Worldwide Threats to the Homeland

Source: Federal Bureau of Investigation FBI Crime News

Washington, D.C.

Statement for the Record

Good afternoon, Chairman Thompson, Ranking Member Rogers, and members of the committee. Thank you for the opportunity to appear before you today to discuss the current threats to the United States homeland. I am pleased to be here representing the nearly 37,000 dedicated men and women of the FBI.

While the COVID-19 pandemic has presented unique and unprecedented challenges to the FBI workforce, I am proud of their dedication to our mission of protecting the American people and upholding the Constitution. Hostile foreign actors, violent extremists, and opportunistic criminal elements have seized upon this environment. As a result, we are facing aggressive and sophisticated threats on many fronts. Whether it is terrorism now moving at the speed of social media, or the increasingly blended threat of cyber intrusions and state-sponsored economic espionage, or malign foreign influence and interference or active shooters and other violent criminals threatening our communities, or the scourge of opioid trafficking and abuse, or hate crimes, human trafficking, crimes against children—the list of threats we are worried about is not getting any shorter, and none of the threats on that list are getting any easier.

Counterterrorism

Preventing terrorist attacks remains the FBI’s top priority. However, the threat posed by terrorism—both international terrorism (IT) and domestic violent extremism—has evolved significantly since 9/11.

The greatest threat we face in the homeland is that posed by lone actors radicalized online who look to attack soft targets with easily accessible weapons. We see this lone actor threat manifested both within domestic violent extremists (DVEs) and homegrown violent extremists (HVEs), two distinct sets of individuals that generally self-radicalize and mobilize to violence on their own. DVEs are individuals who commit violent criminal acts in furtherance of ideological goals stemming from domestic influences, such as racial bias and anti-government sentiment. HVEs are individuals who have been radicalized primarily in the United States, and who are inspired by, but not receiving individualized direction from, foreign terrorist organizations (FTOs).

Many of these violent extremists, both domestic and international, are motivated and inspired by a mix of ideological, sociopolitical, and personal grievances against their targets, which recently have more and more included large public gatherings, houses of worship, and retail locations. Lone actors, who by definition are not likely to conspire with others regarding their plans, are increasingly choosing these soft, familiar targets for their attacks, limiting law enforcement opportunities for detection and disruption ahead of their action.

DVEs pose a steady and evolving threat of violence and economic harm to the United States. Trends may shift, but the underlying drivers for domestic violent extremism—such as perceptions of government or law enforcement overreach, sociopolitical conditions, racism, anti-Semitism, Islamophobia, misogyny, and reactions to legislative actions—remain constant. As stated above, the FBI is most concerned about lone offender attacks, primarily shootings, as they have served as the dominant lethal mode for domestic violent extremist attacks. More deaths were caused by DVEs than international terrorists in recent years. In fact, 2019 was the deadliest year for domestic extremist violence since the Oklahoma City bombing in 1995.

The top threat we face from domestic violent extremists stems from those we identify as racially/ethnically motivated violent extremists (RMVE). RMVEs were the primary source of ideologically motivated lethal incidents and violence in 2018 and 2019 and have been considered the most lethal of all domestic extremists since 2001. Of note, the last three DVE attacks, however, were perpetrated by anti-government violent extremists.

The spate of attacks we saw in 2019 underscore the continued threat posed by DVEs and perpetrators of hate crimes. The FBI works proactively to prevent acts of domestic terrorism and hate crimes. For example, in November 2019, the Denver Joint Terrorism Task Force arrested Richard Holzer on federal charges of attempting to obstruct religious exercise by force using explosives. This disruption is just one example of the strength of our Domestic Terrorism-Hate Crimes (DT-HC) Fusion Cell. Our Counterterrorism Division (CTD) and Criminal Division (CID), working together, were able to prevent a potential terrorist attack before it occurred and, for the first time in recent history, make a proactive arrest on a hate crimes charge. Through the DT-HC Fusion Cell, subject-matter experts from both CTD and CID work in tandem to innovatively use investigative tools and bring multiple perspectives to bear in combating the intersecting threats of domestic terrorism and hate crimes, preventing attacks and providing justice to victims.

We recognize that the FBI must be aware not just of the domestic violent extremism threat, but also of threats emanating from those responding violently to First Amendment-protected activities. In the past, we have seen some violent extremists respond to peaceful movements through violence rather than non-violent actions and ideas. The FBI is involved only when responses cross from ideas and constitutionally protected protests to violence. Regardless of the specific ideology involved, the FBI requires that all domestic terrorism investigations be predicated based on activity intended to further a political or social goal, wholly or in part involving force, coercion, or violence, in violation of federal law.

HVEs and FTOs have posed a persistent threat to the nation and to U.S. interests abroad, while their tradecraft, tactics, and target sets have evolved. The international terrorism threat to the U.S. has expanded from sophisticated, externally directed FTO plots to include individual attacks carried out by HVEs who are inspired by designated terrorist organizations. As stated above, the FBI assesses HVEs are the greatest, most immediate international terrorism threat to the homeland. These individuals are FTO-inspired individuals who are in the U.S., have been radicalized primarily in the U.S., and are not receiving individualized direction from FTOs. We, along with our law enforcement partners, face significant challenges in identifying and disrupting HVEs. This is due, in part, to their lack of a direct connection with an FTO, an ability to rapidly mobilize without law enforcement detection, and their frequent use of encrypted communications.

Many FTOs use various digital communication platforms to reach individuals they believe may be susceptible and sympathetic to violent terrorist messages. However, no group has been as successful at drawing people into its perverse ideology as ISIS, which has proven dangerously competent at employing such tools. ISIS uses traditional media platforms as well as widespread social media campaigns to propagate its ideology. Terrorists in ungoverned spaces—both physical and virtual—readily disseminate propaganda and training materials to attract easily influenced individuals around the world to their cause. With the broad distribution of social media, terrorists can spot, assess, recruit, and radicalize vulnerable persons of all ages in the U.S. either to travel to foreign lands or to conduct an attack on the homeland. Through the internet, terrorists anywhere overseas now have direct access to our local communities to target and recruit our citizens and spread their message faster than was imagined just a few years ago.

We remain concerned that groups such as the Islamic State of Iraq and ash-Sham (ISIS) and al Qaeda intend to carry out large-scale attacks in the U.S. Despite their territorial defeat in Iraq and Syria, ISIS remains relentless and ruthless in its campaign of violence against the West and has aggressively promoted its hateful message, attracting like-minded violent extremists. The message is not tailored solely to those who overtly express signs of radicalization. It is seen by many who use messaging apps and participate in social networks. Ultimately, many of the individuals drawn to ISIS seek a sense of belonging.

Echoing other terrorist groups, ISIS has advocated lone offender attacks in Western countries. Recent ISIS videos and propaganda have specifically advocated attacks against soldiers, law enforcement, and intelligence community personnel.

As noted above, ISIS is not the only terrorist group of concern. Al Qaeda maintains its desire for large-scale, spectacular attacks. While continued counterterrorism pressure has degraded the group’s Afghanistan-Pakistan senior leadership, in the near term, al Qaeda is more likely to focus on building its international affiliates and supporting small-scale, readily achievable attacks in key regions such as East and West Africa. Simultaneously, over the last year, propaganda from al Qaeda leaders seeks to inspire individuals to conduct their own attacks in the U.S. and the West. For example, the December 2019 attack at Naval Air Station Pensacola demonstrates that groups such as al Qaeda continue to be interested in encouraging attacks on U.S. soil.

The FBI regularly reviews intelligence to ensure that we are appropriately mitigating threats from any place by any actor, and the possible violent responses and actions. We are sensitive to First Amendment-protected activities during investigative and intelligence efforts so as to ensure that our investigative actions remain aligned with our authorities and are conducted with the appropriate protections in place for privacy and civil liberties.

As the threat to the United States and U.S. interests evolves, we must adapt and confront these challenges, relying heavily on the strength of our federal, state, local, tribal, and international partnerships. The FBI uses all lawful investigative techniques and methods to combat these terrorist threats to the United States. Along with our domestic and foreign partners, we are collecting and analyzing intelligence concerning the ongoing threat posed by violent extremists motivated by any ideology and desire to harm Americans and U.S. interests. We continue to encourage information sharing, which is evidenced through our partnerships with many federal, state, local, and tribal agencies assigned to Joint Terrorism Task Forces around the country. Be assured, the FBI continues to strive to work and share information more efficiently, and to pursue a variety of lawful methods to help stay ahead of these threats.

Election Security

In less than two months, Americans will exercise one of their most important and cherished freedoms: the right to vote in a democratic election. Our nation is confronting multi-faceted foreign threats seeking to both influence our national policies and public opinion and cause harm to our national dialogue. The FBI and our interagency partners remain concerned about, and focused on, the covert and overt influence measures used by certain adversaries in their attempts to sway U.S. voters’ preferences and perspectives, shift U.S. policies, increase discord in the United States, and undermine the American people’s confidence in our democratic processes.

Foreign influence operations—which include covert, coercive, or corrupt actions by foreign governments to influence U.S. political sentiment or public discourse or interfere in our processes themselves—are not a new problem. But the interconnectedness of the modern world, combined with the anonymity of the internet, have changed the nature of the threat and how the FBI and its partners must address it. This year’s election cycle, amid the COVID-19 pandemic, provides ample opportunity for hostile foreign actors to conduct disinformation campaigns and foreign influence operations in an effort to mislead, sow discord, and, ultimately, undermine confidence in our democratic institutions and values and in our government’s response to our current health crisis.

Foreign influence operations have taken many forms and used many tactics over the years. Most widely reported these days are attempts by adversaries—hoping to reach a wide swath of Americans covertly from outside the United States—to use false personas and fabricated stories on social media platforms to discredit U.S. individuals and institutions.

The FBI is the lead federal agency responsible for investigating foreign influence operations. In the fall of 2017, the Foreign Influence Task Force (FITF) was established to identify and counteract malign foreign influence operations targeting the United States. The FITF is led by the Counterintelligence Division and is composed of agents, analysts, and professional staff from the Counterintelligence, Cyber, Counterterrorism, and Criminal Investigative Divisions. It is specifically charged with identifying and combating foreign influence operations targeting democratic institutions and values inside the United States. In all instances, the FITF strives to protect democratic institutions and public confidence, develop a common operating picture, raise adversaries’ costs, and reduce their overall asymmetric advantage.

The task force brings the FBI’s national security and traditional criminal investigative expertise under one umbrella to prevent foreign influence in our elections. This better enables us to frame the threat, to identify connections across programs, to aggressively investigate as appropriate, and—importantly—to be more agile. Coordinating closely with our partners and leveraging relationships we have developed in the technology sector, we had a number of instances where we were able to quickly relay threat indicators that those companies used to take swift action, blocking budding abuse of their platforms.

Following the 2018 midterm elections, we reviewed the threat and the effectiveness of our coordination and outreach. As a result of this review, we further expanded the scope of the FITF. Previously, our efforts to combat malign foreign influence focused solely on the threat posed by Russia. Utilizing lessons learned over the last year and half, the FITF is widening its aperture to confront malign foreign operations of China, Iran, and other global adversaries. To address this expanding focus and wider set of adversaries and influence efforts, we have also added resources to maintain permanent “surge” capability on election and foreign influence threats.

We have also further refined our approach. All efforts are based on a three-pronged approach, which includes investigations and operations, information and intelligence sharing, and a strong partnership with the private sector. Through the efforts of the FITF  and lessons learned from both the 2016 and 2018 elections, the FBI is actively engaged in identifying, detecting, and disrupting threats to our elections and ensuring both the integrity of our democracy is preserved and the will of the American people is fulfilled.

Protecting policymakers is an important part of our efforts to combat malign foreign influence and protect our elections. As you are aware, the FBI and our interagency partners have been providing ongoing election security threat briefings to Congress. We will continue to do so throughout the fall and into the future, where there is actionable intelligence.

Lawful Access

I want to turn now to an issue continuing to limit law enforcement’s ability to disrupt these increasingly insular actors. We are all familiar with the inability of law enforcement agencies to access data, even with a lawful warrant or court order, due to “end-to-end” encryption. Increasingly, device manufacturers and communications service providers have employed encryption in such a manner that only the users or parties to the communications can access the content of the communications or devices. This is known as end-to-end encryption.

This development has meant that, in recent years, the FBI has observed a decline in its ability to gain access to the content of both domestic and international terrorist communications due to the widespread adoption of encryption for internet traffic and the prevalence of mobile messaging apps using end-to-end encryption as default.

The FBI certainly recognizes how encryption increases the overall safety and security of the internet for users. But in fulfilling the FBI’s duty to the American people to prevent acts of terrorism, this kind of end-to-end encryption creates serious challenges. Accessing content of communications by, or data held by, known or suspected terrorists pursuant to judicially authorized, warranted legal process is getting more and more difficult.

The online, encrypted nature of radicalization, along with the insular nature of most of today’s attack plotters, leaves investigators with fewer dots to connect. As was evident in the December 9, 2019, shooting at Naval Air Station Pensacola that killed three U.S. sailors and severely wounded eight other Americans, deceased terrorist Mohammed Saeed Alshamrani was able to communicate using warrant-proof, end-to-end encrypted apps deliberately to evade detection by law enforcement. It took the FBI several months to access information in his phones, during which time we did not know whether he was a lone wolf actor or whether his associates may have been plotting additional terrorist attacks.

If law enforcement loses the ability to detect criminal activity because communication between subjects—data in motion—or data held by subjects— data at rest—is encrypted in such a way making content inaccessible, even with a lawful order, our ability to protect the American people will be degraded. Providers and law enforcement must continue to collaborate to explore possible technical solutions that would provide security and privacy to those using the internet while also contributing to the FBI’s ability to complete its mission.

Despite the successes that result from the hard work of the men and women of the FBI, our Joint Terrorism Task Forces, and our partners across the government, terrorism continues to pose a persistent threat to the homeland and our interests overseas.

China Threat

The greatest long-term threat to our nation’s information and intellectual property and to our economic vitality is the counterintelligence and economic espionage threat from China. It is a threat to our economic security and by extension, to our national security.

As you have seen from the recent closure of the Chinese Consulate in Houston, this issue is not just an intelligence issue, or a government problem, or a nuisance largely just for big corporations who can take care of themselves. Our adversaries’ targets are our nation’s core economic assets—our information and ideas, our innovation, our research and development, our technology. No country poses a broader, more severe threat to those assets than China. It is the people of the United States who are the victims of what amounts to Chinese theft on a scale so massive that it represents one of the largest transfers of wealth in human history. If you are an American adult, it is more likely than not that China has stolen your personal data.

In 2017, the Chinese military conspired to hack Equifax and made off with the sensitive personal information of 150 million Americans—we are talking nearly half of the American population and most American adults. Our data is not the only thing at stake here—so is our health, livelihood, and security.

The FBI is opening a new China-related counterintelligence case approximately every 10 hours. Of the nearly 5,000 active FBI counterintelligence cases currently underway across the country, almost half are related to China. And at this very moment, China is working to compromise American health care organizations, pharmaceutical companies, and academic institutions conducting essential COVID-19 research. They are going after cost and pricing information, internal strategy documents, personally identifiable information—anything that can give them a competitive advantage.

It is important to be clear: This is not about the Chinese people as a whole, and certainly not about Chinese Americans as a group, but it is about the Chinese government and the Chinese Communist Party. Every year, the United States welcomes more than 100,000 Chinese students and researchers into this country. For generations, people have journeyed from China to the United States to secure the blessings of liberty for themselves and their families—and our society is better for their contributions. So, when the FBI’s refers to the threat from China, we mean the government of China and the Chinese Communist Party.

Confronting this threat effectively does not mean that we should not do business with the Chinese. It does not mean that we should not host Chinese visitors. It does not mean that we should not welcome Chinese students or coexist with China on the world stage. But it does mean that when China violates our criminal laws and international norms, we are not going to tolerate it, much less enable it. The FBI and our partners throughout the U.S. government will hold China accountable and protect our nation’s innovation, ideas, and way of life—with the help and vigilance of the American people.

Cyber

With the advent of the COVID-19 pandemic, the nature of the cyber threat has become increasingly concerning. As more individuals telework and increasingly use the cloud, we encounter less secure networks. As a result, the scope of our cyber threats has changed, the impact has deepened, and many of the players have become more dangerous as we have become increasingly vulnerable. We are still seeing hack after hack and breach after breach. We hear about it daily in the news. The more we shift to the internet as the conduit and the repository for everything we use and share and manage, the more danger we are in.

Today we are worried about a wider-than-ever range of threat actors, from multinational cyber syndicates to nation-state adversaries. And we are concerned about a wider-than-ever gamut of methods continually employed in new ways, like the targeting of managed service providers—MSPs—as a way to access scores of victims by hacking just one provider.

China’s Ministry of State Security (MSS) pioneered that technique and, as you saw in July, we indicted two Chinese hackers who worked with the Guangdong State Security Department of the MSS. These individuals conducted a hacking campaign lasting more than 10 years, targeting countries with high technology industries, to include the United States. The industries targeted included, among others, solar energy, pharmaceuticals, and defense.

Cyber crimes like these, directed by the Chinese government’s intelligence services, threaten not only the United States but also every other country that supports fair play, international norms, and the rule of law, and they also seriously undermine China’s desire to become a respected leader in world affairs.

Theft of intellectual property is not the only cyber threat presented by the People’s Republic of China (PRC) government. They are also working to obtain controlled defense technology and developing the ability to use cyber means to complement any future real-world conflict. All of them, and others, are working to simultaneously strengthen themselves and weaken the United States. And we are taking all these nation-state threats very seriously.

But as dangerous as nation-states are, we do not have the luxury of focusing on them alone. We also are battling the increasing sophistication of criminal groups that place many hackers on a level we used to see only among hackers working for governments. The proliferation of malware as a service, where darkweb vendors sell sophistication in exchange for cryptocurrency, increases the difficulty of stopping what would once have been less-dangerous offenders. It can give a ring of unsophisticated criminals the tools to paralyze entire hospitals, police departments, and businesses with ransomware. Often the hackers themselves have not become much more sophisticated—but they are renting sophisticated capabilities, requiring us to up our game as we work to defeat them, too.

Hackers have not relented under the COVID-19 pandemic. On the contrary, they have attempted to compromise the computer systems of hospitals and medical centers to obtain patient financial data, medical records, and other information. In addition, such attacks on medical centers may lead to the interruption of computer networks and systems putting patients’ lives at an increased risk when America faces its most dire health crisis in generations.

Conclusion

Chairman Thompson, Ranking Member Rogers and members of the committee, thank you for the opportunity to testify today. I am now happy to answer any questions you might have.

FBI Oversight

Source: Federal Bureau of Investigation FBI Crime News

Statement for the Record

Good morning Chairman Nadler, Ranking Member Collins, and members of the committee. Thank you for inviting me to appear before you today. I am honored to be here, representing the men and women of the FBI. Our people—nearly 37,000 of them—are the heart of the Bureau. I am proud of their service and their commitment to our mission. Every day, they tackle their jobs with perseverance, professionalism, and integrity.

In the past few years, I have had the chance to visit all 56 field offices. I have visited the home states of every member of this committee, talking with state and local law enforcement partners and people in your communities about the issues that matter most to them. I am grateful for their support and insights as we work together to keep 325 million American people safe and to help make our communities stronger.

Today’s FBI is a national security and law enforcement organization that uses, collects, and shares intelligence in everything we do. Each FBI employee understands that, to defeat the key threats facing our nation, we must constantly strive to be more efficient and more effective. Just as our adversaries evolve, so, too, must the FBI. We live in a time of acute and persistent terrorist and criminal threats to our national security, our economy, and indeed our communities. These diverse threats underscore the complexity and breadth of the FBI’s mission: to protect the American people and uphold the Constitution of the United States.

Counterterrorism

Preventing terrorist attacks remains the FBI’s top priority. However, the threat posed by terrorism—whether here or abroad—has evolved significantly since 9/11.

The most persistent threats to the nation and to U.S. interests abroad are homegrown violent extremists (HVEs), domestic violent extremists, and foreign terrorist organizations (FTOs). The international terrorism threat to the U.S. has expanded from sophisticated, externally directed FTO plots to include individual attacks carried out by HVEs who are inspired by designated terrorist organizations. We remain concerned that groups such as the Islamic State of Iraq and al-Sham (ISIS) and al Qaeda have the intent to carry out large-scale attacks in the U.S.

In recent years, prolific use of the Internet and social media by FTOs has greatly enhanced their ability to disseminate terrorist propaganda and training materials to attract and influence individuals in the U.S. to their cause. Through the use of online recruitment, indoctrination, and instruction, FTOs are no longer dependent on getting terrorist operatives into the United States to recruit and carry out acts of terrorism.

Despite their territorial defeat in Iraq and Syria, ISIS remains relentless and ruthless in its campaign of violence against the West and has aggressively promoted its hateful message, in order to attract like-minded violent extremists. The message is not tailored solely to those who overtly express signs of radicalization. It is seen by many who use messaging apps and participate in social networks. Ultimately, many of the individuals drawn to ISIS seek a sense of belonging. Echoing other terrorist groups, ISIS has advocated for lone offender attacks in Western countries. Recent ISIS videos and propaganda have specifically advocated for attacks against soldiers, law enforcement, and intelligence community personnel.

Through the Internet, terrorists anywhere overseas now have direct access to our local communities to target and recruit our citizens and spread their message faster than was imagined just a few years ago. Many FTOs use various digital communication platforms to reach individuals they believe may be susceptible and sympathetic to violent terrorist messages. However, no group has been as successful at drawing people into its perverse ideology as ISIS. ISIS uses traditional media platforms as well as widespread social media campaigns to propagate its ideology. With the broad distribution of social media, terrorists can use these platforms further in an effort to spot, assess, recruit, and radicalize vulnerable persons in the U.S. either to travel abroad or to conduct an attack on the homeland.

The threats posed by foreign fighters, including those recruited from the U.S., are very dynamic. We will continue working to identify individuals who seek to join ISIS or other groups abroad, those foreign fighters who may attempt to return to the United States, and HVEs who may aspire to attack the United States from within.

ISIS is not the only terrorist group of concern. Al Qaeda maintains its desire for large scale spectacular attacks. Continued counterterrorism pressure has degraded the group’s Afghanistan-Pakistan senior leadership, so in the near term, al Qaeda is more likely to focus on building its international affiliates and supporting small-scale, readily achievable attacks in key regions such as East and West Africa. Simultaneously, over the last year, propaganda from al Qaeda leaders seeks to inspire individuals to conduct their own attacks in the U.S. and the West.

Iran also continues to support Hizballah and other terrorist groups. Hizballah has sent operatives to build terrorist infrastructures worldwide. The arrests of individuals in the United States allegedly linked to Hizballah’s main overseas terrorist arm, and their intelligence collection and procurement efforts, demonstrate Hizballah’s continued interest in long-term contingency planning activities here in the Homeland. Hizballah Secretary-General Hasan Nasrallah has threatened retaliation for the death of IRGC-QF Commander Soleimani.

In addition to FTOs, domestic violent extremists collectively pose a steady threat of violence and economic harm to the United States. Trends may shift, but the underlying drivers for domestic violent extremism—such as perceptions of government or law enforcement overreach, socio-political conditions, racism, anti-Semitism, Islamophobia, and reactions to legislative actions—remain constant. The FBI is most concerned about lone offender attacks, primarily shootings, as they have served as the dominant lethal mode for domestic violent extremist attacks. More deaths were caused by domestic violent extremists than international terrorists in recent years.

The top threat we face from domestic violent extremists stems from those we now identify as racially/ethnically motivated violent extremists (RMVEs). RMVEs were the primary source of ideologically-motivated lethal incidents and violence in 2018 and 2019, and have been considered the most lethal of all domestic extremism movements since 2001.

The spate of attacks we saw in 2019 underscore the continued threat posed by domestic violent extremists and perpetrators of hate crimes. Such crimes are not limited to the United States and, with the aid of Internet like-minded hate groups, can reach across borders. To combat the threat at home, the FBI established the Domestic Terrorism-Hate Crimes Fusion Cell, in the spring of 2019. Composed of subject matter experts from both the Criminal Investigative and Counterterrorism Divisions, the fusion cell offers program coordination from FBI Headquarters, helps ensure seamless information sharing across divisions, and augments investigative resources.

We recognize the FBI also must be aware of threats and violence perpetrated by individuals in the context of otherwise peaceful First Amendment-protected activities. In the past, we have seen a small segment of the population respond to a peaceful movement—from a different violent extremist—with violence. The FBI is only concerned when responses cross from ideas and constitutionally protected protests to violence. Regardless of the specific ideology involved, the FBI requires that all domestic terrorism investigations be predicated based on activity intended to further a political or social goal, wholly or in part involving force, coercion, or violence, in violation of federal law.

The FBI regularly reviews intelligence to ensure we are appropriately mitigating threats and the possible violent responses and actions. We remain sensitive to First Amendment-protected activities during investigative and intelligence efforts so as to ensure our investigative actions remain aligned to and do not exceed the scope of our authorities and are conducted with the appropriate protections in place for privacy and civil liberties.

As the threat to harm the United States and U.S. interests evolves, we must adapt and confront these challenges, relying heavily on the strength of our federal, state, local, tribal, private sector, and international partnerships. The FBI uses all lawful investigative techniques and methods to combat these terrorist threats to the United States. Along with our domestic and foreign partners, we are collecting and analyzing intelligence concerning the ongoing threat posed by foreign terrorist organizations and homegrown violent extremists. We continue to encourage information sharing, which is evidenced through our partnerships with many federal, state, local, and tribal agencies assigned to Joint Terrorism Task Forces around the country. Be assured, the FBI continues to strive to work and share information more efficiently, and to pursue a variety of lawful methods to help stay ahead of these threats.

Counterintelligence

The nation faces a continuing threat, both traditional and asymmetric, from hostile foreign intelligence agencies. Traditional espionage, often characterized by career foreign intelligence officers acting as diplomats or ordinary citizens, and asymmetric espionage, typically carried out by students, researchers, or business people operating front companies, is prevalent. Foreign intelligence services not only seek our nation’s state and military secrets, but they also target commercial trade secrets, research and development, and intellectual property, as well as insider information from the federal government, U.S. corporations, and American universities. Foreign intelligence services continue to employ more creative and more sophisticated methods to steal innovative technology, critical research and development data, and intellectual property in an effort to erode America’s economic leading edge. These illicit activities pose a significant threat to national security and continue to be a priority and focus of the FBI.

Foreign influence operations—which may include covert actions by foreign governments to influence U.S. policy decisions, political sentiment or public discourse—are not a new problem. But the interconnectedness of the modern world, combined with the anonymity of the Internet, have changed the nature of the threat and how the FBI and its partners must address it. The goal of these foreign influence operations directed against the United States is to spread disinformation, sow discord, push foreign nations’ policy agendas, and ultimately undermine confidence in our democratic institutions and values. Foreign influence operations have taken many forms and used many tactics over the years. Most widely reported these days are attempts by adversaries—hoping to reach a wide swath of Americans covertly from outside the United States—to use false personas and fabricated stories on social media platforms to discredit U.S. individuals and institutions. However, other influence operations may include targeting U.S. officials and other U.S. persons through traditional intelligence tradecraft; criminal efforts to suppress voting and provide illegal campaign financing; concealing efforts to influence U.S. government activities, cyber attacks against election infrastructure, along with computer intrusions targeting government officials and others; and a whole slew of other kinds of influence, like both overtly and covertly manipulating news stories, spreading disinformation, leveraging economic resources, and escalating divisive issues.

Almost two years ago, I established the Foreign Influence Task Force (FITF) to identify and counteract malign foreign influence operations targeting the United States. The FITF is uniquely positioned to combat this threat. The task force now brings together the FBI’s expertise across the waterfront—counterintelligence, cyber, criminal, and even counterterrorism—to root out and respond to foreign influence operations. Task force personnel work closely with other U.S. government agencies and international partners concerned about foreign influence efforts aimed at their countries, using three key pillars.

Currently there are open investigations with a foreign influence nexus spanning FBI field offices across the country. Second, we are focused on information and intelligence-sharing. The FBI is working closely with partners in the intelligence community and in the federal government, as well as with state and local partners, to establish a common operating picture.

The FITF is also working with international partners to exchange intelligence and strategies for combating what is a shared threat. The third pillar of our approach is based on strong relationships with the private sector. Technology companies have a front-line responsibility to secure their own networks, products, and platforms. But the FBI is doing its part by providing actionable intelligence to better enable the private sector to address abuse of their platforms by foreign actors. For example, over the last year, the FBI has met with top social media and technology companies several times, provided them with classified briefings, and shared specific threat indicators and account information, so they can better monitor their own platforms.

This is not just an election-cycle threat. Our adversaries are continuously trying to undermine our country, whether it is election season or not. As a result, the FBI must remain vigilant.

In addition to the threat posed by foreign influence, the FBI is also concerned about foreign investment by hostile nation states. Over the course of the last seven years, foreign investment in the U.S. has more than doubled. Concurrent with this growth, foreign direct investment (FDI) in the U.S. has increasingly become a national security concern, as hostile nations leverage FDI to buy U.S. assets that will advance their intelligence, military, technology, and economic goals at the expense of U.S. national security. The Committee on Foreign Investment in the U.S. (CFIUS), an Executive Branch committee chaired by the Department of the Treasury, was statutorily created to address potential risks to U.S. national security resulting from foreign acquisitions or mergers with U.S. companies. As part of this process, the FBI provides input and analysis to the National Intelligence Council within eight days of a CFIUS filing and a risk assessment to the Department of Justice within 30 days of a CFIUS filing. As a result of the Foreign Investment Risk Review Modernization Act, which was enacted last year, the FBI anticipates its workload to increase dramatically.

Cyber Threats

Virtually every national security threat and crime problem the FBI faces is cyber-based or facilitated. We face threats from state-sponsored hackers, hackers for hire, organized cyber syndicates, and terrorists. On a daily basis, these actors seek to steal our state secrets, our trade secrets, our technology, and the most intimate data about our citizens—things of incredible value to all of us and of great importance to the conduct of our government business and our national security. They seek to hold our critical infrastructure at risk, to harm our economy, and to constrain our free speech.

As the committee is well aware, the frequency and severity of malicious cyber activity on our nation’s private sector and government networks have increased dramatically in the past decade when measured by the amount of corporate data stolen or deleted, the volume of personally identifiable information compromised, or the remediation costs incurred by U.S. victims. We expect this trend to continue. Within the FBI, we are focused on the most dangerous malicious cyber activity: high-level intrusions by state-sponsored hackers, global organized crime syndicates, and other technically sophisticated and dangerous actors. FBI agents, analysts, and computer scientists are using technical capabilities and traditional investigative techniques—such as sources, court-authorized electronic surveillance, physical surveillance, and forensics—to counter these threats. We continue to actively coordinate with our private and public sector partners to pierce the veil of anonymity surrounding cyber based crimes.

Botnets used by cyber criminals have been responsible for billions of dollars in damages over the past several years. The widespread availability of malicious software (malware) that can create botnets allows individuals to leverage the combined bandwidth of thousands, if not millions, of compromised computers, servers, or network-ready devices to disrupt the day-to-day activities of governments, businesses, and individual Americans. Cyber threat actors have also increasingly conducted ransomware attacks against U.S. systems, encrypting data and rendering systems unusable—thereby victimizing individuals, businesses, and even emergency service and public health providers.

Cyber threats are not only increasing in size and scope, but are also becoming increasingly difficult and resource-intensive to investigate. Cyber criminals often operate through online forums, selling illicit goods and services, including tools that lower the barrier to entry for aspiring criminals and that can be used to facilitate malicious cyber activity. These criminals have also increased the sophistication of their schemes, which are more difficult to detect and more resilient to disruption than ever. In addition, whether located at home or abroad, many cyber actors are obfuscating their identities and obscuring their activity by using combinations of leased and compromised infrastructure in domestic and foreign jurisdictions.

Such tactics make coordination with all of our partners, including international law enforcement partners, essential.

The FBI, in close cooperation with its federal partners, is engaged in a myriad of efforts to combat cyber threats, from improving threat identification and information sharing inside and outside of the government, to developing and retaining new talent, to examining the way we operate to disrupt and defeat these threats. We take all potential threats to public and private sector systems seriously and will continue to investigate and hold accountable those who pose a threat in cyberspace.

Criminal Threats

We face many criminal threats, from complex white-collar fraud in the financial, health care, and housing sectors to transnational and regional organized criminal enterprises to violent crime and public corruption. Criminal organizations—domestic and international—and individual criminal activity represent a significant threat to our security and safety in communities across the nation. A key tenet of protecting the nation from those who wish to do us harm is the National Instant Criminal Background Check System, or NICS. The goal of NICS is to ensure that guns do not fall into the wrong hands, and also to ensure the timely transfer of firearms to eligible gun buyers. Mandated by the Brady Handgun Violence Prevention Act of 1993 and launched by the FBI on November 30, 1998, NICS is used by Federal Firearms Licensees (FFLs) to instantly determine whether a prospective buyer is eligible to purchase firearms. NICS receives information from tens of thousands of FFLs and checks to ensure that applicants do not have a criminal record or are not otherwise prohibited and therefore ineligible to purchase a firearm. In the first complete month of operation in 1998, a total of 892,840 firearm background checks were processed; in 2019, over 2 million checks were processed per month.

While most checks are completed by electronic searches of the NICS database within minutes, a small number of checks require examiners to review records and resolve missing or incomplete information before an application can be approved or rejected. Ensuring the timely processing of these inquiries is important to ensure law-abiding citizens can exercise their right to purchase a firearm and to protect communities from prohibited and therefore ineligible individuals attempting to acquire a firearm. The FBI is currently processing a record number of checks; over 26 million were processed in 2019.

Violent Crime

Violent crimes and gang activities exact a high toll on individuals and communities.

Many of today’s gangs are sophisticated and well organized and use violence to control neighborhoods, and boost their illegal money-making activities, which include robbery, drug and gun trafficking, fraud, extortion, and prostitution rings. These gangs do not limit their illegal activities to single jurisdictions or communities. The FBI is able to work across such lines, which is vital to the fight against violent crime in big cities and small towns across the nation. Every day, FBI special agents work in partnership with federal, state, local, and tribal officers and deputies on joint task forces and individual investigations.

FBI joint task forces—Violent Crime Safe Streets, Violent Gang Safe Streets, and Safe Trails—focus on identifying and targeting major groups operating as criminal enterprises.

Much of the FBI criminal intelligence is derived from our state, local, and tribal law enforcement partners, who know their communities inside and out. Joint task forces benefit from FBI surveillance assets, and our sources track these gangs to identify emerging trends. Through these multi-subject and multi-jurisdictional investigations, the FBI concentrates its efforts on high-level groups engaged in patterns of racketeering. This investigative model enables us to target senior gang leadership and to develop enterprise-based prosecutions.

By way of example, the FBI has dedicated tremendous resources to combat the threat of violence posed by MS-13. The atypical nature of this gang has required a multi-pronged approach—we work through our task forces here in the U.S. while simultaneously gathering intelligence and aiding our international law enforcement partners. We do this through the FBI’s Transnational Anti-Gang Task Forces (TAGs). Established in El Salvador in 2007 through the FBI’s National Gang Task Force, Legal Attaché San Salvador, and the United States Department of State, each TAG is a fully operational unit responsible for the investigation of MS-13 operating in the northern triangle of Central America and threatening the United States. This program combines the expertise, resources, and jurisdiction of participating agencies involved in investigating and countering transnational criminal gang activity in the United States and Central America. There are now TAGs in El Salvador, Guatemala, and Honduras. Through these combined efforts, the FBI has achieved substantial success in countering the MS-13 threat across the United States and Central America.

We are committed to working with our federal, state, local, and tribal partners in a coordinated effort to reduce violent crime in the United States.

Transnational Organized Crime and Opioids

More than a decade ago, organized crime was characterized by hierarchical organizations, or families, that exerted influence over criminal activities in neighborhoods, cities, or states. But organized crime has changed dramatically. Today, international criminal enterprises run multi-national, multi-billion-dollar schemes from start to finish. Modern-day criminal enterprises are flat, fluid networks with global reach. While still engaged in many of the “traditional” organized crime activities of loan-sharking, extortion, and murder, modern criminal enterprises are targeting stock market fraud and manipulation, cyber-facilitated bank fraud and embezzlement, drug trafficking, identity theft, human trafficking, money laundering, alien smuggling, public corruption, weapons trafficking, extortion, kidnapping, and other illegal activities. TOC networks exploit legitimate institutions for critical financial and business services that enable the storage or transfer of illicit proceeds. Preventing and combating transnational organized crime demands a concentrated effort by the FBI and federal, state, local, tribal, and international partners.

While the FBI continues to share intelligence about criminal groups with our partners and combines resources and expertise to gain a full understanding of each group, the threat of transnational crime remains a significant and growing threat to national and international security with implications for public safety, public health, democratic institutions, and economic stability across the globe.

Illicit drug trafficking continues to be a growing threat. Large amounts of high-quality, low cost heroin and illicit fentanyl are contributing to record numbers of overdose deaths and life-threatening addictions nationwide. The accessibility and convenience of the drug trade online contributes to the opioid epidemic in the United States. Transnational criminal organizations are introducing synthetic opioids to the U.S. market, including fentanyl and fentanyl analogues. To address this evolving threat, we are taking a multi-faceted approach and establishing many initiatives and units across our criminal program.

In January 2018, the Office of the Deputy Attorney General directed the FBI and other federal law enforcement partners to develop a strategic plan to disrupt and dismantle the Darknet illicit marketplaces facilitating the distribution of fentanyl and other opioids. As a result, the FBI established the Joint Criminal Opioid Darknet Enforcement (J-CODE) Initiative, which brings together agents, analysts, and professional staff with expertise in drugs, gangs, health care fraud, and more, with federal, state, and local law enforcement partners from across the U.S. government. The J-CODE team has developed a comprehensive, multi-pronged criminal enterprise strategy to target the trafficking of fentanyl and other opioids on the Darknet and Clearnet. This strategy focuses on identifying and infiltrating the marketplace administrative team, analyzing financial information, locating and exploiting marketplace infrastructure, targeting vendors and buyers, and enabling field office success in the investigation and prosecution of these marketplaces. As a result, numerous investigations and operations have been initiated and several online vendors who are facilitating the trafficking of opioids via the Internet, to include fentanyl, have been disrupted.

The FBI is also addressing this threat through the Prescription Drug Initiative (PDI). The PDI was established in 2016 in response to the substantial and increasing threat associated with prescription drug diversion, and in particular, the staggering national increase in opioid-related deaths. The objective of the PDI is to identify and target criminal enterprises and other groups engaged in prescription drug schemes; identify and prosecute, where appropriate, organizations with improper corporate policies related to prescription drugs; and identify and prosecute, where appropriate, organizations with improper prescribing and dispensing practices. The PDI prioritizes investigations which target “gatekeeper” positions, to include medical professionals and pharmacies that divert opioids outside the scope of their medical practice and/or distribute these medications with no legitimate medical purpose. Since its inception, the PDI has resulted in the conviction of numerous medical professionals and secured significant federal prison sentences, to include life terms for physicians who cause harm or death to the patients entrusted to their care.

Beyond these two programs, the FBI has dedicated additional resources to address this expansive threat. We have more than doubled the number of Transnational Organized Crime Task Forces, expanded the Organized Crime Drug Enforcement Task Force Airport Initiative to focus on insider threats partnering with TCO actors, and created and led the Fentanyl Safety Working Group at FBI Headquarters, which has led to a new program to protect field agents and support employees with personal protective equipment and opioid antagonists (i.e., naloxone) from the threat of fentanyl exposure. The FBI participated, along with other federal partners, in the creation of the Heroin Availability Reduction Plan (HARP), takes part in monthly HARP implementation meetings hosted by the Office of National Drug Control Policy, and continues to provide training to our international law enforcement partners on successful identification, seizure, and neutralization of clandestine heroin/fentanyl laboratories.

Crimes Against Children and Human Trafficking

It is unthinkable, but every year, thousands of children become victims of crimes—whether it is through kidnappings, violent attacks, sexual abuse, human trafficking, or online predators. The FBI is uniquely positioned to provide a rapid, proactive, and comprehensive response; identify, locate, and recover child victims; and strengthen relationships between the FBI and federal, state, local, tribal, and international law enforcement partners to identify, prioritize, investigate, and deter individuals and criminal networks from exploiting children.

But the FBI’s ability to learn about and investigate child sexual exploitation is being threatened by the spread of lawless spaces online. For example, currently, there are at least 30 child pornography sites operating openly and notoriously on the Darknet, including the Tor network. Some of these child pornography sites are exclusively dedicated to the sexual abuse of infants and toddlers. The sites often expand rapidly, with one site obtaining 200,000 new members within its first four weeks of operation.

As was highlighted at a summit held at the Department of Justice on October 4 that focused on warrant-proof encryption and its impact on child exploitation cases, law enforcement stands to lose millions of leads a year due to the adoption of end-to-end encryption. This move will stop technology and social media companies from being able to detect and report child sexual abuse material being traded on their platforms. The spread of end-to-end encryption will not just dry up the leads. It will prevent companies from providing content to law enforcement in response to legal process—the content we need to actually find who and where a victim is. Unfettered online spaces beyond the protection of law allows dangerous criminals to abuse and exploit an untold number of children. By enabling dangerous criminals to cloak their communications and activities behind an essentially impenetrable digital shield, the deployment of warrant-proof encryption is already imposing huge costs on society. It is not just the reprehensible behavior of sexual predation on children, but myriad additional forms of serious crime enabled by end-to-end encryption. This technology is quickly extinguishing our ability to detect and prevent a wide range of criminal activity—from terrorism, to large-scale drug trafficking, to financial fraud, to human trafficking, to transnational gang activity. We realize this is a difficult and complex challenge. However, while we continue to embrace the use of strong encryption within our most critical sectors and infrastructure, we must seek a solution that allows us to protect our nations’ most vulnerable while at the same time addressing the equities of the larger national security community.

The FBI has several programs in place to arrest child predators and to recover missing and endangered children. To this end, the FBI funds or participates in a variety of endeavors, including our Innocence Lost National Initiative, Innocent Images National Initiative, Operation Independence Day, Child Abduction Rapid Deployment Teams, Victim Services, 80 Child Exploitation Task Forces, 53 International Violent Crimes Against Children Task Force Officers, as well as numerous community outreach programs to educate parents and children about safety measures they can follow.

The FBI combats this pernicious crime problem through investigations such as Operation Pacifier, which targeted the administrators and users of a highly sophisticated, Tor-based global enterprise dedicated to the sexual exploitation of children. This multi-year operation has led to the arrest of over 348 individuals based in the United States, the prosecution of 25 American child pornography producers and 51 American hands-on abusers, the rescue or identification of 55 American children, the arrest of 548 international individuals, and the identification or rescue of 296 children abroad.

Child Abduction Rapid Deployment Teams are ready response teams stationed across the country to quickly respond to abductions. Investigators bring to this issue the full array of forensic tools such as DNA analysis, trace evidence, impression evidence, and digital forensics. Through improved communications, law enforcement also has the ability to quickly share information with partners throughout the world, and these outreach programs play an integral role in prevention.

In addition to programs to combat child exploitation, the FBI also focuses efforts to stop human trafficking—a modern form of slavery. The majority of human trafficking victims recovered during FBI investigations are United States citizens, but traffickers are opportunists who will exploit any victim with a vulnerability. Victims of human trafficking are subjected to forced labor or sex trafficking, and the FBI is working hard with its partners to combat both forms.

The FBI works collaboratively with law enforcement partners to investigate and arrest human traffickers through Human Trafficking Task Forces nationwide. We take a victim-centered, trauma-informed approach to investigating these cases and strive to ensure the needs of victims are fully addressed at all stages. To accomplish this, the FBI works in conjunction with other law enforcement agencies and victim specialists on the local, state, tribal, and federal levels, as well as with a variety of vetted non-governmental organizations. Even after the arrest and conviction of human traffickers, the FBI often continues to work with partner agencies and organizations to assist victims in moving beyond their exploitation.

Earlier this year, the FBI announced the results of Operation Independence Day, which relied on more than 400 law enforcement agencies working on FBI Child Exploitation and Human Trafficking Task Forces in each of the Bureau’s 56 field offices. Agents and analysts at FBI Headquarters and in the field worked closely with the National Center for Missing & Exploited Children to identify young runaways, missing kids, and juveniles who may have been subjected to human trafficking. The sweep included undercover operations and has led to the opening of 60 new federal criminal investigations. In all, 103 juveniles were identified or recovered and 67 suspected traffickers were arrested.

The FBI commends the committee’s dedication to these efforts and appreciates the resources provided to combat these horrific acts.

Elder Fraud

As you may already be aware, the FBI participates in a number of working groups and task forces dedicated to combating significant frauds to include phone scams against our nation’s citizens. From health care fraud task forces to interagency groups, many of those resources are focused on preventing, detecting, and combating those frauds which harm senior citizens.

Unfortunately, though, frauds are limited only to the imagination of those who commit such egregious crimes.

Since the Elder Abuse Prevention and Prosecution Act was signed into law, the FBI and Department of Justice have participated in hundreds of enforcement actions in criminal and civil cases that targeted or disproportionately affected seniors. The Justice Department has likewise conducted hundreds of trainings and outreach sessions across the country since the passage of the Act. Just last year, the FBI, the Department and our partners conducted the largest coordinated sweep of elder fraud cases in history. The cases during this sweep involved more than 260 defendants from around the globe who victimized more than two million Americans, most of them elderly. The department took action in every federal district across the country, through the filing of criminal or civil cases or through consumer education efforts. In each case, offenders allegedly engaged in financial schemes that targeted or largely affected seniors. In total, the charged elder fraud schemes caused alleged losses of millions of more dollars than last year, putting the total alleged losses at this year’s sweep at over three fourths of one billion dollars.

* * *

Finally, the strength of any organization is its people. The threats we face as a nation have never been greater or more diverse and the expectations placed on the Bureau have never been higher. Our fellow citizens look to the FBI to protect the United States from all of those threats, and the men and women of the FBI continue to meet and exceed those expectations, every day. I want to thank them for their dedicated service.

Chairman Nadler, Ranking Member Collins, and members of the committee, thank you again for this opportunity to discuss the FBI’s efforts to combat the myriad of threats it faces. I appreciate your continued support and look forward to answering any questions you might have.

Combating Economic Espionage and Trade Secret Theft

Source: Federal Bureau of Investigation FBI Crime News

Statement for the Record

Good morning Chairman Whitehouse, Ranking Member Graham, and distinguished members of the subcommittee. I am pleased to be here with you today to discuss the Federal Bureau of Investigation’s efforts to combat economic espionage and trade secret theft.

Scope of the Problem

Theft of trade secrets occurs when someone knowingly steals or misappropriates a trade secret to the economic benefit of anyone other than the owner. Similarly, economic espionage occurs when a trade secret is stolen for the benefit of a foreign government, foreign instrumentality, or foreign agent. Both crimes are covered by the Economic Espionage Act of 1996, Title 18, Sections 1831 and 1832 of the U.S. Code.

U.S.-based businesses, academic institutions, cleared defense contractors, and government agencies are increasingly targeted for economic espionage and theft of trade secrets by foreign entities, often with state sponsorship and backing. The Office of the National Counterintelligence Executive, using estimates from academic literature, has estimated losses from economic espionage to be in the tens or even hundreds of billions of dollars annually to the American economy.

Our foreign adversaries and competitors are determined to acquire, steal, or transfer a broad range of trade secrets in which the United States maintains a definitive innovation advantage. This technological lead gives our nation a competitive advantage in today’s globalized, knowledge-based economy. Protecting this competitive advantage is vital to our economic security and our national security. Trade secret theft has hit some of the nation’s best-known companies, such as DuPont and Goodyear. To highlight one case in the news earlier this year, a federal jury convicted three defendants in the DuPont case—Walter Liew; Liew’s company, USA Performance Technology Incorporated; and Robert J. Maegerle—of 20 charges, including economic espionage and theft of trade secrets. Liew and Maegerle stole trade secrets from DuPont and sold the information to state-owned companies in China.

Fighting economic espionage and theft of trade secrets from U.S.-based companies is a top priority of the FBI’s Counterintelligence Division (CD). In 2010, CD created the Economic Espionage Unit, a specialized unit focused solely on prosecuting cases under the Economic Espionage Act. Located within CD’s Counterespionage Section, the Economic Espionage Unit works with private sector partners to investigate and prosecute trade secret theft. Within CD, this unit’s caseload has continued to increase every year since its formation. In fact, from fiscal year (FY) 2009 to the end of FY 2013, the number of economic espionage and theft of trade secrets cases overseen by the unit increased by more than 60 percent. Economic espionage and theft of trade secrets represent the largest growth area among the traditional espionage cases overseen by CD’s Counterespionage Section.

Economic espionage and theft of trade secrets are increasingly linked to the insider threat and the growing threat of cyber-enabled trade secret theft. The employee who poses an insider threat may be stealing information for personal gain or may be serving as a spy to benefit another organization or country. Foreign competitors steal trade secrets by aggressively targeting and recruiting insiders; conducting economic intelligence through bribery, cyber intrusions, theft, and dumpster diving (in search of intellectual property or discarded prototypes); and establishing joint ventures with U.S. companies.

Long gone are the days when a spy needed physical access to a document to steal it, copy it, or photograph it, where modern technology now enables global access and transmission instantaneously.

China often is cited as particularly active in the theft of trade secrets. According to a report submitted to Congress by the U.S.-China Economic and Security Review Commission in November 2012, China “depends on industrial espionage, forced technology transfers, and piracy and counterfeiting of foreign technology as part of a system of innovation mercantilism.”1 By obtaining what it needs illegally, China avoids the expense and difficulty of basic research and unique product development, the report concluded. Created by Congress in 2000, the Commission’s mandate is to monitor, investigate, and report to Congress on the national security implications of the bilateral trade and economic relationship between the United States and the People’s Republic of China.

Enhanced Strategies for Law Enforcement

Officials across the U.S. government are pursuing a comprehensive strategy to counter economic espionage as part of a larger campaign against intellectual property theft. In furtherance of this initiative, the U.S. Department of Justice (DOJ) formed a task force on intellectual property in February 2010. The task force works with the Office of the U.S. Intellectual Property Enforcement Coordinator (IPEC), located in the Executive Office of the President. In February 2013, IPEC issued the administration’s Strategy on Mitigating the Theft of U.S. Trade Secrets. The five-part strategy calls for focusing diplomatic efforts to protect trade secrets overseas; promoting voluntary best practices by private industry to protect trade secrets; enhancing domestic law enforcement operations; improving domestic legislation; and raising public awareness and stakeholder outreach. The FBI is also a partner at the National Intellectual Property Rights Coordination Center (IPR Center). Together, the IPR Center’s 21 partner agencies facilitate the exchange of intellectual property theft information among federal government agencies and international partners, plan and coordinate joint domestic and international law enforcement operations, generate and de-conflict investigative leads from industry and the public, provide law enforcement training, and collaborate closely with industry partners on all forms of intellectual property crime.

The DOJ has also taken steps specifically to address economic espionage. Our partners in DOJ’s National Security Division (NSD), for example, are increasingly focused on deterring and disrupting these threats. The FBI works closely with NSD’s Counterespionage Section, whose leadership has deep experience and expertise in prosecuting economic espionage and related issues, and whose attorneys are, as the DuPont verdict shows, committed to prosecuting individuals and entities who commit and sponsor economic espionage by any means.

In addition, NSD, together with the Criminal Division, also established the National Security Cyber Specialists (NSCS) Network in 2012. This nationwide network of specially trained prosecutors who focus on cyber threats to the national security, including economic espionage, is actively working with the FBI to build cases against state sponsored cyber threat actors. The NSCS Network has also improved DOJ’s outreach to the private sector on cyber security issues, including cyber-based economic espionage, both to help prevent intrusions and to improve the government’s response when they occur.

FBI Outreach and Awareness Efforts

To raise public awareness and conduct stakeholder outreach, the FBI uses the Counterintelligence Strategic Partnership Program (CISPP) to mitigate the risks posed by foreign actors in illicitly acquiring sensitive technologies, advanced scientific research, classified U.S. government information, and trade secrets from private industry and academia. The CISPP network consists of more than 80 special agents experienced in counterintelligence who are known as strategic partnership coordinators (SPCs). The SPCs counter foreign intelligence threats to academia and private industry by conducting in-person classified and unclassified threat briefings. SPCs provide an early referral mechanism for reports of possible acts of economic espionage, theft of trade secrets, and cyber intrusions. Last fiscal year, SPCs conducted more than 7,500 presentations and briefings about these threats. At the national level, the CISPP manages the Business Alliance and Academic Alliance programs,2 which foster national and local partnerships between the FBI and private industry and academia.

SPCs currently maintain more than 15,000 contacts nationwide, consisting of local businesses, academic institutions, and cleared defense contractors. The counterintelligence threat briefings and intelligence products provided by SPCs on current trends and indicators help companies detect, deter, and defend against attacks to sensitive proprietary information from foreign adversaries.

This spring, the FBI released a new threat awareness film dramatizing the risks of economic espionage and theft of trade secrets to the American economy. Called The Company Man: Protecting America’s Secrets, this 37-minute film is based on a trade secrets case recently investigated by the FBI. In the real-life case, a group of conspirators tried to recruit a veteran employee to steal the trade secrets they needed to build a competing plant in China. The film will raise the awareness of audiences about the threat of economic espionage and theft of trade secrets and help organizations understand the indicators to watch for so they proactively detect attempts by insiders and foreign agents to illicitly acquire trade secrets and intellectual property. These showings will also encourage viewers to report suspicious activity to the FBI, and help the SPCs build relationships with contacts in local industry and academia. Copies of The Company Man DVD have been shipped to the FBI’s network of SPCs, who are showing the film and handing out educational materials during in-person screenings. The SPCs answer questions from audience members and are available for short discussions about economic espionage and theft of trade secrets afterwards.

Despite the comprehensive outreach efforts undertaken by the FBI, companies which discover misappropriation of their trade secrets, even misappropriation appearing to rise to the level of criminal trade secret theft, sometimes attempt to address the issue through private negotiations or civil litigation, rather than alert law enforcement. As one example of this problem, during a recent economic espionage investigation at a company, the FBI learned the company had been victimized previously on a separate occasion but pursued a civil action instead of contacting the FBI. The FBI is currently looking into whether this earlier incident involved criminal activity. The FBI is committed to ensuring companies have an established line of communication to report concerns about possible economic espionage or trade secret theft to law enforcement. But the FBI must assure companies the government will work to protect their proprietary information from disclosure during prosecution, so that more companies are willing to come forward and report concerns about possible trade secret theft.

Protecting the nation’s economy from this threat is not something the FBI can accomplish on its own. To effectively protect trade secrets, companies need to be proactive—by marking sensitive material as secret or proprietary information, limiting access to protected material, and monitoring who accesses it. Employees should receive regular training, and more frequent notices regarding company policies on protecting trade secrets. Companies should consider implementing non-disclosure agreements with employees to not divulge company proprietary information. If a given piece of information is critical to the long-term success and profitability of a company, the company should limit access to those employees who have a need to know. Further, organizations and companies should evaluate internal operations and policies to determine if current approaches are tailored to the types of risks and factors associated with trade secret misappropriation committed by corporate and state sponsors. For example, areas for evaluation might include: research and development compartmentalization, information and physical security policies, and human resource policies.

Companies also need to educate their employees about some of the warning signs of insider threat, and regularly explain how to report suspicious behavior. Some of these warning signs include working odd hours without authorization; taking home company proprietary information; and installing personal software, or personal media, on company equipment. Other warning signs include short trips to foreign countries without notification or for unexplained reasons, a sudden influx of wealth, or an employee living beyond his or her means. Companies need to get employees involved in protecting proprietary information and willing to come forward and report concerns about suspicious behavior. In many cases investigated by the FBI, co-workers don’t report concerns until after an arrest.

FBI investigators should be contacted as soon as an insider threat is suspected to ensure the passage of time does not hinder any investigation that may be required.

Increased Penalties for Offenders

In 2011, the administration recommended that Congress increase the statutory maximum sentence for economic espionage from 15 to 20 years. In addition, the Administration asked Congress to direct the U.S. Sentencing Commission to consider increasing the guideline range based on aggravated offense conduct in theft of trade secret and economic espionage cases. See Administration’s White Paper on Intellectual Property Enforcement Legislative Recommendations, March 2011, at 4-6 (available at http://www.whitehouse.gov/sites/default/files/ip_white_paper.pdf).

In 2012, Congress responded to the growing threat of economic espionage by approving tougher penalties for those convicted of the crime with passage of the Foreign and Economic Espionage Penalty Enhancement Act of 2012. Formerly, an individual responsible for economic espionage faced a maximum fine of $500,000, and organizations faced a maximum fine of $10 million. Congress passed legislation boosting the maximum fine applicable to individuals to $5 million, and organizations responsible for committing economic espionage now face penalties of the greater of up to $10 million or up to three times the value of stolen trade secrets.

Congress also directed the U.S. Sentencing Commission to examine the sentencing guidelines for economic espionage and theft of trade secrets. Following public hearings in 2013, the commission approved sentencing guideline enhancements where a trade secret is taken out of the country or where a defendant knows the trade secret will benefit a foreign government.

Challenges

Often, the greatest challenge in prosecuting economic espionage, as opposed to trade secret theft, is being able to prove that the theft was intended to benefit a foreign government or foreign instrumentality. The beneficiary of the stolen trade secrets may be traced to an overseas entity, but obtaining evidence that proves the entity’s relationship with a foreign government can be difficult. The decision to pursue these cases under Section 1832 (theft of trade secrets) instead of Section 1831 (economic espionage) may depend upon the availability of foreign evidence and witnesses, diplomatic concerns, and the presence of classified or sensitive information required to prove the foreign nexus element. Since the law was passed in 1996, there have been 10 economic espionage convictions.

* * *

Theft of trade secrets and economic espionage is a significant and sustained threat to the nation’s economy and requires constant vigilance. The FBI is working to investigate and apprehend targets pursuing economic espionage against the United States.

Thank you again for the opportunity to testify. I am now happy to answer any questions you may have.


1 U.S.-China Economic and Security Review Commission, 2012 Report to Congress, 112th Cong., 2d session (Washington, DC: Government Printing Office, 2012): p. 21.

2 The Business Alliance and Academic Alliance programs develop partnerships with leaders from private industry and academia at the national level through the National Security Business Alliance Council (NSBAC) and the National Security Higher Education Advisory Board (NSHEAB). Both NSBAC and NSHEAB meet quarterly at FBI Headquarters.

Dangerous Partners: Big Tech and Beijing

Source: Federal Bureau of Investigation FBI Crime News

Statement Before the Senate Judiciary Committee, Subcommittee on Crime and Terrorism

Washington, D.C.

Statement for the Record

Chairman, ranking member, and members of the committee, thank you for the opportunity to appear before you today to discuss the current threats to the United States homeland. Our nation continues to face a multitude of serious and evolving threats ranging from homegrown violent extremists (HVEs) to cyber criminals to hostile foreign intelligence services and operatives. Keeping pace with these threats is a significant challenge for the FBI. Our adversaries—terrorists, foreign intelligence services, and criminals—take advantage of modern technology to hide their communications; recruit followers; and plan and encourage espionage, cyber-attacks, or terrorism to disperse information on different methods to attack the U.S. homeland, and to facilitate other illegal activities.

Cyber Threats

Virtually every national security threat and crime problem the FBI faces is cyber-based or facilitated. We face threats from state-sponsored hackers, hackers for hire, organized cyber syndicates, and terrorists. On a daily basis, these actors seek to steal our state secrets, our trade secrets, our technology, and our ideas—things of incredible value to all of us and of great importance to the conduct of our government business and our national security. They seek to hold our critical infrastructure at risk and to harm our economy.

The FBI is investigating a wider-than-ever range of threat actors, from transnational organized cybercrime to nation-state adversaries to terrorists using social medial for recruiting and radicalization purposes. The scale, scope, speed, and impact of cyber threats is constantly evolving, which may explain why we are also seeing a blending of threats, such as nation state adversaries using criminal actors as proxies to mask their activities. The frequency and severity of malicious cyber activity on our nation’s networks have increased dramatically in the past decade when measured by the amount of corporate data stolen or deleted, the volume of personally identifiable information compromised, or the remediation costs incurred by U.S. victims. Companies that hold large amounts of Personally identifiable information (PII) are susceptible to loss of American’s personal data to criminal organizations, terrorists, and nation-state cyber actors. Hotel chains, airlines, health care companies, credit bureaus, government agencies, and cleared defense contractors have previously been victims of PII theft.

Cyber Criminal Trends

Cyber threats are not only increasing in size and scope, but are also becoming increasingly difficult and resource-intensive to investigate. Cyber criminals often operate through online forums, selling illicit goods and services, including tools that lower the barrier to entry for aspiring criminals and that can be used to facilitate malicious cyber activity. These criminals have also increased the sophistication of their schemes, which are more difficult to detect and more resilient to disruption than ever. In addition, whether located at home or abroad, many cyber actors are obfuscating their identities and obscuring their activity by using combinations of leased and compromised infrastructure in domestic and foreign jurisdictions. Such tactics make coordination with all of our partners, including international law enforcement partners, essential.

Increasingly sophisticated obfuscation techniques are also enabling actors to stealthily obtain data from victims or re-purpose victim computers into cryptocurrency-mining botnets. Botnets used by cyber criminals have been responsible for billions of dollars in damages over the past several years. The widespread availability of malicious software (malware) that can create botnets allows individuals to leverage the combined bandwidth of thousands, if not millions, of compromised computers, servers, or network-ready devices to disrupt the day-to-day activities of governments, businesses, and individual Americans.

Cyber threat actors are conducting ransomware attacks against U.S. systems, encrypting data and rendering systems unusable—thereby victimizing individuals, businesses, and even emergency service and public health providers. Our threat reporting has demonstrated that ransomware attacks are becoming more targeted, sophisticated, and costly, even as the overall frequency of ransomware attacks is holding steady or declining. Since early 2018, the incidence of broad, indiscriminate ransomware campaigns has sharply declined, while losses from ransomware attacks have increased significantly. Allow me to restate that for emphasis: while the number of reported attacks has gone down, the effects and impacts of the attacks are going up. Meanwhile, state and local governments have been particularly visible targets for ransomware attacks. However, ransomware campaigns have also heavily impacted health care organizations, industrial companies, and the transportation sector.

Business email compromise (BEC) remains a pervasive threat due to its low barrier of entry and maturing social engineering techniques, and cyber criminals almost certainly will continue to use BEC to target industries indiscriminately. BEC threat actors have widened their money laundering networks, including domestic transfers prior to laundering the money overseas, which presents challenges and opportunities for countering this type of fraud. Readily available online personal and business information enhances the reconnaissance capability of actors, providing BEC threat actors with more credible social engineering lures. Spoofed domains are seen in the majority of BEC attempts, and likely will remain a technique used by cyber actors. BEC attacks combining social engineering with network intrusions demonstrate an increase in attack sophistication that can use keyloggers or other malware to identify potential targets, such as business vendors, as well as sell access to or further exploit compromised systems.

Actors have learned that BEC is effective and are adapting lures to target human resources departments for PII, such as W-2 tax forms to commit stolen identity return fraud, rather than requesting wire transfers. Additionally, industry partners have observed BEC actors increasingly instruct victims to send automated clearinghouse transfers to prepaid cards in the initial laundering phase.

Nation State Activities: China

While several nation-states pose a cyber threat to U.S. interests, no other country presents a broader and more comprehensive threat to our ideas, innovation, and economic security than the People’s Republic of China (PRC) under the leadership of the Chinese Communist Party (CCP). The threat takes many different forms. Beijing employs a whole-of-government approach to its intelligence collection strategy. While cyber network operations remain a primary and possibly increasing collection tool, the CCP also relies on techniques such as intellectual property theft, purchases of U.S. corporations, and physical and property theft to acquire U.S. data.

For example, less than a month ago, on February 10, the Department of Justice (DOJ), in coordination with the FBI, publicly unsealed an indictment against four Chinese cyber actors who allegedly acted as agents of the People’s Republic of China’s People’s Liberation Army (PLA). All four actors are currently located in China. The alleged crimes occurred between May 13, 2017 and July 30, 2017. The actors targeted a software vulnerability to gain unauthorized access to Equifax’s network and ultimately obtain PII for 145 million American citizens, as well as the intellectual property of the U.S. company.

The indictment alleges the four individuals named therein reside in Beijing, China and are members of the 54th Research Institute. The 54th Research Institute is a component of the PLA. The indicted individuals gained unauthorized access, via a software vulnerability, to Equifax’s internal network, where they allegedly ran approximately 9,000 queries on Equifax’s systems and obtained the names, birth dates, and social security numbers for approximately half of all adult American citizens. The defendants also took deliberate steps to evade detection in the system, including routing traffic through approximately 34 servers located in nearly 20 countries to obfuscate their true location, using encrypted channels in order to blend in normal traffic within Equifax’s network, and wiping log files on a daily basis to try to eliminate records of their activity.

DOJ, the FBI, and our partners will continue to work tirelessly to combat this threat posed by the Chinese government against our nation. Although the PRC continues to modify the ways in which it conducts nefarious cyber activity, including through working with criminal hackers, the cases prosecuted by the DOJ in partnership with the FBI reflect an increasingly sophisticated ability to attribute criminal conduct to the individuals and nation states involved. We will be relentless in our pursuit of such malicious activity against our citizens and our industry.

There are other risks. Chinese companies are increasingly acquiring or launching social media applications not housed in mainland China for the global consumer market. These applications generate big data and collect PII, such as biometric information, contact lists, location data, log data, communication metadata, content (text and photographic), bank and credit card details, and financial transactions of U.S. persons. The associated user agreements and privacy policies typically obfuscate the companies’ data handling responsibilities or directly state any and all data can be transferred to other locations and associated entities to include the Chinese parent company. These data handling policies create a risk for U.S. big data and PII to be targeted and exploited by PRC actors. More broadly, consumers should be aware of the privacy implications of any application they install, especially applications from foreign countries with weak data protection laws.

In June 2017, the PRC introduced a new national cyber security law that requires foreign firms to store data locally and submit to data surveillance measures. Although implementing regulations are still being drafted, Beijing could likely use these authorities and policies to compel access to U.S. commercial and sensitive personal data, including sensitive information stored or transmitted through Chinese systems. U.S.-based subsidiaries of Chinese corporations and entities, or organizations in the U.S. partnering on cooperative research and development efforts, are among the entities affected by this law. The law has raised fears by those concerned with Beijing’s control of sensitive company information and increased opportunity to steal intellectual property.

Threats Exposing Vulnerabilities on Critical Infrastructure Networks and the Public

Virtually all companies collect and maintain sensitive data either of their own employees or customer information. The overall trend of digitizing data for ease of use or access makes many different industries vulnerable to data breaches. For instance, over recent years the health care industry has moved to centralizing patient data and using Internet-connected devices,which has increased the sector’s potential attack surface. Cyber actors benefit from this target-rich environment as the passage of patient data between health care departments and networks is critical to their care, but often levels of cybersecurity vary. Ransomware, denial of service attacks, and data breaches can all impede the ability to provide basic patient care and privacy for protected health information (PHI). Electronic medical records typically contain PII, which, combined with medical record information, is known as PHI.

It is also highly likely cyber actors target the IT sector to access their customers’ data and networks. IT sector entities manage and store valuable customer data and have unique, privileged access to client networks. These vital services create an environment where IT sector networks are compromised as a means for malicious cyber actors to reach a final target for fraud, hacktivism, and counterintelligence purposes.

Entertainment and media companies use Internet-enabled systems for marketing, merchandising, ticketing, and reservations. As a result, owners and operators manage and protect databases of customer and employee data, including personal, financial, and credit card information. Since at least 2015, nation-state and criminal cyber actors have conducted computer network exploitation against the subsector likely to gain unauthorized access to non-public information, although the extent of the access in each case remains unclear.

Efforts Used to Combat, Prevent, and Investigate Hacking or the Misuse of this Data

In order to combat cyber threats, the FBI has taken a whole-of-society approach. We actively engage with our private sector partners through the National Cyber-Forensics and Training Alliance (NCFTA), which is a non-profit partnership between private industry, government and academia all working together to identify and disrupt cyber-crime. We recently hosted a ransomware-focused summit, with incident response companies, representatives from the legal and insurance industries as well as other government entities, where we discussed collaborative efforts to address the threats.

The FBI also partners with the National Defense Cyber Alliance (NDCA), which is a non-profit organization bringing together the U.S. Intelligence Community and cleared defense contractor community to improve the security of their networks. Similar to how the NCFTA supports the financial/retail sector against criminal threats, the NDCA is designed to support the defense industrial base against national security threats.

Through undercover operations and confidential human sources, we are targeting and shutting down dark-net and Clearnet criminal forums where identities are sold and where cyber criminals gather to plan their next attack. We are actively engaging with our international partners through our Cyber Assistant Legal Attaché program, through our annual FBI-sponsored International Task Force, and through our participation in the FBI-led International Cyber Crime Operations Summit, as well as the Five Eyes Law Enforcement Group Cyber Crime Working Group.

The FBI understands the importance of stressing cybersecurity with individuals, not just with organizations. To do so, we hold a series of events aimed at educating and speaking with individuals about these issues. The FBI regularly takes part in public awareness campaigns,where we coordinate with other agencies on initiatives for engagement with the private sector to prevent threats to critical infrastructure, educate entities on serious cyber threats, and ultimately close intelligence gaps. Additionally, we disseminate Private Industry Notifications, FBI Liaison Alert System reports, and public service announcements to share cyber threat information with the private sector and the general public.

Conclusion

The FBI is engaged in myriad efforts to combat cyber threats, from improving threat identification and information sharing inside and outside of the government, to developing and retaining new talent, to examining the way we operate to disrupt and defeat these threats. FBI agents, analysts, and computer scientists are using technical capabilities and traditional investigative techniques—such as sources, court-authorized electronic surveillance, physical surveillance, and forensics—to counter these threats.

Iris Biometric Added to NGI

Source: Federal Bureau of Investigation FBI Crime News

“We are contacting our partners across the country and encouraging them to initiate this program,” said Special Agent Scott Rago, who heads the Biometric Services Section in the FBI’s Criminal Justice Information Services Division (CJIS). “Having the ability where they don’t have to have contact with the individual—it just takes a second or two to look into the device and have your eyes captured and you get a response within a minute—it’s a very, very positive system.”

To date, the iris image repository contains 1.38 million enrollments submitted from federal, state, and local databases after they were collected during criminal bookings, incarcerations, or other legal proceedings. The iris images won’t replace fingerprints, which the FBI has collected and analyzed for nearly a century; they are a secondary biometric, or supplement, to the traditional collection of 10-finger prints and palm prints.

The Bureau’s fingerprint database—Next Generation Identification—contains more than 70 million prints of criminal subjects and more than 30 million civil fingerprints from background checks.

Rago said he hopes to see the iris image database grow to where it can make an impact on solving cases.

During the pilot period, which began in September 2013, several correctional systems incorporated iris collection into their processes, which enabled staff to get positive identifications—without physical contact—on inmates as they transferred in and out of facilities. The seven-year pilot enabled the FBI to build the criminal iris repository as well as assess privacy policies, best practices, and other requirements.

In the new system, so-called probe images of a subject’s left and right irises are captured at close range in a controlled setting. The images can then be searched against all the irises in the FBI’s repository. The process takes about a minute. A match will return the subject’s biographic data along with their criminal record, select National Crime Information Center record data, and, in some cases, a mug shot.

The Iris Service is the latest addition to the Bureau’s NGI System, which is the world’s largest and most efficient electronic repository of biometric and criminal information. In addition to repositories for irises and fingerprints, NGI includes 30 million criminal mugshots that law enforcement partners can search against.

Rago said he expects the NGI Iris Service to appeal to police and correctional workers because it’s fast, easy to use, and hands-off.

“In the future, once the repository has grown to a good sample size, you can imagine a police officer on a traffic stop using the mobile iris camera capability,” Rago said. “If someone’s being difficult, they don’t even have to put their hands on them. It’s, ‘Look at me,’ and capture the iris. They can run the information and get a response.”