure in the United States. Section 702 allows us to detect these cyber threat actors by monitoring them as they traverse the internet and determining when they access networks within the United States. Using queries for the identifiers of potential victims—namely American businesses and organizations—we can identify whether the cyber threat actors are merely researching a victim for possible future attacks or if they have already successfully compromised systems. This critical tool directly protects Americans and American businesses.

Investing in a More Capable Cyber Response

The PRC represents the defining threat of this era. There is no country that presents a broader, more comprehensive threat to our ideas, our innovation, our economic security, and, ultimately, our national security. Now is not the time to reduce the FBI’s resources or capabilities. The PRC uses every means at its disposal to impact our economic security—blending cyber capabilities, human intelligence, corporate transactions, and other means of attacking and exploiting U.S. companies to advance its own economic growth, national power, and military capability.

The FBI faces significant resource challenges to address the scale and sophistication of national security and criminal cyber threats targeting the United States. Although there are many resource gaps, the FBI is appreciative of the President’s Fiscal Year 2024 Budget Request, which would expand our ability to pursue cyber threats through investments that support efforts to build investigative capabilities at FBI field offices nationwide. The Fiscal Year 2024 Budget Request includes an additional $63 million for more agents, enhanced response capabilities, and strengthened intelligence collection and analysis capabilities. These investments reflect the National Cybersecurity Strategy’s emphasis on a whole-of-nation approach to addressing the ongoing cyber threat.

Reductions to the FBI’s budget would adversely impact the FBI’s computer intrusion program, undermining its ability to continue to aggressively and successfully thwart countless PRC threats to our economic and national security before they can do significant harm. Even if the FBI focused all of its cyber agents and intelligence analysts on the PRC threat, PRC-backed cyber threat actors would still outnumber FBI Cyber personnel at least 50 to 1, and they are attempting multiple cyber operations each day in domestic internet space, where only the FBI has the authorities to monitor and disrupt.

Conclusion

The strength of any organization is its people, and that is especially true in the FBI. The threats we face as a nation have never been greater or more diverse, and the expectations placed on the FBI have never been higher. Our fellow citizens look to the FBI to protect the United States from those threats, and, every day, the men and women of the FBI continue to meet and exceed those expectations. I want to thank them for their dedicated service.

Chairman Gallagher, Ranking Member Krishnamoorthi, and members of the committee, thank you for the opportunity to testify today. I am happy to answer any questions you might have and to work together with you in the nation’s fight against malicious cyber activity so the FBI can help achieve our collective cyber mission—to give the American people safety, security, and confidence in our digitally connected world.

Source: Federal Bureau of Investigation FBI Crime News

China’s hackers are positioning on American infrastructure in preparation to wreak havoc and cause real-world harm to American citizens and communities. If or when China decides the time has come to strike, they’re not focused solely on political or military targets. We can see from where they position themselves, across civilian infrastructure, that low blows aren’t just a possibility in the event of a conflict. Low blows against civilians are part of China’s plan.

But the PRC’s cyber onslaught goes way beyond prepositioning for future conflict. Today, and literally every day, they’re actively attacking our economic security—engaging in wholesale theft of our innovation and our personal and corporate data. 

Nor is cyber the only PRC threat we face. The PRC cyber threat is made vastly more dangerous by the way they knit cyber into a whole-of-government campaign against us. They recruit human sources to target our businesses, using insiders to steal the same kinds of innovation and data their hackers are targeting while also engaging in corporate deception—hiding Beijing’s hand in transactions, joint ventures, and investments—to do the same.

And they don’t just hit our security and economy. They target our freedoms, reaching inside our borders, across America, to silence, coerce, and threaten our citizens and residents.

The FBI’s Response

But I can assure you the FBI is laser-focused on the threat posed by Beijing. We have cyber, counterintelligence, criminal, and weapons of mass destruction experts—just to name a few—defending against it.

And we’re working in partnership with the private sector, our allies abroad, and all levels of the U.S. government—especially the NSA [National Security Agency], Cyber Command, and CISA [the Cybersecurity and Infrastructure Security Agency], as well as ONCD [the Office of the National Cyber Director], whose leaders I’m honored to be here with today.

In fact, just this morning we announced an operation where we and our partners identified hundreds of routers that had been taken over by the PRC state-sponsored hacking group known as Volt Typhoon. The Volt Typhoon malware enabled China to hide, among other things, pre-operational reconnaissance and network exploitation against critical infrastructure like our communications, energy, transportation, and water sectors. Steps China was taking, in other words, to find and prepare to destroy or degrade the civilian critical infrastructure that keeps us safe and prosperous. And let’s be clear: Cyber threats to our critical infrastructure represent real-world threats to our physical safety.

So working with our partners, the FBI ran a court-authorized, on-network operation to shut down Volt Typhoon and the access it enabled. This operation was an important step. But there’s a lot more to do, and we need your help to do it.

Let me quantify what we’re up against: The PRC has a bigger hacking program than every other major nation combined. In fact, if each one of the FBI’s cyber agents and intelligence analysts focused exclusively on the China threat, China’s hackers would still outnumber FBI cyber personnel by at least 50 to 1. 

So as we sit here while important budget discussions are underway, I’ll note that this is a time to be keeping ahead of the threat by investing in our capabilities rather than cutting them. We need to ensure that we sustain and build on the gains we’ve made that have enabled us to take actions like the Volt Typhoon operation I just mentioned.

The budgets that emerge from the discussions underway now will dictate what resources we’ll have ready in 2027—a year that, as this committee knows all too well, the CCP has circled on its calendar. And that year will be on us before you know it. As I’ve described, the PRC is already, today, putting their pieces in place.

Conclusion

I do not want those watching today to think we can’t protect ourselves. But I do want the American people to know that we cannot afford to sleep on this danger. As a government and a society, we’ve got to remain vigilant and actively defend against the threat Beijing poses. Otherwise, China has shown it will make us pay.

Thank you, and I look forward to today’s discussion.

Source: Federal Bureau of Investigation FBI Crime News

Chinese government hacking efforts now target the entire American populace, and the escalating urgency of the overall threat that China poses to U.S. national security requires more investment in the FBI’s capabilities, FBI Director Wray warned lawmakers during a January 31 appearance before the House Select Committee on the Chinese Communist Party. 

“I do not want those watching today to think we can’t protect ourselves,” he told legislators. “But I do want the American people to know that we cannot afford to sleep on this danger.” 

China’s quest to steal American intellectual property to gain an economic and militaristic edge over the United States—through nefarious cyber means and traditional espionage, alike—hasn’t let up. But the scope of its malicious cyber activities has expanded to target our nation’s critical infrastructure, Wray told lawmakers during the hearing, which looked to gauge the risks that CCP cyber efforts poses to U.S. national security. 

“There has been far too little public focus on the fact that PRC [People’s Republic of China] hackers are targeting our critical infrastructure—our water treatment plants, our electrical grid, our oil and natural gas pipelines, our transportation systems,” Wray told the committee during his opening remarks. “And the risk that poses to every American requires our attention now.” 

China’s state-sponsored hackers are posturing themselves to be able to take down these vital resources at a moment’s notice. That way, if conflict breaks out between the U.S. and China, they can cripple those resources and do direct harm to U.S. citizens, Wray explained. “Low blows against civilians are part of China’s plan,” he said. 

And, Wray stressed, this threat isn’t theoretical. On January 31, the Bureau announced that it had worked with partners to identify Wi-Fi routers that had been infected with malware originating from a Chinese government-sponsored hacking group. 

“The Volt Typhoon malware enabled China to hide, among other things, pre-operational reconnaissance and network exploitation against critical infrastructure like our communications, energy, transportation, and water sectors—steps China was taking, in other words, to find and prepare to destroy or degrade the civilian critical infrastructure that keeps us safe and prosperous,” Wray said. “So working with our partners, the FBI ran a court-authorized, on-network operation to shut down Volt Typhoon and the access it enabled.” 

This disruption was significant, but it’s not the end of the story when it comes to countering malicious cyber efforts by the Chinese government.  

The FBI is leveraging its expertise in the areas of cybersecurity, criminal investigation, and weapons of mass destruction, as well as private and public sector partnerships and relationships with international allies to tackle this multifaceted threat, he said. And investment is central to sustaining our battle rhythm against this threat. 

The President’s Fiscal Year 2024 Budget Request would help the FBI bolster its 56 field offices’ ability to investigate cyber threats, Wray’s written testimony to the committee stated. 

“The Fiscal Year 2024 Budget Request includes an additional $63 million for more agents, enhanced response capabilities, and strengthened intelligence collection and analysis capabilities,” he wrote. “These investments reflect the National Cybersecurity Strategy’s emphasis on a whole-of-nation approach to addressing the ongoing cyber threat.” 
Cuts to the Bureau’s budget would hinder the FBI computer intrusion program’s ability to combat CCP threats to U.S. economic and national security “before they can do significant harm,” the written testimony noted. 

“The budgets that emerge from the discussions underway now will dictate what kind of resources we have ready in 2027—a year that, as this committee knows all too well, the CCP has circled on its calendar,” Wray told the committee. 

Wray testified beside witnesses from across the U.S. government’s highest levels of cyber leadership at the hearing about CCP threats to American cybersecurity. Fellow panelists included National Security Agency Director Gen. Paul M. Nakasone (who appeared in his capacity as commander of U.S. Cyber Command); Cybersecurity and Infrastructure Security Agency Director Jen Easterly; and Harry Coker, Jr., who leads the Office of the National Cyber Director. 

“The Select Committee on the Chinese Communist Party is committed to working on a bipartisan basis to build consensus on the threat posed by the Chinese Communist Party and develop a plan of action to defend the American people, our economy, and our values,” the committee’s website states. 

You can read Director Wray’s full written testimony here, and you can read his opening remarks, as prepared, here. 

Source: Federal Bureau of Investigation FBI Crime News

China’s hackers are positioning on American infrastructure in preparation to wreak havoc and cause real-world harm to American citizens and communities. If or when China decides the time has come to strike, they’re not focused solely on political or military targets. We can see from where they position themselves, across civilian infrastructure, that low blows aren’t just a possibility in the event of a conflict. Low blows against civilians are part of China’s plan.

But the PRC’s cyber onslaught goes way beyond prepositioning for future conflict. Today, and literally every day, they’re actively attacking our economic security—engaging in wholesale theft of our innovation and our personal and corporate data. 

Nor is cyber the only PRC threat we face. The PRC cyber threat is made vastly more dangerous by the way they knit cyber into a whole-of-government campaign against us. They recruit human sources to target our businesses, using insiders to steal the same kinds of innovation and data their hackers are targeting while also engaging in corporate deception—hiding Beijing’s hand in transactions, joint ventures, and investments—to do the same.

And they don’t just hit our security and economy. They target our freedoms, reaching inside our borders, across America, to silence, coerce, and threaten our citizens and residents.

The FBI’s Response

But I can assure you the FBI is laser-focused on the threat posed by Beijing. We have cyber, counterintelligence, criminal, and weapons of mass destruction experts—just to name a few—defending against it.

And we’re working in partnership with the private sector, our allies abroad, and all levels of the U.S. government—especially the NSA [National Security Agency], Cyber Command, and CISA [the Cybersecurity and Infrastructure Security Agency], as well as ONCD [the Office of the National Cyber Director], whose leaders I’m honored to be here with today.

In fact, just this morning we announced an operation where we and our partners identified hundreds of routers that had been taken over by the PRC state-sponsored hacking group known as Volt Typhoon. The Volt Typhoon malware enabled China to hide, among other things, pre-operational reconnaissance and network exploitation against critical infrastructure like our communications, energy, transportation, and water sectors. Steps China was taking, in other words, to find and prepare to destroy or degrade the civilian critical infrastructure that keeps us safe and prosperous. And let’s be clear: Cyber threats to our critical infrastructure represent real-world threats to our physical safety.

So working with our partners, the FBI ran a court-authorized, on-network operation to shut down Volt Typhoon and the access it enabled. This operation was an important step. But there’s a lot more to do, and we need your help to do it.

Let me quantify what we’re up against: The PRC has a bigger hacking program than every other major nation combined. In fact, if each one of the FBI’s cyber agents and intelligence analysts focused exclusively on the China threat, China’s hackers would still outnumber FBI cyber personnel by at least 50 to 1. 

So as we sit here while important budget discussions are underway, I’ll note that this is a time to be keeping ahead of the threat by investing in our capabilities rather than cutting them. We need to ensure that we sustain and build on the gains we’ve made that have enabled us to take actions like the Volt Typhoon operation I just mentioned.

The budgets that emerge from the discussions underway now will dictate what resources we’ll have ready in 2027—a year that, as this committee knows all too well, the CCP has circled on its calendar. And that year will be on us before you know it. As I’ve described, the PRC is already, today, putting their pieces in place.

Conclusion

I do not want those watching today to think we can’t protect ourselves. But I do want the American people to know that we cannot afford to sleep on this danger. As a government and a society, we’ve got to remain vigilant and actively defend against the threat Beijing poses. Otherwise, China has shown it will make us pay.

Thank you, and I look forward to today’s discussion.

Source: Federal Bureau of Investigation FBI Crime News

FBI Director Christopher Wray on January 9 said the Bureau is well-postured to defend against foreign interference heading into the 2024 election cycle, despite the growing number of foreign actors and nation-states seeking to disrupt our democratic process.

“Americans can and should have confidence in our election system,” Wray said during a fireside chat with U.S. Army Gen. Paul M. Nakasone—the dual-hatted director of the National Security Agency and commander of U.S. Cyber Command—that was moderated by National Public Radio journalist Mary Louise Kelly.  The FBI hasn’t witnessed any foreign interference effort that has jeopardized “the integrity of the vote count itself in any material way,” he added.

The conversation was part of the 2024 Fordham International Conference on Cybersecurity, co-hosted by the FBI and Fordham University at the school’s Lincoln Center campus in New York City.

Protecting Elections

Information warfare and election interference aren’t new, Wray told the audience of public and private sector cyber experts, international partners, academics, and students.

But the uptick in the number of nation-states and overseas players who want to interfere with U.S. elections or otherwise exert foreign influence on American affairs—and the growing array of tools they can use to meddle in our democratic process—are, he said.

“The threats are more challenging, but the defense is better,” Wray said. “Everybody’s raising their game.”

The FBI Director called Russia “a regular player in this space,” and said that the country’s full-scale invasion of Ukraine hasn’t deterred it from trying to tamper with American politics. On the contrary, Wray noted, one could argue that American policy on Ukraine hits so deep a nerve that the Russian government is trying to simultaneously advance its agenda there and brainstorm ways to influence or interfere with business here at home.

“If anything, for them, the stars align in terms of those two efforts,” he said. “And so we have to be even more effective in countering it.”

But he said Russia isn’t the only nation-state seeking to sway American politics, noting that other countries—including Iran and China—are also active in this arena. “They’re all pursuing slightly different agendas and using slightly different techniques, but we’re watching all of it,” Wray explained.

The good news is that partnerships are allowing the Bureau and the government, more widely, to rise to the challenge of protecting U.S. elections from foreign interference. Wray said collaboration between the Bureau and its fellow U.S. government agencies, the federal government’s relationship with state election officials, and public-private partnerships, in general, have all become “exponentially more sophisticated and effective” with each new election cycle.

Partnerships also help the American populace become more resistant to foreign adversary efforts to use chaos as a tool for disruption. Wray also noted that it’s imperative that Americans be eagle-eyed amid misinformation efforts by foreign governments and the rise of emerging technologies like artificial intelligence.

“I think that’s a responsibility that every American has as an informed citizen and, ultimately, voter,” he said.

Source: Federal Bureau of Investigation FBI Crime News

Murat Kurashev, 36, of Sacramento, California, pleaded guilty to a single-count indictment charging him with attempting to provide material support to a designated foreign terrorist organization.

According to court documents, Kurashev attempted to provide financial support to Hayat Tahrir al-Sham (HTS). HTS was designated as a foreign terrorist organization by the Secretary of State and engages in terrorism in Syria. Between July 2020 and February 2021, Kurashev used money transfer services to send approximately $13,000 to two known couriers of an HTS fundraiser. Records obtained from the money transfer services documented multiple transactions from Kurashev to the couriers in Turkey usually in increments of $1,000. The couriers retrieved the funds often within 24 hours of transfer. Surveillance footage from money transfer businesses captured Kurashev in the midst of some of the transactions.

Law enforcement’s review of social media and encrypted mobile messaging discussions between Kurashev and the fundraiser, demonstrated that they believed that providing money in support of the HTS’s fighters was tantamount to being engaged in violent jihad. During these conversations with the fundraiser, Kurashev mentioned that he wished he could join the fight in Syria as a mujahideen and regretted that he could only provide financial support. These conversations make clear that Kurashev was fully aware of the fundraiser’s violent extremist ideology and participation and work on behalf of HTS.

Additional evidence seized by the FBI revealed that Kurashev followed the fundraiser’s online presence and various social media accounts. Some of fundraiser’s social media accounts that were viewed by Kurashev included solicitations for money to purchase military equipment, boots, clothing, firearms, and, in one case, a motorcycle. FBI forensic analysis of Kurashev’s Apple iCloud account revealed it to be replete with violent extremist content, including a video depicting HTS fighters. It appears that Kurashev watched this video while driving his work van along Interstate 80.      

Kurashev faces a maximum penalty of 20 years in prison and up to a $250,000 fine. Sentencing is set for March 18. A federal district court judge will determine any sentence after considering the U.S. Sentencing Guidelines and other statutory factors.

Assistant Attorney General Matthew G. Olsen of the Justice Department’s National Security Division, Executive Assistant Director Larissa L. Knapp of the FBI’s National Security Branch, and U.S. Attorney Phillip A. Talbert made the announcement.

The FBI is investigating the case.

Assistant U.S. Attorney Heiko P. Coppola for the Eastern District of California and Trial Attorney Dmitriy Slavin of the National Security Division’s Counterterrorism Section are prosecuting the case.

Source: Federal Bureau of Investigation FBI Crime News

Violent Crime 

The FBI’s top priorities are national security threats, but the Bureau plays a key role in combating violent crime in big cities and local communities across the United States. The threats vary widely, from bank robberies and art crime to human trafficking, gang violence, crimes against children, and drug trafficking.  
 
The Bureau’s Criminal Division this year accounted for more than 18,000 arrests and almost 10,000 indictments in violent criminal cases. The myriad FBI units targeting suspected criminals disrupted more than 2,500 operations and dismantled another 314. They located 2,401 children in the 12-month period that ended in September and were involved in more than 12,000 drug seizures. “To truly appreciate the impact the FBI and our partners are having,” Director Wray has said, “you’ve got to look at the cases.” 

Here’s a look at just a few significant cases and accomplishments: 

• Operation Ghost Busted: 76 individuals were charged with involvement in a drug trafficking operation that distributed large amounts of high-grade methamphetamine, along with fentanyl, heroin, and alprazolam (Xanax) in the greater Glynn County area of Georgia. Details
• Operation SpecTor: This coordinated operation spanning nine countries and dozens of law enforcement agencies across the U.S., Europe, and South America targeted darknet drug markets. Efforts resulted in seizures of more than $50 million in cash and virtual currency, 1,875 pounds of potentially lethal pills and other drugs, and 288 arrests. Details
  
  
• Operation Cross Country: The FBI, working with partners, identified and located 200 victims of sex trafficking during a two-week nationwide enforcement campaign in July. The operation also led to identification or arrest of 126 suspects of child sexual exploitation and human trafficking offenses and 68 suspects of trafficking were identified or arrested. Also located were 59 minor victims of child sex trafficking and child sexual exploitation offenses and 59 actively missing children. Details
  
  
• January 6: In what the Department of Justice has called the FBI’s largest ever investigation, the Bureau continues to seek the public’s assistance in in identifying individuals who made unlawful entry into the U.S. Capitol on January 6, 2021. In the 34 months since the attack on the Capitol, more than 1,200 individuals have been charged in nearly all 50 states for crimes related to the breach of the U.S. Capitol, including more than 400 individuals charged with assaulting or impeding law enforcement. Details 
• Transnational Organized Crime: The FBI is focused on the cartels trafficking narcotics across the border. The FBI has 328 pending investigations linked to cartel leadership; 78 of those are along the southern border.

Multiple field offices conducted operations this year targeting gangs or criminal networks. In July, for example, an FBI-led joint operation targeting violent criminals in Tucson, Arizona, resulted in 88 arrests. A month earlier, in Erie, Pennsylvania, an FBI-led Safe Streets task force targeted a local drug gang. Also last summer, an FBI-led operation in Dallas seized more than 540 grams of cocaine, more than 1,100 grams of methamphetamine, and more than seven grams of fentanyl, along with nine firearms and over $10,000 in cash.