Examining the January 6 Attack on the U.S. Capitol

Source: Federal Bureau of Investigation FBI Crime News

Statement Before the Homeland Security and Governmental Affairs Committee and Rules and Administration Committee

Washington, D.C.

Statement for the Record

Good afternoon, Chairman Peters, Chairwoman Klobuchar, Ranking Member Portman, Ranking Member Blunt, and members of the committees. Thank you for the opportunity to appear before you today to discuss the FBI’s role and efforts leading up to and in response to the January 6, 2021 attack on the U.S. Capitol building. I am pleased to be here representing the dedicated men and women of the FBI’s Counterterrorism Division.

The violence and destruction of property at the U.S. Capitol building on January 6 showed a blatant and appalling disregard for our institutions of government and the orderly administration of the democratic process. The FBI does not tolerate violent extremists who use the guise of First Amendment-protected activity to engage in violent criminal activity. The destruction of property and violent assaults on law enforcement officers betray the values of our democracy.

On a more personal note, I want to acknowledge the men and women who put their lives on the line to protect members of Congress and others present inside the U.S. Capitol complex on January 6. The men and women of the FBI, and our partners, are working non-stop with federal prosecutors to bring charges against those who participated in the siege of the U.S. Capitol. Those of us in public service, to include members of Congress and the U.S. Capitol Police, all take the same oath to protect and defend the Constitution. We feel strongly about the horrible events that transpired on the January 6.

FBI Efforts Leading up to January 6, 2021

It is not possible to examine the January 6 attack on the U.S. Capitol without an understanding of the overall terrorism threat picture leading up to that day. In 2020, the FBI assessed the greatest terrorism threat to the homeland was from lone actors or small cells who typically radicalize online and look to attack soft targets with easily accessible weapons; we remain confident in that assessment today. The FBI sees two distinct sets of individuals within this threat: homegrown violent extremists and domestic violent extremists. Both sets of individuals seek to engage in violent, criminal acts, but homegrown violent extremists are inspired by, or associated with, designated foreign terrorist organizations, while domestic violent extremists are motivated by domestic influences, such as long-standing DVE drivers to include racism, anti-Semitism, perceived government or law enforcement overreach, sociopolitical conditions, and personal grievances.

Throughout 2020, the FBI authored approximately 12 intelligence products for our federal, state, local, tribal, and territorial law enforcement partners disseminating trends we saw in threat reporting and criminal activity involving domestic violent extremism. Over the last year, we observed activity that led us to assess there was potential for increased violent extremist activity at lawful protests taking place in communities across the United States. As such, in June 2020, we, with our partners at the Department of Homeland Security (DHS), issued two separate Joint Intelligence Bulletins highlighting the potential for increased violent extremist activity at such demonstrations and noting that likely targets would include law enforcement and government personnel. More recently, in late August 2020, we published an analytical report informing our partners that domestic violent extremists with partisan political grievances likely posed an increased threat related to the 2020 election. In that product, we noted that domestic violent extremist responses to the election outcome might not occur until after the election and could be based on potential or anticipated policy changes. In December 2020, we participated in a DHS Intelligence In-Depth product, which advised our partners the threat posed by the diverse domestic violent extremist landscape would probably persist due to enduring grievances.

In the weeks and months leading up to electoral certification, the FBI collected and shared intelligence; coordinated and communicated among federal, state, and local law enforcement partners; and positioned federal resources for potential deployment. Through these measures, the FBI worked in close coordination with the U.S. Capitol Police, the Metropolitan Police Department of Washington D.C., and other law enforcement partners leading up to the Joint Session of Congress and the planned demonstrations scheduled for January 6, 2021. The FBI and our federal, state, and local partners collected and shared intelligence and relevant public safety-related information in preparation for the various planned events.

FBI’s Response to Events on January 6, 2021

Throughout the course of the day on January 6, 2021, the FBI was in constant communication with federal, state, and local partners, including through the FBI WFO Command Post and the National Crisis Coordination Center at FBI Headquarters. Prior to the breach of the U.S. Capitol, FBI special agents, including bomb technicians, responded to assist the U.S. Capitol Police with securing two nearby locations where potential explosive devices had been found. While the FBI and the U.S. Capitol Police were responding to, and rendering safe, the devices, it became clear that some individuals had breached security barricades and were entering the U.S. Capitol Complex. In response to requests from the U.S. Capitol Police, the FBI immediately deployed additional assistance.

FBI tactical teams partnered with other responding law enforcement agencies to gain control of the area and offer protection to Congressional members and staff. One of the FBI tactical teams coordinated with the U.S. Capitol Police and the U.S. Secret Service to provide additional protection to a U.S. Secret Service protectee still in the building. FBI special agents on SWAT teams were deployed to secure nearby Congressional office buildings. The FBI Hostage Rescue Team deployed, FBI Evidence Response Teams arrived to collect evidence, and other FBI special agents provided perimeter security around the U.S. Capitol and the areas where the explosive devices were found.

Beginning on the evening of January 6, the FBI surged substantial resources to help ensure the safety and security of the U.S. Capitol Complex, members of Congress and their staff, and the public. Since then, the FBI has deployed our full investigative resources and is working closely with our federal, state, local, tribal, and territorial partners to aggressively pursue those involved in criminal activity during the events of January 6, 2021. FBI special agents, intelligence analysts, and professional staff have been hard at work gathering evidence, sharing intelligence, and working with federal prosecutors to bring charges against the individuals involved.

We have active tip lines and web resources for members of the public to provide information that will assist in identifying individuals who were involved in the violence and criminal activity. These resources also allow the public to submit any images, videos, or other multimedia files related to possible violations of federal law. The FBI has received more than 200,000 digital media tips and more than 30,000 tips through our National Threat Operations Center, which continues to receive tips from the public and generate actionable leads for our investigators. The FBI has opened hundreds of subject investigations with regards to acts of terrorism, rioting, assault on a federal officer, and property crimes violations.

Conclusion

Looking forward, the FBI assesses there is an elevated threat of violence from domestic violent extremists, and some of these actors have been emboldened in the aftermath of the breach of the U.S. Capitol. We expect racially or ethnically motivated violent extremists, anti- government or anti-authority violent extremists, and other domestic violent extremists citing partisan political grievances will very likely pose the greatest domestic terrorism threats in 2021 and likely into 2022. The FBI urges federal, state, local, tribal, and territorial government counterterrorism and law enforcement officials and private sector security partners to remain vigilant in light of the persistent threat posed by domestic violent extremists and their unpredictable target selection in order to effectively detect, prevent, preempt, or respond to incidents and terrorist attacks in the United States.

Developing Unique Partnerships to Defeat the Cyber Threat

Source: Federal Bureau of Investigation FBI Crime News

Remarks as delivered.

Good afternoon. It’s an honor to be with you, and great to join so many of our partners in one space. I wish we could be together in person, but the pandemic has of course forced us to find new ways of getting together.

But I’m grateful to at least be able to spend time with you in this virtual setting. This is the FBI’s fifth year co-hosting the conference on cybersecurity with Boston College. This conference has grown into a unique partnership of cyber experts, innovators, and policy makers across all levels of the private sector, academia, and law enforcement. And we at the FBI are extremely privileged to be a part of it.

Brief Threat Overview

As everyone in this room knows all too well, the cyber threat has evolved dramatically in recent years. Today, the threat comes at us from all angles. We see criminal actors turning to an underground economy in search of the most skilled hackers and sophisticated criminal cyber tools. They then leverage data theft, ransomware, and other illicit methods to inflict immense harm on their victims.

Cyber criminals are also taking a page out of the nation-state hacker playbook. In this regard, they’re sometimes breaching the systems of managed service providers. Through just one intrusion they can then access the networks of hundreds of potential victims.

Over the past year we’ve also seen criminal hackers take advantage of the ongoing pandemic. They target victims awaiting stimulus checks or others searching for PPE. Nation-states target the innovators and labs conducting research and developing vaccines. But as cyber threats evolve so do the ways we tackle them.

Today, I want to talk to you in part about the FBI’s new cyber strategy. And I’d also like to talk about the need to continue working together —private sector together with government—to most effectively combat the cyber threat.

New Strategy

Fighting cyber crime at the FBI is not a new responsibility. Believe it or not, the Cyber Division is nearly 20 years old—it was created in 2002. Over the years, we’ve called out nation-state actors for their destabilizing and damaging cyber activity. For example, last summer’s indictment of two hackers working on behalf of the Chinese Ministry of State Security. They are accused of stealing intellectual property from companies both here and abroad. They also targeted dissidents who spoke out against the Chinese Communist party. Separately, last fall we announced charges against Russian intelligence officers behind the most destructive cyber campaign ever perpetrated by a single group, including the NotPetya and Black Energy attacks. And last month we unsealed charges against three North Korean computer programmers. They were part of a criminal conspiracy conducting cyberattacks and are accused of stealing and extorting more than $1.3 billion in money and cryptocurrency from financial institutions and companies.

But we know full well this is only a small part of the ever-evolving cyber threat landscape. Cyber criminals perpetuating ransomware schemes have taken things to a whole new level. They’re not only wreaking havoc on company operations and causing significant financial losses, ransomware schemes are also now shutting down virtual learning in schools, crippling vital hospital systems, disrupting government services and threatening critical infrastructure. Going forward, it’s important to stay focused on imposing risks and consequences on all bad actors in cyberspace, whoever and wherever they are, to make it harder and more painful for hackers and criminals to victimize others and to prove to both criminals and nation-states that they can no longer compromise U.S. networks, steal U.S. financial and intellectual property, and put our nation’s critical infrastructure at risk without facing severe consequences.

This strategy represents a shift in mindset—focused on impact. We’re going to accomplish this by leveraging unique authorities, world-class capabilities, and enduring partnerships—for the benefit of the larger cyber community.

One example of this is FBI Boston’s investigation into a variant of the Mirai botnet. This variant’s role in a cyberattack massively disrupted the internet back in 2016 and made websites such as Sony, Twitter, Amazon, and Netflix inaccessible for a time. As a result of the investigation, a juvenile pleaded guilty to his role in the attack in December and was recently sentenced.

But arrests and indictments aren’t the only methods we can employ. Significant consequences can be imposed in other areas as well. Our investigations often help the Treasury Department eliminate criminals from the global financial system and assist law enforcement partners abroad in seizing malicious infrastructure or in finding and arresting cyber criminals hiding in their countries. Our investigations also provide the information and technical indicators private sector network defenders rely on to protect their companies.

In the end, it doesn’t matter whose action kicks cyber criminals off their networks and platforms, or which agency took down the criminals’ infrastructure. What matters is that we’re all working together to ensure safety, security, and confidence, for all, in this digitally connected world.

Our Unique Capabilities

Given the gravity of the cyber threats we face, the government must employ an entire ecosystem against them. And at the FBI, we’re playing a central role in that ecosystem by offering a range of capabilities. The FBI is both a law enforcement and intelligence agency—with a set of authorities, capabilities, and relationships to match. We don’t just investigate discrete incidents. It’s also important to understand who and where our cyber adversaries are, how they operate, and what needs to be done to weaken them.

We’re collecting intelligence from a wide variety of sources and sharing that information with our domestic and international partners. Here at home, we have cyber squads, including interagency partners, in each of our 56 field offices. Abroad, we have cyber agents in embassies around the globe—working with both foreign law enforcement and intelligence services. We also have a rapid-response force called the Cyber Action Team, that can readily deploy to major incidents anywhere, anytime. And within the Bureau, we’ve got decades of experience to lend to fight cyber crime. Our Counterintelligence Division investigates a wide range of foreign intelligence threats on U.S. soil. Our Counterterrorism Division anticipates how terrorists might develop cyber skills or use cyber-enabled methods to cause harm. And our Criminal Investigative Division works to stop online fraud schemes and disrupt cyber syndicates. And anything we can do—together—to neutralize and stop the cyber adversary or disrupt their activities is a victory.

Working Together

That’s a little bit about the capabilities offered by the FBI. But we’re also working with partners, including all of you, to foster greater collaboration and trust. We’ve created unique venues where members of the cyber community can work alongside each other and build long-term relationships. Within government, that hub is the National Cyber Investigative Joint Task Force, or NCIJTF. The NCIJTF includes more than 30 co-located agencies from the intelligence and law enforcement communities. The NCIJTF coordinates multi-agency campaigns to combat the most significant cyber threats and adversaries. We’ve pushed a significant amount of our own cyber operational and analytical capabilities into the NCIJTF to strengthen its role as a core element of this nation’s cyber strategy. And last year we invited senior executives from other agencies to lead new threat-focused mission centers there.

But the fact is, we know that the government can’t do it alone, by far. This fight requires a whole-of-society approach—government and the private sector, working together against threats to national and economic security. That’s why we’re co-located with partners in industry, academia, and the financial sector as part of the National Cyber-Forensics and Training Alliance in both Pittsburgh and New York City. It’s why we created another hub to work with and facilitate cybersecurity collaboration among the defense industry, the National Defense Cyber Alliance, where experts from the FBI and cleared defense contractors sit together, sharing intelligence in real time. And it’s why agents in every single FBI field office now spend a huge amount of time going out to companies and universities in their areas of responsibility, establishing relationships before there’s a problem, and providing threat intelligence to help prepare defenses. That includes information we’ve obtained from sensitive sources.

And we are working more closely than ever with our federal partners like the Cybersecurity and Infrastructure Security Agency (CISA) to produce joint advisories, so you’re hearing a single message from across the government.

Cyber Strategy in Practice

With a new strategy in place, I’d like to illustrate what it looks like in practice, and how we’re attacking some of the most dangerous threats on the cyber front. Against the cyber criminal threat, in late January, we, along with international partners, announced coordinated disruptions of the vast Emotet criminal botnet. As many of you know, Emotet has for years enabled criminals to push additional malware onto victim networks in critical sectors like healthcare, e-commerce, technology, and government.

Emotet is one of the longest running and most pervasive malware delivery services out there. And it’s especially dangerous when Emotet is used in conjunction with the Trickbot Trojan to deliver Ryuk ransomware. Used together, these tools can wreak financial and operational devastation on victims. With Europol, national partner services across Europe, and a number of providers, we used the detailed technical information obtained through our investigation to interrupt the botnet administrators’ control of their own servers. Applying lessons learned from disruptions of earlier botnets, we broke the server control chain at multiple levels—making it harder and slower for the botnet administrators to regain control.

It’s the kind of disruption that demands cooperation. Emotet, like other major ransomware threats, spans the globe. And this disruption is one with immediate, significant benefits for our whole community.

In a separate case, also investigated by our Boston Division, two computer hackers, one based in Iran, were indicted in September on charges they damaged scores of websites across the U.S. Following the January 2020 death of Islamic Revolutionary Guard Corps. commander Qasem Soleimani, one of the subjects allegedly transmitted computer code to more than 50 websites hosted in the U.S. and replaced their content with pictures of the late Soleimani with anti-American text. The two men remain fugitives, hunted by U.S. authorities.

Of course, not all of our criminal cyber cases have a global reach. Later this month, a New Hampshire man faces sentencing after pleading guilty to hacking into the Auburn Police Department and Town of Auburn computer systems. The subject deleted files, defaced employee accounts, and deployed malware that sent threatening pop-up messages to employees. This series of cyberattacks was retribution for the man’s arrest on drug charges by an Auburn police officer. The man even hacked into and defaced the website of the substance abuse center that treated him for heroin addiction.

And in November 2019, two Massachusetts men were indicted on computer and wire fraud charges and identity theft for allegedly hacking into the accounts of cryptocurrency company executives. Using an illegal practice known as SIM swapping, the two men convinced a cell phone carrier to reassign a victim’s cell phone number to a cell phone they controlled. The men targeted 10 victims and allegedly stole or attempted to steal over $500,000 in cryptocurrency. Their cases are still pending.

Another cyber threat that continues to grow is the blended or hybrid threat—state-sponsored economic espionage facilitated by cyber intrusions. We’re deploying our own, as well as our partners’ tools, against it, sequenced and synchronized, for maximum impact. In September we unsealed charges against five Chinese nationals from the hacking group called APT 41. They were targeting victim companies around the world from their safe haven in China. With our partners here and abroad, we arrested two of their co-conspirators in Malaysia, and seized or took down hundreds of the hacker accounts, servers, and domains. We also distributed a FLASH message to our private sector and foreign partners with technical information to help detect and mitigate APT 41’s malicious activities.

Around the same time, in Boston, our office uncovered a years-long malware campaign orchestrated by the Iranian government. This malware monitored dissidents, along with travel and telecommunications companies. As a result of the investigation, we were able to work with the Treasury Department, resulting in the imposition of sanctions on 45 individuals and a front company backed by the Iranian Intelligence Ministry. We also made the malicious code public, which not only dealt the Iranian government a significant blow but also helped mitigate the ongoing victimization of thousands of individuals and organizations around the world.

These are just a few examples of the work being done to impose risk and consequences on adversaries. On the Russia front, last year we worked with partners at NSA to uncover and expose highly sophisticated malware developed by Russian military intelligence. Legal process was used to get information that helped better understand that malware, complementing the great work our fellow intelligence community colleagues had done. That information allowed for the release of an unclassified report warning the public and resulting in a painful disruption to a well-known adversary. These actions resulted in a real cost to the Russia government, because they’d spent a lot of time and money developing the malware that was exposed and neutralized.

Elsewhere on the same front, we’ve been working nonstop on the SolarWinds investigation through a task force, known as the Unified Coordination Group, including CISA and ODNI, with support from NSA. As the lead agency for threat response, the FBI’s investigation is concentrating on identifying and notifying additional victims, collecting evidence, analyzing the evidence to determine attribution and sharing results with our government and private sector partners to inform operational actions, build the intelligence picture, and bolster network defense.

Responding to Your Needs

The way we do business today—and the changes made in our strategic approach—are in large part because of our work with you. We’ve been listening to your concerns, suggestions, and guidance and have taken them to heart. We’ve shifted our thinking and the way we operate to move more quickly in order to significantly impact our adversaries. And we’re working more collaboratively with partners at every level. We’re sharing more information with the private sector yet working discreetly behind the scenes. We’re co-locating cyber agents at desks right next to international counterparts to make it even easier to work together.

We’ve been doing a lot of listening and working hard to meet the needs of the community. While sometimes we might not be able to tell you precisely how we knew your company, your organization, your university was targeted, we can usually tell you what you need to know to prepare for, or stop, a cyber attack. And having a pre-existing relationship invariably helps to do that faster. Talking with us before a problem strikes helps you understand how we operate, how we protect victim information, and how we work hard not to disrupt your operations. That kind of information is a lot easier to digest during a time of calm, rather than during a crisis. It helps you better understand how we can help.

The recent SolarWinds campaign shows how important it is that government and the private sector share information both ways. The FBI has domestic intelligence collection authorities that give us unique visibility into how foreign adversaries are using U.S. IT infrastructure to target victims. But it’s the private owners of U.S. networks and infrastructure who are often in the best position to illuminate a key and important part of the threat picture. We may come to a victim knowing one IP address used to attack them, but not another. If, through our interaction, we learn about more, then we may be able to do more to help, and to stop the next attack, too. We’re committed to continuing to listen, take feedback, and to give feedback on what you share with us.

* * *

Those are just a few thoughts on the current threat landscape and how we can work to tackle and defeat cyber threats together. I hope that next year, when we return to Boston, we will be even further ahead in our evolution. Because working together is the only way we’re going to stay ahead of these complex threats. We need to bring together the right people, tools, and authorities at the right time. And we can’t do that without your trust and our mutual cooperation and partnership. We’ve got to build these relationships now in order to make sure we know about and understand the threats coming at us.

Please reach out, engage, get to know and talk to us about what you’re seeing and let us know how we can help. Thank you for taking the time to be here today. Stay well and be safe.

Security News in Brief: CEO Sentenced to Prison in $150 Million Health Care Fraud, Opioid Distribution, and Money Laundering Scheme

Source: United States Department of Justice Criminal Division

The chief executive officer of a Michigan and Ohio-based group of pain clinics and other medical providers was sentenced today to 15 years in prison for developing and approving a corporate policy to administer unnecessary back injections to patients in exchange for prescriptions of over 6.6 million doses of medically unnecessary opioids.

Security News in Brief: Justice Department Resolves Antitrust Case Against Leading Central Pennsylvania Health Care Providers

Source: United States Department of Justice Criminal Division

The Department of Justice announced today that it has reached a settlement with Geisinger Health (Geisinger) and Evangelical Community Hospital (Evangelical) that will resolve the department’s ongoing civil antitrust litigation challenging Geisinger’s partial acquisition of Evangelical. Among other terms, the settlement requires Geisinger to cap its ownership interest in Evangelical at a 7.5% passive interest and eliminates additional entanglements between the two competing hospitals.

FBI Offering Education, Guidance to Those Seeking Love Online

Source: Federal Bureau of Investigation (FBI) State Crime News

Avoid Romance Scams for a Happy Valentine’s Day

SACRAMENTO—The Federal Bureau of Investigation (FBI) Sacramento Field Office is raising awareness about romance scams and urging victims of the crime to reach out to law enforcement. Isolation during the COVID-19 pandemic has increased online communication and virtual connectivity, including the search for lifelong love. While many well-intentioned singles are seeking online matches, criminals lurk among them seeking to ensnare hearts and finances.

What is a romance scam? A romance scam is similar to “catfishing,” a situation in which a person creates a fake online identity to gain a victim’s affection and confidence, fostering the illusion of a romantic or close relationship. The difference is the person on the other end of the virtual relationship that is a romance scam is a cybercriminal who will exploit the victim for financial gain.

The principal victim group targeted by romance scammers is over 40 years old and divorced, widowed, elderly, or disabled; however, all demographics are at risk. In 2019, the FBI Internet Crime Complaint Center received complaints from 2,206 California victims who experienced a combined total dollar loss of $107,853,977. Nationally, 19,473 individuals were victimized by confidence scams in 2019 resulting in a total dollar loss of $475,014,032. That’s a lot of broken hearts.

Romance scammers profit from exploiting their victims and are experts at their craft. Criminals search chat rooms, dating sites, and social networking sites looking for potential victims and often target unsuspecting individuals looking for love and companionship. Scammers often monitor social media accounts and glean information from online dating profiles and other sources to better understand how to manipulate and exploit their intended victims.

As the relationships progress, scammers spin tales of severe life circumstances, tragedies, deaths in the family, injuries to themselves, or other hardships to keep their victims concerned and involved in their schemes. The criminals frequently ask victims to send money to help overcome a financial situation they claim to be experiencing.

Criminals may also ask victims to receive funds in the form of a cashier’s check, money order, or wire transfer, claiming they are out of the country and unable to cash the instruments or receive the funds directly. The scammers ask victims to redirect the funds to them or to an associate to whom they purportedly owe money.

In some cases, the financial risk is less obvious. Scammers may ask victims to reship packages instead of redirecting funds. In these examples, victims risk losing money and may incur other expenses, such as bank fees and penalties, and, in some instances, may face prosecution.

To avoid becoming a romance scam victim:

  • Be careful of what you post and make public online. Scammers can use details shared on social media and dating sites to better understand and target you.
  • Be wary of anyone you first encounter online rather than in real life. People can pretend to be anything or anyone online.
  • Research a person’s photo and profile using online searches to see if the image, name, or details have been used elsewhere.
  • Go slowly and ask lots of questions.
  • Never send money to someone you meet online, especially by wire transfer.
  • Never provide credit card numbers or bank account information without verifying the recipient’s identity.
  • Never share your Social Security number or other personally identifiable information that can be used to access your accounts with someone who does not need to know this information.

Beware if your virtual beloved:

  • Seems too perfect or quickly asks you to leave a dating service or social media site to communicate directly.
  • Attempts to isolate you from friends and family.
  • Requests inappropriate photos or financial information that could later be used to extort you.
  • Promises to meet in person, but then always comes up with an excuse why he or she can’t. If you haven’t met the person after a few months, for whatever reason, you have good reason to be suspicious.

Keep in mind that most cyber criminals do not use their own photographs; they use an image from another social media account as their own. A reverse image search can determine if a profile picture is being used elsewhere on the Internet, and on which websites it was used. A search sometimes provides information that links the image with other scams or victims.

If you are a victim of a romance scam, seek help from law enforcement immediately. Report the activity to the Internet Crime Complaint Center at www.ic3.gov, the FBI Sacramento Field Office at (916) 746-7000, or both. Additionally, contact your financial institution immediately upon discovering any fraudulent or suspicious activity and direct them to stop or reverse the transactions. Please also report the activity to the website where the contact was first initiated to protect others from becoming victims.