Cybersecurity threats from nation-state actors and ransomware incidents remain a top priority for the FBI, especially as foreign adversaries continue advancing capabilities to compromise U.S. national security and economic activities, the bureau’s Director Christopher Wray said before members of Congress this week.
While Russia, Iran and North Korea pose critical cybersecurity threats to the United States, China — especially the Chinese Community Party — is the most significant geopolitical foe the United States will face, according to Wray's testimony during a Senate Judiciary Committee hearing Thursday.
“The men and women of the FBI are taking on the Chinese government’s broad-scale economic espionage campaign, targeting our ideas, our innovation, our economic security,” Wray said. “They’re working with our government, foreign and private-sector partners to meet the danger from cyber actors — including fighting the scourge of ransomware attacks against U.S. businesses and critical infrastructure.”
Wray said the FBI and its partners have made “significant strides” in recognizing the threat that China poses, but the U.S. is far behind meeting milestones it needs to meet to stay ahead.
“As a country, we’re playing catchup on the threat, and so part of what I’ve got all our people doing is out there beating the bushes, interacting with the business community, the academic community,” Wray said. “I interact with our foreign partners trying to kind of raise awareness of the threat. It’s hard to think in some ways that something that significant could fly that much under the radar for that many people.”
Nation-state cyber threats and attacks have generally expanded in recent years. Wray noted in his testimony that supply-chain compromise through incidents like the SolarWinds discovered in 2020, intellectual property theft around COVID-19 research and innovation, as well as foreign influence on elections are all challenges for national security.
Cybercrime more broadly is another challenge. Medical centers, hospitals and educational institutions have been targets of theft and ransomware, and the FBI has seen the rise of “an ecosystem of services” that supports cybercrime in exchange for cryptocurrency.
“’Bullet-proof’ hosts refuse to cooperate with law enforcement authorities, allowing criminals to carry out criminal schemes without being identified or taken offline; ‘ransomware-as-a-service’ groups lease their ransomware for a fee; ‘crypters’ assist criminals by ensuring that their malware will not be detected by anti-virus software; and ‘mixers’ and ‘tumblers’ help criminals hide illicit virtual currency payments,” Wray stated in his testimony.
Although cyber threat capabilities have become more sophisticated, Wray said the FBI works with federal and international partners to address key threats. This past April, FBI collaborated with German law enforcement, the Drug Enforcement Agency (DEA), IRS, U.S. Postal Inspection Service and U.S. Immigration and Customs Enforcement's (ICE) Homeland Security Investigations (HSI) division to take down the world’s largest and longest-running darknet market, Hydra Market.
In 2021, Hydra accounted for an estimated 80% of all darknet market-related cryptocurrency transaction, and since 2015, it has exchanged approximately $5.2 billion in cryptocurrency. It enabled mainly Russian-speaking countries to buy and sell illicit goods and services, such as illegal drugs, stolen financial information and more, Wray said.
The FBI took over 1,100 actions against cyber adversaries in 2021, including arrests, criminal charges, convictions and dismantlement, Wray added. He also emphasized the FBI will lean on its partners to continue improving these efforts.
“The government cannot protect against cyber threats on its own,” Wray said. “We need a whole-of-society approach that matches the scope of the danger. There is really no other option for defending a country where nearly all of our critical infrastructure, personal data, intellectual property and network infrastructure sits in private hands.”