Taking a Byte Out of Cyber Crime
Cyber-related attacks are becoming a greater part of the FBI’s portfolio, leader says.
The FBI has a full plate: fighting public corruption, organized and white-collar crime and domestic and foreign terrorism; solving violent crimes; protecting civil rights; neutralizing national security threats, espionage and counterintelligence; and mitigating threats of weapons of mass destruction, among other responsibilities. And one part of the bureau is growing to protect the nation against cyber threats.
The FBI’s Cyber Division is stepping up its investigative capabilities to identify and capture malicious actors given the rise of digital-based crimes, said Amy Hess, executive assistant director of the bureau's Criminal, Cyber, Response, and Services Branch. The FBI relies on its field-centric model to bring down dangerous criminal enterprises, Hess said, and these methods apply to cyber crimes. “[Cyber attacks] have become more and more prevalent in every investigation and everything we do,” she noted. “We have seen the threat evolving and growing every day.”
And although the federal law enforcement agency’s mandate is to pursue federal crimes domestically, the perpetrators are increasingly foreign, especially when it comes to cyber, Hess said. The bureau relies on its international operations, which includes 80 overseas offices, its extradition treaties and foreign partners such as Interpol, which issues red notices for the arrest of cyber criminals.
Last December, the Department of Justice (DOJ) indicted two Chinese nationals affiliated with a hacking group known as APT10, which was associated with the Chinese government's Ministry of State Security (MSS), Hess said. The group conducted major cyber attack campaigns against U.S. companies and governmental agencies to steal intellectual property and confidential business information.
“The hackers’ work crossed over traditional criminal and national security lines to achieve China's intelligence mission,” Hess stressed. “Now, China's goal is simple: to replace the United States as the world's leading superpower. And they will continue to break societal laws and norms to get there. In fact, we've seen an increasing level of sophistication in their techniques tactics and procedures.”
Russia is also following the hybrid threat model of using nation-state actors or hiring criminals to pursue their national security objectives via hacking.
“Going toe-to-toe with China in terms of the cyber threat is Russia,” Hess continued. “We're seeing similar hybrid threats coming from there as well but with a slightly different objective.”
In October, the DOJ indicted seven officers from Russia's main intelligence directorate known as the GRU for computer hacking, wire fraud, aggravated identity theft and money laundering. The individuals conducted the hacking to retaliate against world anti-doping officials who had publicly exposed the Russian government's sponsorship of doping by Russian athletes, she explained.
“The hacks were in line with other activity we've seen from Russia and were part of a disinformation campaign to undermine the regulatory organizations and spread false narratives about other athletes and organizations,” Hess explained. “[Again], these activities moved well beyond acceptable government intelligence operations and broke traditional norms and the law by using cyber resources.”
The United States also pursued and indicted two Iranian national criminal actors for deploying ransomware that caused $330 million in losses in an attack focused on hospitals, local governments and other public institutions, she said.
“In indicting foreign nationals from China, Russia and Iran we are sending a message that we will do whatever is in our power to hold these people accountable,” Hess charged. “Even when those indicted are not immediately accessible to answer the charges, we will work to expose them and to limit their future criminal activity.”
Hess also considers attribution of cyber attacks a key enforcement tool that allows the U.S. government to take coordinated action to impose costs on perpetrators that violate U.S. law or threaten national security.
“If we're able to attribute malicious cyber activity to a nation-state, it enables policy makers to consider using all tools available to impose those costs, including sanctions through the U.S. Treasury, the Commerce Department and U.S. Trade Representative action,” Hess stated. “So while we can't always apprehend subjects at least quickly or easily we will keep at it. We will keep disrupting their lives and their activity. We have a long memory and an important responsibility to the victims.”
Hess, one of the FBI’s six executive assistant directors, spoke recently at the eighth annual International Conference on Cyber Engagement (ICCE) held in Washington, D.C., by the Atlantic Council, Dentons, Bank Polski and Texas A&M.