<\/p>\n
<\/p>\n
\nNew York -Rashad Alkhader – Free Yemen Eye – From News- \u00a0FBI<\/p>\n
Remarks as prepared for deliver.<\/p>\n
Introduction<\/p>\n
Thank you.<\/p>\n
If you take a look at the topics for the conference today, each panel discusses something the FBI is heavily involved in right now\u2014cyber intrusions and ransomware attacks, risks posed by unmanned systems, domestic and international terrorism, and vulnerable supply chains that run through China and everywhere else. So, I appreciate the opportunity to kick off these discussions and share a little bit about how the FBI is working with critical partners like many of you in this room to combat these threats.<\/p>\n
Cyberattacks and ransomware. Unmanned systems. Domestic and international terrorism. Supply chain vulnerabilities.<\/p>\n
It\u2019s hard not to get overwhelmed by the enormity of those topics and these threats. And, frankly, that\u2019s a lot for one day.<\/p>\n
And, of course, I should add, those are just some of the threats we\u2019re focused on at the FBI, where we\u2019re also tackling the trafficking and exploitation of children, alarming levels of violent crime and hate crimes, the epidemic of deadly narcotics, and malign foreign influence aimed at undermining our government, just to name a few others.<\/p>\n
As I like to say: A lot of people seem to have ideas about things they think the FBI should be doing more of, but I haven\u2019t heard any responsible suggestions for things we could be doing less of.<\/p>\n
So, in order for the FBI to be at the forefront and stay ahead of all these threats, we rely on the partnerships we\u2019ve developed with folks in the private sector\u2014including many of you represented here today\u2014and across all levels of government, both here at home and abroad.<\/p>\n
And the importance of those partnerships is really the core of the message I hope you\u2019ll take away from my time with you here today.<\/p>\n
Cyber Threats<\/p>\n
So, what are we dealing with?<\/p>\n
In cyberspace, the threats only seem to evolve, and the stakes have never been higher.<\/p>\n
One bad actor targeting a single supply chain can cause cascading effects across multiple sectors and communities.<\/p>\n
One unpatched vulnerability can mean the difference between business as usual and a scramble to get scores of systems back online.<\/p>\n
And over the past few years, we\u2019ve increasingly seen cybercriminals using ransomware against U.S. critical infrastructure sectors. In 2021, we saw ransomware incidents against 14 of the 16 U.S. critical infrastructure sectors.<\/p>\n
In a perverse way, that makes sense, right?<\/p>\n
If you want someone to quickly pay a ransom, you threaten the very basic things they rely on for their day-to-day lives\u2014something like an oil pipeline, an elementary school, or an electrical grid. Malicious actors assume\u2014and, perhaps, rightly so\u2014that if they attack these things we depend on every day, they can inflict more pain, and people will pay more quickly.<\/p>\n
And these actors have demonstrated there\u2019s really no bar too low. They have no problem, for instance, threatening to shut down a children\u2019s hospital to make a quick buck.<\/p>\n
Let me be clear: That\u2019s not a hypothetical example.<\/p>\n
And while you would expect that cybercriminals are focused on operations for their own financial gain, really, any malicious cyber actor could also be trying to steal information or conduct influence operations, or laying the groundwork to disrupt our critical infrastructure. And those threats are not only proliferating, but becoming more complex.<\/p>\n
There is no bright line where cybercriminal activity ends and hostile government activity begins, which both compounds and complicates the threat landscape.<\/p>\n
We\u2019re seeing blended threats where\u2014for instance\u2014the Iranian government has sponsored cybercriminals to perpetuate attacks to gather intelligence or gain access.<\/p>\n
In other instances, hostile governments have attempted to make their cyberattacks look like criminal activity, which caused whole operations to go sideways.<\/p>\n
That\u2019s what we saw in 2017, when the Russian military used the NotPetya malware to hit Ukrainian critical infrastructure. The attack was supposed to look like a criminal heist, but was actually designed to destroy any systems it infected. They targeted Ukraine, but ended up also hitting systems throughout Europe, plus the U.S. and Australia, and even some systems within their own borders. They shut down a big chunk of global logistics, and, ultimately, their recklessness ended up causing more than $10 billion in damages\u2014maybe the most damaging cyberattack in history.<\/p>\n
Add to that, cyber adversaries have also obtained an increasing capacity for stealth in recent years, facilitating more comprehensive access to U.S. networks. They\u2019ve demonstrated the ability to maintain persistent access across various networks and environments by using seemingly legitimate credentials, accessing administrator accounts, and laterally traversing networks. They will park on a system quietly and then just wait for the right opportunity.<\/p>\n
So, to sum up the cyber threat picture: There\u2019s a persistent, multi-vector, blended threat that\u2019s constantly evolving and a continual challenge to assess, so we\u2019re battling back against a constant barrage of attacks.<\/p>\n
China<\/p>\n
In this cyber threat landscape, China is the most dangerous actor to industry.<\/p>\n
The Chinese government sees cyber as the pathway to cheat and steal on a massive scale, and more broadly, there\u2019s simply no country that presents a broader or more severe threat to our ideas, innovation, and economic security than the Chinese government because they\u2019ve shown themselves willing to lie, cheat, and steal to dominate major technology and economic sectors, crushing and putting companies from other nations out of business.<\/p>\n
The Chinese government\u2019s hacking program is bigger than that of every other major nation combined, and Chinese government hackers have stolen more of our personal and corporate data than all other countries\u2014big and small\u2014combined.<\/p>\n
But the threat from the PRC [People’s Republic of China] government is particularly dangerous because they use that massive cyber effort in concert with every other tool in their government\u2019s toolbox. What makes the Chinese government\u2019s strategy so insidious is the way it exploits multiple avenues at once, and often in seemingly innocuous ways.<\/p>\n
They identify key technologies to target. Their \u201cMade in China 2025\u201d plan, for example, lists ten broad areas\u2014spanning industries like robotics, green energy production and vehicles, aerospace, and biopharma.<\/p>\n
Then, they throw every tool in their arsenal at stealing the technology in those areas. And they are fine with causing indiscriminate damage to get to what they want, like in the Microsoft Exchange hack\u2014the Hafnium attack\u2014from 2021, which compromised the networks of more than 10,000 companies in just a single campaign.<\/p>\n
At the same time, the Chinese government uses intelligence officers to target the same information.<\/p>\n
And to knock down a few misconceptions about what it\u2019s like to be targeted by Chinese intelligence, first of all, most Chinese spies aren\u2019t just targeting people with government secrets. They\u2019re after people with accesses to innovation, trade secrets, and intellectual property they feel would give them an advantage\u2014economically or militarily.<\/p>\n
Second, many U.S. citizens who are compromised don\u2019t realize they are working for the Chinese government. Chinese intelligence officers often use co-opted staff from Chinese universities or national businesses\u2014effectively contract intelligence officers\u2014to contact targets and develop what seems like a \u201ccollaborative\u201d relationship, and the Chinese intelligence officer actually running the operation might never personally be in contact with the target.<\/p>\n
Third, and finally: With Chinese intelligence, the spy may not ever ask for information, but may, instead, just be looking for access to people and to networks, and that access may, in turn, be just enough to create a vulnerability for a cyber intrusion. So, their intelligence and cyber efforts are working hand-in-hand.<\/p>\n
They also use elaborate shell games to disguise their efforts\u2014both from our companies, and from our government investment screening program CFIUS, the Committee on Foreign Investment in the United States.<\/p>\n
And for non-Chinese companies operating in China, the Chinese government takes advantage of its laws and regulations to enable its stealing.<\/p>\n
For example, in 2022, we learned that a number of U.S. companies operating in China had malware delivered into their networks through tax software the Chinese government required them to use. To put it plainly: By complying with Chinese laws, these companies unwittingly installed backdoors for Chinese state hackers. The overall result of PRC efforts like these is deep, job-destroying damage across a wide range of industries\u2014and it\u2019s damage that hits across the country, too, which is why we\u2019re running 2,000 or so PRC-related counterintelligence investigations, out of every one of our 56 field offices.<\/p>\n
Disrupting the Threat<\/p>\n
In the cyber and espionage realm, just as in our other programs, our goal is disruption: getting ahead of and thwarting cyberattacks as early as possible, seizing infrastructure, and denying hackers the benefit of their crimes.<\/p>\n
Just a few weeks ago, we announced the success we\u2019ve had with the year-and-a-half-long disruption campaign against the Hive ransomware group, dismantling their infrastructure and taking it offline.<\/p>\n
Since 2021, they\u2019ve been one of the larger and more active ransomware groups we know of, targeting businesses and other victims in over 80 countries, and demanding hundreds of millions of dollars in ransom.<\/p>\n
Last July, the FBI gained clandestine, persistent access to Hive\u2019s control panel\u2014essentially, hacking the hackers.<\/p>\n
From last July to this January, we repeatedly exploited that access to get Hive\u2019s decryption keys and identify victims, and we offered those keys to more than 1,300 victims around the world so they could decrypt their infected networks\u2014preventing at least $130 million in ransom payments\u2014all without Hive catching on.<\/p>\n
The victims targeted by the Hive group reinforced what we know\u2014that ransomware groups don\u2019t discriminate. They went after big and small businesses.<\/p>\n
We rushed an FBI case agent and computer scientist to one specialty medical clinic that was so small, the doctor there also managed the clinic\u2019s IT security. We helped larger companies, and we also shared keys with victims overseas through our foreign-based legal attach\u00e9 offices\u2014like when we gave a foreign hospital a decryptor, which they used to get their systems back up before ransom negotiations even began, possibly saving lives.<\/p>\n
As we consider how best to focus our efforts at disrupting the hackers, we\u2019re not only providing intelligence to current victims to help them quickly recover from an attack, but also on preventing attacks before they happen.<\/p>\n
So, for example, while on Hive\u2019s systems, when we saw the initial stages of one attack against a university, we notified the school and gave their IT staff the technical information they needed to kick Hive off of their network before ransomware was deployed.<\/p>\n
But our ability to help often hinges on victims\u2014both private and public\u2014reaching out to us when they are attacked.<\/p>\n
Unfortunately, during these past seven months, we found that only about 20% of Hive\u2019s victims reported to law enforcement they had been attacked, which means we wouldn\u2019t have been able to help 80% of their victims if we hadn\u2019t managed to get into Hive\u2019s infrastructure, seeing what was happening from the bad guys\u2019 side. So, while an important success, the Hive disruption was somewhat unusual.<\/p>\n
We can\u2019t count on that level of visibility into adversaries\u2019 systems, so we\u2019re counting on our relationships with the private sector to let us know about a problem in time to fix or mitigate it.<\/p>\n
As part of those relationships, we share threat intelligence to help companies fortify their defenses, and we rely on organizations in the private and public sector to let us know when they\u2019ve been attacked, because once we learn about an attack, we work with our partners to broadly share what we can with public and private industry partners and international security agencies to improve overall network defense and prevent attacks.<\/p>\n
Dissemination of attack information helps overcome typical silos that thwart recovery efforts, and in many instances, public and private sector partners provide us information in return that we can take back and use to help you with your recovery efforts.<\/p>\n
For example, in 2021, the Port of Houston was attacked by cybercriminals. Because the Port reached out to us quickly, we were able to get technically trained agents out to the scene. There, they discovered a brand-new, zero-day exploit used to commit the attack\u2014that is, a vulnerability and means of exploiting it that no one knew about yet. We immediately deployed our investigative tools to search for other victims where the same exploit was being deployed, and by the time the software provider developed a patch, we\u2019d already enlisted our partners at CISA [the Cybersecurity and Infrastructure Security Agency] to work with us to help victims already being targeted, for whom that fix would otherwise have been too late. And, of course, the Port\u2014and Houston\u2014benefited greatly, too.<\/p>\n
The FBI is determined to use all of our tools and resources to help victims, whether we\u2019re talking about single individuals or whether they number in the thousands.<\/p>\n
When the FBI determined the Chinese had executed the Hafnium attack to install backdoors into at least 10,000 U.S. and international partner networks and computers, we worked with a private sector partner to conduct the arduous task of identifying those victims using only IP addresses, including developing a custom tool for the task. We then employed advanced analytics to geolocate victims to specific field offices and legal attach\u00e9 offices, and triaged over 1,700 victim notifications. And when some system owners weren\u2019t able to remove the Chinese government\u2019s backdoors themselves, we executed a first-of-its-kind, surgical, court-authorized operation, copying and removing the harmful code from hundreds of vulnerable computers\u2014slamming those backdoors shut.<\/p>\n
That example illustrates how today\u2019s FBI views success: disruption of our adversaries by leveraging our capabilities, tools, and resources to get ahead of and thwart cyber attacks as early as possible.<\/p>\n
As these examples demonstrate, a lot of good can come from mutual trust and working together\u2014from strong partnership. And strong public and private sector partners not only help us at the FBI get ahead of the threat and aid in recovery, but they also help us leverage our traditional law enforcement authorities to further our disruption goals\u2014not just arresting and extraditing more hackers, but dismantling their infrastructure and seizing their funds. Through seizures, we can also help a company recover funds that would otherwise be lost.<\/p>\n
For instance, from January through November 2022, our Internet Crime Complaint Center\u2019s Recovery Asset Team used the Financial Fraud Kill Chain over two thousand times, successfully freezing more than $328 million\u2014a 74% success rate\u2014that could then be returned to individuals and businesses who had been defrauded.<\/p>\n
Greed is a primary motivator of the cyber threat, and by hitting cyber actors where it hurts\u2014their wallets\u2014we can disincentivize more attacks before they occur.<\/p>\n
A few weeks ago, we announced the arrest of a Russian national who administered the Bitzlato Limited cryptocurrency exchange, which laundered over $15 million in ransomware proceeds and over $700 million in darknet illicit transactions. At the same time, we worked with our international law enforcement partners to seize Bitzlato\u2019s servers and execute additional arrests. Cryptocurrency exchanges like Bitzlato are a vital part of the infrastructure cybercriminals use to launder the funds extorted from their victims. In thinking about how we, at the FBI, can have the most durable disruptive impact, our goal is not only to take away the motivation for ransomware attacks, but also to deprive ransomware groups of the resources they need to successfully conduct these attacks.<\/p>\n
Conclusion and Partnerships<\/p>\n
Bottom line: We believe in using every tool we\u2019ve got to protect American innovation and critical infrastructure, but, as I said before, that\u2019s not something the FBI can do alone.<\/p>\n
That\u2019s a big reason conferences like this\u2014focused on building a dialogue between the public and private sector on current and emerging threats\u2014are so important to the Bureau. They build the partnerships necessary for us to understand and stay ahead of the threat.<\/p>\n
So, again, thank you for inviting me to kickstart the discussions today. Now, let\u2019s turn this into a conversation.<\/p>\n","protected":false},"excerpt":{"rendered":"
New York -Rashad Alkhader – Free Yemen Eye – From News- \u00a0FBI Remarks as prepared for deliver. Introduction Thank you. If you take a look at the topics for the conference today, each panel discusses something the FBI is heavily involved in right now\u2014cyber intrusions and ransomware attacks, risks posed by unmanned systems, …<\/p>\n","protected":false},"author":4,"featured_media":94053,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[50],"tags":[],"class_list":["post-94052","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-diverse-news"],"_links":{"self":[{"href":"https:\/\/fye-yemen.net\/index.php?rest_route=\/wp\/v2\/posts\/94052","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/fye-yemen.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/fye-yemen.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/fye-yemen.net\/index.php?rest_route=\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/fye-yemen.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=94052"}],"version-history":[{"count":0,"href":"https:\/\/fye-yemen.net\/index.php?rest_route=\/wp\/v2\/posts\/94052\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/fye-yemen.net\/index.php?rest_route=\/wp\/v2\/media\/94053"}],"wp:attachment":[{"href":"https:\/\/fye-yemen.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=94052"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/fye-yemen.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=94052"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/fye-yemen.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=94052"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}