Category Archives: FBI

DHS Concerns on Election Related Incidents, Facebook Doesn’t Care

Posted on by

The Department of Homeland Security notices an increase of election-related incidents, but thinks midterm voting will go off relatively unproblematically. Anomali reports a surge in black-market trafficking of voter records.

Voting Records of Over 40 Million Americans for Sale on ...

But you wont find out from Facebook if there are any issues….Facebook is going to block all posts regarding voting issues.

What could be the issues?

Anomali Labs researchers in close partnership with Intel 471, a leading cybercrime intelligence provider, have uncovered a widespread unauthorized information disclosure of US voter registration databases. To be clear, this voter information is made generally available to the public for legitimate uses. Anomali and Intel 471 researchers discovered dark web communications offering a large quantity of voter databases for sale. The databases include valuable personally identifiable information and voting history. The disclosure reportedly affects 19 states and includes 23 million records for just three of the 19 states. No record counts were provided for the remaining 16 states, but do include prices for each state. We estimate that the entire contents of the disclosure could exceed 35 million records. Researchers have reviewed a sample of the database records and determined the data to be valid with a high degree of confidence.

Of note, the seller indicates they receive weekly updates of voter registration data across the states and that they receive information via contacts within the state governments. Certain states require the seller to personally travel to locations in-state to receive the updated voter information. This suggests the information disclosure is not necessarily a technical compromise but rather a likely targeted campaign by a threat actor redistributing possibly legitimately obtained voter data for malicious purposes on a cybercrime forum.

To our knowledge, this represents the first reference on the criminal underground of actors selling or distributing lists of 2018 voter registration data, including US voters’ personally identifiable information and voting history. With the November 2018 midterm elections only four weeks away, the availability and currency of the voter records, if combined with other breached data, could be used by malicious actors to disrupt the electoral process or pursue large-scale identity theft. More here.

Meanwhile, over to Facebook…. (who are they to determine what is false? See something, say something and Facebook will punish us all.)

MENLO PARK, Calif. (Reuters) – Facebook Inc will ban false information about voting requirements and fact-check fake reports of violence or long lines at polling stations ahead of next month’s U.S. midterm elections, company executives told Reuters, the latest effort to reduce voter manipulation on its service.

The world’s largest online social network, with 1.5 billion daily users, has stopped short of banning all false or misleading posts, something that Facebook has shied away from as it would likely increase its expenses and leave it open to charges of censorship.

The latest move addresses a sensitive area for the company, which has come under fire for its lax approach to fake news reports and disinformation campaigns, which many believe affected the outcome of the 2016 presidential election, won by Donald Trump.

The new policy was disclosed by Facebook’s cybersecurity policy chief, Nathaniel Gleicher, and other company executives.

The ban on false information about voting methods, set to be announced later on Monday, comes six weeks after Senator Ron Wyden asked Chief Operating Officer Sheryl Sandberg how Facebook would counter posts aimed at suppressing votes, such as by telling certain users they could vote by text, a hoax that has been used to reduce turnout in the past.

The information on voting methods becomes one of the few areas in which falsehoods are prohibited on Facebook, a policy enforced by what the company calls “community standards” moderators, although application of its standards has been uneven. It will not stop the vast majority of untruthful posts about candidates or other election issues.

“We don’t believe we should remove things from Facebook that are shared by authentic people if they don’t violate those community standards, even if they are false,” said Tessa Lyons, product manager for Facebook’s News Feed feature that shows users what friends are sharing.

Links to discouraging reports about polling places that may be inflated or misleading will be referred to fact-checkers under the new policy, Facebook said. If then marked as false, the reports will not be removed but will be seen by fewer of the poster’s friends.

Such partial measures leave Facebook more open to manipulation by users seeking to affect the election, critics say. Russia, and potentially other foreign parties, are already making “pervasive” efforts to interfere in upcoming U.S. elections, the leader of Trump’s national security team said in early August.

Just days before that, Facebook said it uncovered a coordinated political influence campaign to mislead its users and sow dissension among voters, removing 32 pages and accounts from Facebook and Instagram. Members of Congress briefed by Facebook said the methodology suggested Russian involvement.

Trump has disputed claims that Russia has attempted to interfere in U.S. elections. Russian President Vladimir Putin has denied it.

WEIGHING BAN ON HACKED MATERIAL

Facebook instituted a global ban on false information about when and where to vote in 2016, but Monday’s move goes further, including posts about exaggerated identification requirements.

Facebook executives are also debating whether to follow Twitter Inc’s recent policy change to ban posts linking to hacked material, Gleicher told Reuters in an interview.

The dissemination of hacked emails from Democratic party officials likely played a role in tipping the 2016 presidential election to Trump, and Director of National Intelligence Dan Coats has warned that Russia has recently been attempting to hack and steal information from U.S. candidates and government officials. More here.

5G Coming with Major Risks from China

Posted on by

Primer: Samsung Galaxy S10 Coming with 5G Data Speeds ...

Stuart Madnick, who’s been professor of information technology at the Massachusetts Institute of Technology since 1972, tells Inverse that the FCC and ISPs are casting a double-edged sword in their rush to implement 5G.

“It’s like going from fireworks to dynamite sticks,” Madnick says. “5G encourages further evolution and expansion of Internet of Things related networks. All of the good news and bad news that comes along with this technology gets magnified.”

He’s especially concerned about the risk of denial of service attacks — or DDoS for short — becoming more powerful than ever before. One of the advertised benefits of 5G is that it will allow even more IoT devices, like refrigerators or light bulbs, to come online. This would allow users to remotely check the contents of their fridge or dim their bedroom lights using their phones, but these devices can also be harnessed for nefarious purposes.

One of the most notorious DDoS incidents in history — the 2016 Dyn cyberattack — was facilitated by unsecured IoT devices, like security cameras, printers, and baby monitors. Hacker groups Anonymous and New World Hackers allegedly took control of thousand of electronics that still had their default passwords to amass an army of zombie devices, known as a botnet.

This network was used to overwhelm the servers of internet performance management company, Dyn. Websites like Twitter, SoundCloud, Spotify, and Shopify were inaccessible for a day. Madnick believes this could happen again, to a degree that hasn’t even been imagined yet. Perhaps the biggest sites on the web will go down for days, including online blanks, or worse, the internet that controls a public utility like electricity. Perhaps the biggest sites on the web will go down for days, including online blanks, or worse, the internet that controls a public utility like electricity.

*** Related reading: Lessons Learned from WannaCry attack

How 5G will Power the Future Internet of Things - iQ by Intel

Ex-security minister Admiral Lord West calls for urgent government action after Chinese firms are banned in Australia and the US.

Security threats from Chinese companies building 5G networks could end up “putting all of us at risk” if they are not tackled quickly, according to a former security minister.

Speaking to Sky News, Admiral Lord West, a former First Sea Lord who served under Gordon Brown as a security minister, urged the government to set up a unit reporting directly to the prime minister to monitor the risk posed by Chinese equipment in 5G.

5G has been hailed as the next great leap for mobile communications, enabling everything from smart cities to hologram calls.

However, the best 5G technology comes from Chinese companies, raising the fear that China’s government could have ground-level access to – even control of – the UK’s critical data infrastructure.

“We’ve got to see there’s a risk,” Lord West said. “Yes, we want 5G, but for goodness sake we need to do all of these things to make sure it’s not putting all of us at risk.”

In April, the United States banned Chinese multinationals Huawei and ZTE – both specialists in 5G – from selling equipment to the federal government.

In August, the Australian government banned the same two firms from supplying technology for its 5G network, a decision foreign minister Marise Payne described as necessary for “the protection of Australia’s national security”.

In a statement, Huawei called the decision “politically motivated, not the result of a fact-based, transparent, or equitable decision-making process,” adding that “there is no fundamental difference between 5G and 4G network architecture… 5G has stronger guarantees around privacy and security protection than 3G and 4G”.

Robert Hannigan, former director of GCHQ, told Sky News an outright ban in the UK would not make 5G safe.

“The best companies in 5G are probably the Chinese ones and there aren’t many alternatives,” he said, before warning that new measures were needed to test the security of the network.

“We do need to find a way of scrutinising what is being installed in our network, and how it is being overseen and how it is being controlled and how it’s being upgraded in the future. And we have to find a more effective way of doing that at scale.”

In April, GCHQ’s National Cyber Security Centre warned ZTE could pose a national security risk to the UK.

Two months later, the UK’s Huawei Cyber Security Evaluation Centre, a group set up by the government to monitor the Chinese firm, announced that it had “only limited assurance” that Huawei posed no threat to national security

“It was a bit of a warning to Huawei,” said Mr Hannigan. “They needed to get better at cooperating and take this more seriously.”

The difficulty for the Huawei Cyber Security Evaluation Centre is knowing for certain that the code it vets and approves is the same code that is going into networks.

“That’s been a persistent problem,” said Mr Hannigan. “That needs more work.”

The government has put £200m into the development of 5G. Last month, the first 5G pilot centre launched in the West Midlands, testing the technology before a national roll-out.

BT, which uses Huawei to supply parts for its network, told Sky News that it would “apply the same stringent security measures and controls to 5G when we start to roll it out, in line with continued guidance from government”.

The Other Facts about Jamal Khashoggi

Posted on by

The media is hardly revealing the other facts regarding Khashoggi. My buddy over at GMBDW did the work I was about to do. Hat tip to them.

First it should be mentioned that Saudi Arabia declared the Muslim Brotherhood a terror organization in 2014. Another key item is Jamal Khashoggi has been in self-imposed exile, living in Virginia for at least a year or more. He is quite critical of the Saudi Kingdom for quite some time. Remember, the Saudi royalty has been slowly and methodically working to alter the religious doctrine in the country, of which Khashoggi is against.

Khashoggi has been in print media for years, question is while being on the payroll of the Washington Post, did the ownership of WaPo know about his nefarious resume? If they did not, it is lousy journalism, if they did, we need to question the motivations of WaPo.

Why was he in Turkey in the first place? He has a friendship with Recep Tayyip Erdogan, the President of Turkey. Jamal was about to marry and he recently bought an apartment in Istanbul.

https://i.cdn.turner.com/dr/cnnarabic/cnnarabic/release/sites/default/files/styles/og_image/public/image/dfbndfgb.jpg?itok=V4G8LiSF

So, what are the other facts?

Global media has been widely reporting on the alleged disappearance of Saudi national and Washington Post columnist Jamal Khashoggi, often describing him in terms such as “a dissident-journalist critical of the oil-rich kingdom.” As the BBC recently reported:

Jamal Khashoggi, a well-known journalist and critic of the Saudi government, walked into the country’s consulate in Istanbul last week to obtain some documents and has not been seen since.

Generally but not always overlooked in the media coverage are Khashoggi’s ties to the Global Muslim Brotherhood. For example, British author and journalist John R. Bradley reports that Khashoggi joined the Muslim Brotherhood in the 1970’s:

October 11, 2018  In truth, Khashoggi never had much time for western-style pluralistic democracy. In the 1970s he joined the Muslim Brotherhood, which exists to rid the Islamic world of western influence. He was a political Islamist until the end, recently praising the Muslim Brotherhood in the Washington Post. He championed the ‘moderate’ Islamist opposition in Syria, whose crimes against humanity are a matter of record. Khashoggi frequently sugarcoated his Islamist beliefs with constant references to freedom and democracy. But he never hid that he was in favour of a Muslim Brotherhood arc throughout the Middle East. His recurring plea to bin Salman in his columns was to embrace not western-style democracy, but the rise of political Islam which the Arab Spring had inadvertently given rise to. For Khashoggi, secularism was the enemy.

Washington Post writer David Ignatius, who says he knew Khashoggi for 15 years, also reports that Khashoggi joined the Muslim Brotherhood at some unspecified time, likely while in the US for his education:

October 7, 2018  Khashoggi was passionate for reform of an Arab Muslim world that he considered corrupt and dishonest. He grew up in Medina, the son of a Saudi who owned a small textile shop. He went to the United States for college, attending Indiana State University. He also embraced Islam, joining the Muslim Brotherhood and, in the late 1970s, befriending the young Osama bin Laden, whom he tried to turn against violence.

Interesting is Khashoggi’s attendance at Indiana State University confirmed in a local media report which says he was an undergraduate student at Indiana State from 1977-1982, and was awarded a degree in business administration on May 7, 1983. According to a report by the GMBDW author, at the same time Khashoggi was attending university in Indiana, the state was the hub of the newly developing complex of organizations that would become the US Muslim Brotherhood. For example, the report notes a key meeting held in early 1977 described as follows:

As the Muslim Student Association (MSA) reached its mid-teens it began preparing for an expanded role in the service of Islam. It called an historic meeting of a cross-section of Islamic workers, in Plainfield, Indiana, in early 1397/1977. This meeting set up a task force to recommend a new organizational structure to respond to the increasing challenges and responsibilities emerging in the growing North American Muslim communities. The task force concluded that the new environment would be best served by establishing a broader umbrella organization called “ISNA.”

ISNA, the Islamic Society of North America, emerged out of the early US Muslim Brotherhood infrastructure and documents discovered in the course of the the terrorism trial of the Holy Land Foundation confirmed that the organization was part of the U.S. Muslim Brotherhood. ISNA was named as a Holy Land unindicted co-conspirator as a result of what the US Justice Department called the organization’s “intimate relationship with the Muslim Brotherhood, the Palestine Committee, and the defendants in this case.” Although not confirmed, it would seem more than possible that a Muslim student active in Indiana would have been interacting with the complex of US Brotherhood organizations rapidly developing at that time. Khashoggi is also known to have close relations with Saudi businessman Prince Al Waleed Bin Talal who appointed him to run the ill-fated Al Arab television station in Bahrain in 2015. As frequently reported by the GMBDW, Prince Talal is known to have made donations to both the ISNA and to the Council on American Islamic Relations (CAIR), also part of the US Muslim Brotherhood.

Not all reporting characterizes Khashoggi as a Muslim Brotherhood “member” although it should be remembered that membership is a nebulous concept when discussing the Global Muslim Brotherhood. The independent Turkish news portal Ahval claims that while Khashoggi was not a  Brotherhood member he was “someone close to their ideas”:

October 10, 2018  Khashoggi is not a member of the Muslim Brotherhood, but someone close to their ideas, according to his friends, … “I cannot say he was an official member of the Muslim Brotherhood. Maybe he was at the beginning, but he had close ties. The leaders of the movement in Egypt and Tunisia were Jamal’s friends. After the Arab spring, he wanted political Islam to come to power. But he was not an Islamist,” Ahmed Zaki, from BBC Arabic said.

As for Khashoggi himself, Islamist media reported in 2017 that he denied that being a member of the Muslim Brotherhood although he characterized Brotherhood thought as “noble”:

September 11, 2017 Saudi Arabian journalist Jamal Khashoggi has denied that he is a member of the Muslim Brotherhood. The writer, who has been banned from publication by the Saudi authorities for the past 9 months, pointed out that the Brotherhood allegation is directed at anyone believing in change, reform or the Arab Spring. Responding on Twitter to another user who asked who was behind the accusations directed at him, Khashoggi said: “For a while now, I have found that anyone who believes in reform, change, the Arab Spring, and freedom, and those who are proud of their religion and their country is labelled as being part of the Muslim Brotherhood. It seems that the Brotherhood’s school of thought is noble.”

However at the same time, and in another interview, Khashoggi gave a somewhat disingenuous denial of Brotherhood membership, stating that he was not “officially a member” but did not mind being referred to as such:

September 13, 2017 Saudi writer Jamal Khashoggi confirmed the news stating that he was suspended from writing for Al-Hayat newspaper, based on a decision by Al-Hayat publisher Khalid bin Sultan bin Abdulaziz Al Saud, and the recommendation of Fahd bin Khalid Al Saud.Commenting on the news, Khashoggi said in a tweet that “the decision of suspension was indeed made by the publisher. I spoke with his Highness a little while ago, we agreed to reject the dissemination of the culture of hatred, and disagreed with regards to the Muslim Brotherhood. I have much appreciation for him.” Khashoggi, who currently resides in Washington, has criticized the arrests of preachers, including Salman al-Awda and Awad al-Qarni, who are affiliated with the Muslim Brotherhood, adding that belonging to the Muslim Brotherhood “is not a charge,” further noting that he “does not feel offended if someone says I am [part of]the Brotherhood, although I am not officially a member.”

Consistent with ties to the Global Muslim Brotherhood is Khashoggi’s friendship with Azzam Tamimi, a UK activist for Hamas and a leader in the UK Muslim Brotherhood. According to an Associated Press report, the two hd been involved in setting up “pro-democracy” projects since 1992:

Khashoggi had incorporated his democracy advocacy group, DAWN, in January in Delaware, said Khaled Saffuri, another friend. The group was still in the planning stages, and Khashoggi was working on it quietly, likely concerned it could cause trouble for associates, including activists in the Gulf, Saffuri said. The project was expected to reach out to journalists and lobby for change, representing both Islamists and liberals, said another friend, Azzam Tamimi, a prominent Palestinian-British activist and TV presenter. … Tamimi said he and Khashoggi had set up a similar pro-democracy project together in 1992 when they first met. It was called Friends of Democracy in Algeria, he said, and followed the botched elections in Algeria, which the government annulled to avert an imminent Islamist victory.

Although described as a “democracy advocacy group” it should be noted that in reality, as described in an ABC News report, DAWN was in fact a stalking horse for the inclusion of “Sunni Political Islam” in Middle Eastern governments, presumably including Saudi Arabia. Another self-described Islamic Democracy group is the US-based Center for the Study of Islam and Democracy (CSID) where Khashoggi gave the keynote address in April 2018 and were he reportedly:

applauded the efforts made by organizations like CSID in advocating for democracy and freedom of speech and helping save the Middle East from drowning in dark ages of dictatorship.

Center for the Study of Islam and Democracy (CSID) was founded in 1998 in what appears to have been a cooperative effort among the US Muslim Brotherhood, the US State Department and Georgetown University academic Dr. John Esposito who served during the 1990’s as a State Department “foreign affairs analyst” and who has at least a dozen past or present affiliations with global Muslim Brotherhood/Hamas organizations. From its inception, CSID has argued that the U.S. government should support Islamist movements in foreign countries and has received financial support from the U.S. State Department, the National Endowment for Democracy and the United States Institute of Peace.

It should also be noted that the British journalist John R. Bradley, has reported that Khashoggi instructed his fiancée to contact former Turkish MP and AK Party leader Yasin Aktay in case he failed to come out of the consulate. Aktay is known to be a close advisor to Muslim Brotherhood supporter and Turkish President Erdogan and the AK Party is an Islamist party close to the Global Muslim Brotherhood.

The evidence offered above strongly suggests that Jamal Khashoggi was not only a long-time member of the Muslim Brotherhood and close to the Global Muslim Brotherhood but was, in fact, actively supporting Brotherhood-related projects as recently as April of this year as evidenced by his key note address on behalf of the CSID. The GMBDW wished to state in the clearest terms that none of the above should be taken as support for any violence that may or may not have been committed against Mr. Khashoggi by any party. The evidence does however raise serious questions about how such an individual came to be associated with the Washington Post and why he is generally fêted as a “pro-democracy reformer” by so much of the global media. Perhaps much of that media is not aware that the Muslim Brotherhood is often categorized by academics as a “reformist movement.”

While it would seem unlikely and/or unusual that such a prominent journalist would be a member of the Muslim Brotherhood, the GMBDW has long reported on the example of Waddah Khanfar, the former General Manager of Al Jazeera who is tied to both the Global Muslim Brotherhood and to Hamas as well as currently serving as a trustee of the US-based International Crisis Group.

We should also add that this is by no means the only example of the Washington Post showing astonishingly bad judgment with respect to the Global Muslim Brotherhood. In February 2017, we reported on the Post’s shoddy work with respect to an article purporting to fact check recent series of claims about long-time Hilary Clinton aide Huma Abedin. As we wrote at that time:

The GMBDW only hopes, and our hopes are perpetually dashed, that the mainstream media in the US would once again assume its rightful role as the guardian of the public interest with respect to the topic.

GAO Report on Weapons Systems Hacking Vulnerabilities

Posted on by

Cant make this up and further there is a huge element of deniability that such vulnerabilities exists.

GAO report reveals new Pentagon weapon systems vulnerable ...

GAO: In recent cybersecurity tests of major weapon systems DOD is developing, testers playing the role of adversary were able to take control of systems relatively easily and operate largely undetected.

DOD’s weapons are more computerized and networked than ever before, so it’s no surprise that there are more opportunities for attacks. Yet until relatively recently, DOD did not make weapon cybersecurity a priority. Over the past few years, DOD has taken steps towards improvement, like updating policies and increasing testing.

Federal information security—another term for cybersecurity—has been on our list of High Risk issues since 1997.

Today’s weapon systems are heavily computerized, which opens more attack opportunities for adversaries (represented below in a fictitious weapon system for classification reasons). The full report here.

APKWS on target | Jane's 360

*** From Wired in part:

In other cases, the report states that automated systems did detect the testers, but that the humans responsible for monitoring those systems didn’t understand what the intrusion technology was trying to tell them.

Like most unclassified reports about classified subjects, the GAO report is rich in scope but poor in specifics, mentioning various officials and systems without identifying them. The report also cautions that “cybersecurity assessment findings are as of a specific date so vulnerabilities identified during system development may no longer exist when the system is fielded.” Even so, it paints a picture of a Defense Department playing catch-up to the realities of cyberwarfare, even in 2018.

Edelman says the report reminded him of the opening scene of Battlestar Galactica, in which a cybernetic enemy called the Cylons wipes out humanity’s entire fleet of advanced fighter jets by infecting their computers. (The titular ship is spared, thanks to its outdated systems.) “A trillion dollars of hardware is worthless if you can’t get the first shot off,” Edelman says. That kind of asymmetrical cyberattack has long worried cybersecurity experts, and has been an operational doctrine of some of the United States’ biggest adversaries, including, Edelman says, China, Russia, and North Korea. Yet the report underscores a troubling disconnect between how vulnerable DOD weapons systems are, and how secure DOD officials believe them to be.

“In operational testing, DOD routinely found mission-critical cyber vulnerabilities in systems that were under development, yet program officials GAO met with believed their systems were secure and discounted some test results as unrealistic,” the report reads. DOD officials noted, for instance, that testers had access that real-world hackers might not. But the GAO also interviewed NSA officials who dismissed those concerns, saying in the report that “adversaries are not subject to the types of limitations imposed on test teams, such as time constraints and limited funding—and this information and access are granted to testers to more closely simulate moderate to advanced threats.”

It’s important to be clear that when the DOD dismisses these results, they are dismissing the testing from their own department. The GAO didn’t conduct any tests itself; rather, it audited the assessments of Defense Department testing teams. But arguments over what constitutes a realistic testing condition are a staple of the defense community, says Caolionn O’Connell, a military acquisition and technology expert at Rand Corporation, which has contracts with the DOD.

 

FBI Director Threat Assessment to Senate Committee

Posted on by

210 Billion Attacks in Q2 2018

Report Highlights Include:

  • Analysis of 151 million global cybercrime attacks and 1.6 billion bot attacks
  • 72 percent growth in mobile transactions year-on-year
  • One third of all attacks now targeting mobile
Related reading: Terrorists likely to attack U.S. with drones, says FBI director

Related reading: FBI director says bureau is investigating 5,000 terrorism cases across the world

_______________________________

Threats to the Homeland

Good morning Chairman Johnson, Ranking Member McCaskill, and members of the committee. Thank you for the opportunity to appear before you today to discuss the current threats to the United States homeland. Our nation continues to face a multitude of serious and evolving threats ranging from homegrown violent extremists (HVEs) to cyber criminals to hostile foreign intelligence services and operatives. Keeping pace with these threats is a significant challenge for the FBI. Our adversaries—terrorists, foreign intelligence services, and criminals—take advantage of modern technology to hide their communications; recruit followers; and plan and encourage espionage, cyber attacks, or terrorism to disperse information on different methods to attack the U.S. homeland, and to facilitate other illegal activities. As these threats evolve, we must adapt and confront these challenges, relying heavily on the strength of our federal, state, local, and international partnerships.

Counterterrorism

The threat posed by terrorism—both international terrorism (IT) and domestic terrorism (DT)—has evolved significantly since 9/11. Preventing terrorist attacks remains the FBI’s top priority. We face persistent threats to the homeland and to U.S. interests abroad from HVEs, domestic terrorists, and foreign terrorist organizations (FTOs). The IT threat to the U.S. has expanded from sophisticated, externally directed FTO plots to include individual attacks carried out by HVEs who are inspired by designated terrorist organizations. We remain concerned that groups such as the Islamic State of Iraq and ash-Sham (ISIS) and al Qaeda have the intent to carry out large-scale attacks in the U.S.

The FBI assesses HVEs are the greatest terrorism threat to the homeland. These individuals are global jihad-inspired individuals who are in the U.S., have been radicalized primarily in the U.S., and are not receiving individualized direction from FTOs. We, along with our law enforcement partners, face significant challenges in identifying and disrupting HVEs. This is due, in part, to their lack of a direct connection with an FTO, an ability to rapidly mobilize, and the use of encrypted communications.

In recent years, prolific use of social media by FTOs has greatly increased their ability to disseminate their messages. We have also been confronting a surge in terrorist propaganda and training available via the Internet and social media. Due to online recruitment and indoctrination, FTOs are no longer dependent on finding ways to get terrorist operatives into the United States to recruit and carry out acts of terrorism. Terrorists in ungoverned spaces—both physical and cyber—readily disseminate propaganda and training materials to attract easily influenced individuals around the world to their cause. They motivate these individuals to act at home or encourage them to travel. This is a significant transformation from the terrorist threat our nation faced a decade ago.

Despite significant losses of territory, ISIS remains relentless and ruthless in its campaign of violence against the West and has aggressively promoted its hateful message, attracting like-minded extremists. Unlike other groups, ISIS has constructed a narrative that touches on all facets of life, from family life to providing career opportunities to creating a sense of community. The message is not tailored solely to those who overtly express signs of radicalization. It is seen by many who click through the Internet every day, receive social media notifications, and participate in social networks. Ultimately, many of the individuals drawn to ISIS seek a sense of belonging. Echoing other terrorist groups, ISIS has advocated for lone offender attacks in Western countries. Recent ISIS videos and propaganda have specifically advocated for attacks against soldiers, law enforcement, and intelligence community personnel.

Many foreign terrorist organizations use various digital communication platforms to reach individuals they believe may be susceptible and sympathetic to extremist messages. However, no group has been as successful at drawing people into its perverse ideology as ISIS, who has proven dangerously competent at employing such tools. ISIS uses high-quality, traditional media platforms, as well as widespread social media campaigns to propagate its extremist ideology. With the broad distribution of social media, terrorists can spot, assess, recruit, and radicalize vulnerable persons of all ages in the U.S. either to travel or to conduct an attack on the homeland. Through the Internet, terrorists overseas now have direct access to our local communities to target and recruit our citizens and spread the message of radicalization faster than was imagined just a few years ago.

The threats posed by foreign fighters, including those recruited from the U.S., are very dynamic. We will continue working to identify individuals who seek to join the ranks of foreign fighters traveling in support of ISIS, those foreign fighters who may attempt to return to the United States, and HVEs who may aspire to attack the United States from within.

ISIS is not the only terrorist group of concern. Al Qaeda maintains its desire for large-scale spectacular attacks. However, continued counterterrorism pressure has degraded the group, and in the near term al Qaeda is more likely to focus on supporting small-scale, readily achievable attacks against U.S. and allied interests in the Afghanistan/Pakistan region. Simultaneously, over the last year, propaganda from al Qaeda leaders seeks to inspire individuals to conduct their own attacks in the U.S. and the West.

In addition to FTOs, domestic extremist movements collectively pose a steady threat of violence and economic harm to the United States. Trends within individual movements may shift, but the underlying drivers for domestic extremism—such as perceptions of government or law enforcement overreach, socio-political conditions, and reactions to legislative actions—remain constant. The FBI is most concerned about lone offender attacks, primarily shootings, as they have served as the dominant mode for lethal domestic extremist violence. We anticipate law enforcement, racial minorities, and the U.S. government will continue to be significant targets for many domestic extremist movements.

As the threat to harm the U.S. and our interests evolves, we must adapt and confront these challenges, relying heavily on the strength of our federal, state, local, and international partnerships. The FBI uses all lawful investigative techniques and methods to combat these terrorist threats to the United States. Along with our domestic and foreign partners, we collect and analyze intelligence concerning the ongoing threat posed by foreign terrorist organizations and homegrown violent extremists. We continue to encourage information sharing, which is evidenced through our partnerships with many federal, state, local, and tribal agencies assigned to Joint Terrorism Task Forces around the country. The FBI continues to strive to work and share information more efficiently, and to pursue a variety of lawful methods to stay ahead of threats to the homeland.

Intelligence

Incorporating intelligence in all we do remains a critical strategic pillar of the FBI strategy. The constant evolution of the FBI’s intelligence program will help us address the ever-changing threat environment. We must constantly update our intelligence apparatus to improve the way we collect, use, and share intelligence to better understand and defeat our adversaries. We cannot be content only to work the matters directly in front of us. We must also look beyond the horizon to understand the threats we face at home and abroad, and how those threats may be connected. We must also ensure we are providing our partners, whether in the public or private sectors, with actionable, relevant intelligence to help them address their own unique threats.

To that end, The FBI gathers intelligence, pursuant to legal authorities, to help us understand and prioritize identified threats, to reveal the gaps in what we know about these threats, and to fill those gaps. We do this for national security and criminal threats, on both national and local field office levels. We then compare the national and local perspectives to organize threats into priorities for each of the FBI’s 56 field offices. By categorizing threats in this way, we place the greatest focus on the gravest threats we face. This gives us a better assessment of what the dangers are, what is being done about them, and where we should prioritize our resources.

Given the fast pace of technological evolution, we must also focus on ensuring our information technology capabilities allow us to collect and assess information as quickly and thoroughly as possible. We must continue to deploy superior technological capabilities and solutions for large data sets, such as those derived from digital media.

Integrating intelligence and operations is part of the broader intelligence transformation the FBI has undertaken in the last decade to improve our understanding and mitigation of threats. Over the past few years, we have taken several steps to improve this integration. The FBI’s Intelligence Branch, created in August 2014, provides strategic direction and oversight of the FBI’s intelligence program and is responsible for intelligence strategy, resources, policies, and operations. Our special agents and intelligence analysts train together at the FBI Academy, where they engage in joint training exercises and take core courses together, prior to their field deployments. As a result, they are better prepared to integrate their skill sets in the field. To build on the Quantico-based training, the FBI now offers significant follow-on training courses that integrate special agents, intelligence analysts, staff operations specialists, and language analysts. Additionally, our training forums for executives and front-line supervisors continue to ensure our leaders are informed about our latest intelligence capabilities and allow them to share best practices for achieving intelligence integration.

Counterintelligence

The nation faces a rising threat, both traditional and asymmetric, from hostile foreign intelligence services and their proxies. Traditional espionage, often characterized by career foreign intelligence officers acting as diplomats or ordinary citizens, and asymmetric espionage, often carried out by students, researchers, or business people operating front companies, are prevalent. Foreign intelligence services not only seek our nation’s state and military secrets, but they also target commercial trade secrets, research and development, and intellectual property, as well as insider information from the federal government, U.S. corporations, and American universities. Foreign intelligence services and other state-directed actors continue to employ more creative and more sophisticated methods to steal innovative technology, critical research and development data, and intellectual property in an effort to erode America’s economic leading edge. These illicit activities pose a significant threat to national security and continue to be a priority and focus of the FBI.

Our counterintelligence efforts are also aimed at the growing scope of the insider threat—that is, when trusted employees and contractors use their legitimate access to steal secrets for personal benefit or to benefit a company or another country. This threat has been exacerbated in recent years as businesses have become more global and increasingly exposed to foreign intelligence organizations. We are also investigating media leaks, when federal employees and contractors violate the law and betray the nation’s trust by selectively leaking classified information, sometimes mixed with disinformation, to manipulate the public and advance their personal agendas.

In addition to the insider threat, the FBI has focused on a coordinated approach across divisions that leverages both our classic counterespionage tradecraft and our technical expertise to more effectively identify, pursue, and defeat hostile state actors using cyber means to penetrate or disrupt U.S. government entities or economic interests.

We have also continued our engagement with the private sector and academia on the threat of economic espionage and technology transfer. We have addressed national business and academic groups, met with individual companies and university leaders, worked with sector-specific groups, and encouraged all field offices to maintain close, ongoing liaison with entities across the country that have valuable technology, data, or other assets.

Cyber

Virtually every national security and criminal threat the FBI faces is cyber-based or technologically facilitated. We face sophisticated cyber threats from foreign intelligence agencies, hackers for hire, organized crime syndicates, and terrorists. These threat actors constantly seek to access and steal our nation’s classified information, trade secrets, technology, and ideas—all of which are of great importance to U.S. national and economic security. They seek to strike our critical infrastructure and to harm our economy.

As the committee is well aware, the frequency and impact of cyber attacks on our nation’s private sector and government networks have increased dramatically in the past decade and are expected to continue to grow. We continue to see an increase in the scale and scope of reporting on malicious cyber activity, which can be measured by the amount of corporate data stolen or deleted, personally identifiable information compromised, or remediation costs incurred by U.S. victims. Within the FBI, we are focused on the most dangerous malicious cyber activity: high-level intrusions by state-sponsored hackers and global organized crime syndicates, and other technically sophisticated attacks.

Botnets used by cyber criminals are one example of this trend and have been responsible for billions of dollars in damages over the past several years. The widespread availability of malicious software (malware) that can create botnets allows individuals to leverage the combined bandwidth of thousands, if not millions, of compromised computers, servers, or network-ready devices to conduct attacks. Cyber threat actors have also increasingly conducted ransomware attacks against U.S. systems by encrypting data and rendering systems unusable, thereby victimizing individuals, businesses, and even public health providers.

Cyber threats are not only increasing in scope and scale, but are also becoming increasingly difficult to investigate. Cyber criminals often operate through online forums, selling illicit goods and services, including tools that can be used to facilitate cyber attacks. These criminals have also increased the sophistication of their schemes, which are more difficult to detect and more resilient. Additionally, many cyber actors are based abroad or obfuscate their identities by using foreign infrastructure, making coordination with international law enforcement partners essential.

The FBI is engaged in a myriad of efforts to combat cyber threats, from improving threat identification and information sharing inside and outside of government, to developing and retaining new talent, to examining the way we operate to disrupt and defeat these threats. We take all potential threats to public and private sector systems seriously and will continue to investigate and hold accountable those who pose a threat in cyberspace.

Going Dark

“Going Dark” describes circumstances where law enforcement is unable to obtain critical information in an intelligible and usable form (or at all), despite having a court order authorizing the government’s access to that information. As a technical matter, this challenge extends across several products and platforms, whether it involves “data at rest,” such as on a physical device, or “data in motion,” as with real-time electronic communications.

Going Dark remains a serious problem for the FBI across our investigative areas, from counterterrorism to child exploitation, gangs, drug traffickers, and white-collar crimes. The inability to access evidence or intelligence despite the lawful authority to do so significantly impacts the FBI’s ability to identify, investigate, prosecute, or otherwise deter criminals, terrorists, and other offenders.

Our federal, state, local, and international law enforcement partners face similar challenges in maintaining access to electronic evidence despite having legal authorization to do so. Indeed, within the last few months, the nation’s sheriffs called for “the U.S. Congress to exercise leadership in the nation’s public safety interest” to address the Going Dark challenge. Several of our closest law enforcement and intelligence partners (the United Kingdom, Canada, Australia, and New Zealand) similarly described this as a “pressing international concern that requires urgent, sustained attention and informed discussion.”

The FBI recognizes the complexity of the issue, but we believe there is a tremendous opportunity for responsible stakeholders to work together to find sustainable solutions that preserve cybersecurity and promote public safety.

Weapons of Mass Destruction

The FBI, along with its U.S. government partners, is committed to countering the weapons of mass destruction (WMD) threat (e.g., chemical, biological, radiological, nuclear, and explosives) by preventing terrorist groups and lone offenders from acquiring these materials either domestically or internationally through preventing nation state proliferation of WMD sensitive technologies and expertise.

Domestically, the FBI’s counter-WMD threat program, in collaboration with our U.S. government partners, prepares for and responds to WMD threats (e.g., investigate, detect, search, locate, diagnose, stabilize, and render safe WMD threats). Internationally, the FBI, in cooperation with our U.S. partners, provides investigative and technical assistance as well as capacity-building programs to enhance our foreign partners’ ability to detect, investigate, and prosecute WMD threats.

Countering Unmanned Aircraft Systems (UAS)

The threat from unmanned aircraft systems in the U.S. is steadily escalating. While we are working with FAA and other agencies to safely integrate UAS into the national airspace system, the FBI assesses with high confidence that terrorists overseas will continue to use small UAS to advance nefarious activities and exploit physical protective measures. While there has been no successful malicious use of UAS by terrorists in the United States to date, terrorist groups could easily export their battlefield experiences to use weaponized UAS outside the conflict zone. We have seen repeated and dedicated efforts to use UAS as weapons, not only by terrorist organizations, such as ISIS and al Qaeda, but also by transnational criminal organizations such as MS-13 and Mexican drug cartels, which may encourage use of this technique in the U.S. to conduct attacks. The FBI assesses that, given their retail availability, lack of verified identification requirement to procure, general ease of use, and prior use overseas, UAS will be used to facilitate an attack in the United States against a vulnerable target, such as a mass gathering. This risk has only increased in light of the publicity associated with the apparent attempted assassination of Venezuelan President Maduro using explosives-laden UAS.

The FBI recently disrupted a plan in the United States to use drones to attack the Pentagon and the Capitol building. On November 1, 2012, Rezwan Ferdaus was sentenced to 17 years in federal prison for attempting to conduct a terrorist attack and providing support to al Qaeda. Ferdaus, who held a degree in physics, obtained multiple jet-powered, remote-controlled model aircraft capable of flying 100 miles per hour. He planned to fill the aircraft with explosives and crash them into the Pentagon and the Capitol using a GPS system in each aircraft. Fortunately, the FBI interrupted the plot after learning of it and deploying an undercover agent.

Last week, thanks in large part to the outstanding leadership of this Committee, the FBI and DOJ received new authorities to deal with the UAS threat in the FAA Reauthorization Act of 2018. That legislation enables the FBI to counter UAS threats while safeguarding privacy and promoting the safety and efficiency of the national airspace system. The FBI is grateful to the chairman, the ranking member, and other members of this committee for championing this critical authority.

Conclusion

Finally, the strength of any organization is its people. The threats we face as a nation have never been greater or more diverse and the expectations placed on the Bureau have never been higher. Our fellow citizens look to the FBI to protect the United States from all of those threats, and the men and women of the FBI continue to meet and exceed those expectations, every day. I want to thank them for their dedicated service.