MURDERED journalist Jamal Khashoggi was about to disclose details of Saudi Arabia’s use of chemical weapons in Yemen, sources close to him said last night. The revelations come as separate intelligence sources disclosed that Britain had first been made aware of a plot a full three weeks before he walked into the Saudi consulate in Istanbul.
Intercepts by GCHQ of internal communications by the kingdom’s General Intelligence Directorate revealed orders by a “member of the royal circle” to abduct the troublesome journalist and take him back to Saudi Arabia.
The orders, intelligence sources say, did not emanate directly from de facto ruler Crown Prince Mohammad bin Salman, and it is not known if he was aware of them.
Though they commanded that Khashoggi should be abducted and taken back to Riyadh, they “left the door open” for other actions should the journalist prove to be troublesome, sources said.
Last week Saudi Arabia’s Attorney General confirmed that the murder had been premeditated – – in contrast to initial official explanations that Khashoggi had been killed after a fight broke out.
“The suspects in the incident had committed their act with a premeditated intention,” he said.
“The Public Prosecution continues its investigations with the accused in the light of what it has received and the results of its investigations to reach facts and complete the course of justice.”
Those suspects are within a 15-strong hit squad sent to Turkey, and include serving members of GID.
Speaking last night the intelligence source told the Sunday Express: “We were initially made aware that something was going in the first week of September, around three weeks before Mr Khashoggi walked into the consulate on October 2, though it took more time for other details to emerge.
“These details included primary orders to capture Mr Khashoggi and bring him back to Saudi Arabia for questioning. However, the door seemed to be left open for alternative remedies to what was seen as a big problem.
“We know the orders came from a member of the royal circle but have no direct information to link them to Crown Prince Mohammad bin Salman.
“Whether this meant he was not the original issuer we cannot say.”
Crucially, the highly-placed source confirms that MI6 had warned his Saudi Arabian counterparts to cancel the mission – though this request as ignored.
“On October 1 we became aware of the movement of a group, which included members of Ri’āsat Al-Istikhbārāt Al-‘Āmah (GID) to Istanbul, and it was pretty clear what their aim was.
“Through channels we warned that this was not a good idea. Subsequent events show that our warning was ignored.”
Asked why MI6 had not alerted its Five Eye intelligence partner, the US (Khashoggi was a US citizen) the source said only: “A decision was taken that we’d done what we could.”
However analysts offered one possible explanation for this.
“The misleading image that has been created of Jamal Khashoggi covers up more than it reveals. As an insider to the Saudi regime, Khashoggi had also been close to the former head of the intelligence agency.He was an Islamist, a member of the Muslim Brotherhood, and someone who befriended Osama Bin Laden and had been sympathetic to his Jihad in Afghanistan,” said Tom Wilson, of the Henry Jackson Society think-tank.
“All of these connections are being hidden by a simplistic narrative that Jamal Khashoggi was just a progressive freedom fighting journalist. It isn’t plausible that he was murdered simply for being a journalist critical of the regime. The truth is much more complicated.”
Last night a close friend of Mr Khashoggi revealed that he was about to obtain “documentary evidence” proving clams that Saudi Arabia had used chemical weapons in its proxy war in Yemen.
“I met him a week before his death. He was unhappy and he was worried,“ said the middle eastern academic, who did not wish to be named.
“When I asked him why he was worried, he didn’t really want to reply, but eventually he told me he was getting proof that Saudi Arabia had used chemical weapons. He said he hoped he be getting documentary evidence.
All I can tell you is that the next thing I heard, he was missing.”
While there have been recent unsubstantiated claims in Iran that Saudi Arabia has been supplying ingredients that can be used to produce the nerve agent Sarin in Yemen, it is more likely that Mr Khashoggi was referring to phospherous..
Last month it was claimed that Saudi Arabia had been using US-supplied white phosphorous munitions against troops and even civilians in Yemen,
Though regulations state the chemical may be used to provide smokescreens, if used illegally it can it burn to the bone.
Chemical warfare expert Col Hamish de Bretton-Gordon said: “We have already seen in Syria that nothing is as effective as chemical, weapons in clearing urban areas of troops and civilians – Assad has used phosphorous for this very reason.
“If Khashoggi did, in fact, have proof that Saudi Arabia was deliberately misusing phosphorous for this purpose, it would be highly embarrassing for the regime and provides the nearest motive yet as to why Riyadh may have acted when they did against him.”
***
Lawrence Wright, author of The Looming Tower: Al-Qaeda and the Road to 9/11, couldn’t have imagined one of the other characters in his book was going to be at the centre of a huge political and diplomatic controversy, no less than the book’s central character, namely Osama Bin Laden.
The book was adapted for television as a series with the same title and tells the story of Al-Qaeda’s infamous attacks on New York and Washington. In one paragraph, Wright mentions a close friend of Bin Laden’s who shared the latter’s ambition to “establish an Islamic state anywhere.” That friend was Jamal Khashoggi. Both Bin Laden and Khashoggi were at the time active members of the Muslim Brotherhood and later Bin Laden would split from the Brotherhood to form with Abdullah Azzam Al-Qaeda, the most dangerous organisation in the world. Khashoggi, Bin Laden, and Azzam, were all the merry companions of the same extremist group.
Today, the world is busy keeping up with the news of the disappearance of Jamal Khashoggi, journalist and Human Rights activist in Saudi Arabia, but very few know the man’s past and his affiliation with Al-Qaeda during the war in Afghanistan. He promoted Saudi Mujahedeen focusing on his friendship with Bin Laden.
On May 4, 1988, the Saudi daily Arab News published a report by Jamal Khashoggi about his tour in Afghanistan in the company of Al-Qaeda operatives. Even though Khashoggi was just a journalist doing a report, the photos published with the article show him wearing Afghani garb and shouldering a RBG rocket launcher. More here.
Category Archives: Trump Administration
When Will the US Begin to Sanction China?
Last week, Defense Secretary Mattis said:
Defense Secretary Jim Mattis this week voiced new U.S. opposition to China’s continued militarization of islands in the South China Sea.
“We remain highly concerned with continued militarization of features in the South China Sea,” Mattis told reporters on Monday as he traveled to Vietnam.
Mattis also said China is using predatory economics to seek control over other nations.
The Chinese are engaged in a global infrastructure development plan called the Belt and Road Initiative that U.S. officials have said is being used by Beijing to expand influence and control abroad, and expand Chinese military bases around the world.
Mattis said the predatory economic policies include loans “where massive debt is piled on countries that fiscal analysis would say they are going to have difficulty, at best, repaying in the smaller countries.”
The defense secretary, echoing the new U.S. hardline policy toward China, said the United States is not seeking to “contain” China but wants more reciprocal relations.
In part from Newsweek:
“Beijing can now deploy military assets, including combat aircraft and mobile missile launchers to the Spratly Islands at any time,” said the Asia Maritime Transparency Initiative (AMTI) on Monday in a report that included images of the three man-made islands—Fiery Cross reef, Subi, and Mischief. Its director Greg Poling told Voice of America that new antennas had been spotted on Subi and Fiery Cross, so he expected deployments there soon.
The Spratly Islands are around 500 miles from the coast of China, and Fiery Cross Reef about 740 miles from mainland China. It is approximately 170 miles off the coast of Vietnam. Why did China build these islands and how did they manage to make land out of sea?
***
But media is not paying attention.
It gets worse.
Researchers have mapped out a series of internet traffic hijacks and redirections that they say are part of large espionage and intellectual property theft effort by China.
The researchers, Chris Demchak of the United States Naval War College and Yuval Shavitt of the Tel Aviv University in Israel, say in their paper that state-owned China Telecom hijacked and diverted internet traffic going to or passing through the US and Canada to China on a regular basis.
Tel Aviv University researchers built a route tracing system that monitors BGP announcements and which picks up on patterns suggesting accidental or deliberate hijacks and discovered multiple attacks by China Telecom over the past few years.
In 2016, China Telecom diverted traffic between Canada and Korean government networks to its PoP in Toronto. From there, traffic was forwarded to the China Telecom PoP on the US West Coast and sent to China, and finally delivered to Korea.
Normally, the traffic would take a shorter route, going between Canada, the US and directly to Korea. The traffic hijack lasted for six months, suggesting it was a deliberate attack, Demchak and Shavitt said.
Demchak and Shavitt detailed other traffic hijacks, including one that saw traffic from US locations to a large Anglo-American bank’s Milan headquarters being terminated in China, and never delivered to Italy, in 2016.
During 2017, traffic between Scandinavia and Japan, transiting the United States, was also captured by China Telecom, ditto data headed to a mail server operated by a large Thai financial company.
China Telecom is able to divert the traffic by announcing bogus routes via the Border Gateway Protocol (BGP) that governs data flows between Autonomous Systems, the large networks operated by telcos, internet providers and corporations.
After the traffic was copied by China Telecom for encyption breaking and analysis, it was delivered to the intended networks with only small delays. Demchak and Shavitt said.
Such hijacking is difficult to detect as China Telecom has multiple points of presence (PoPs) in North America and Europe that are physically close to the attacked networks, causing almost unnoticeable traffic delivery delays despite the lengthened routes.
China in comparison does not allow overseas telcos to establish PoPs in the country, and has only three gateways into the country, in Beijing, Shanghai and Hong Kong. This isolation protects the country’s domestic and transit traffic from foreign hijacking.
BGP hijacking of internet traffic is a common phenomenon, one which requires the support of large network operators to exploit at scale.
While the US and China agreed in 2015 to not hack one another’s computer networks, the deal did not cover hijacking of internet backbones, Demchak and Shavitt pointed out.
The researchers suggest the allied democratic nations establish an “access reciprocity” policy for internet PoPs located in their countries, to address the traffic hijacking.
Under the access reciprocity policy US telcos and providers should be allowed to set up PoPs in China, Demchak and Shavitt said.
If access reciprocity is refused, “then an appropriate defence policy in response could state that no traffic to or from the US or ally is allowed to enter a China Telecom PoP in the US or in the ally’s networks,” the researchers suggested.
Such a policy could be inserted into BGP routing tables as required for automatic implementation.
U.S. Treasury Employee Arrested Charged with Leaking to Media
The official 18 page indictment is here.
US Treasury employee arrested, accused of leaking media secret information about suspicious financial transactions related to Paul Manafort, Russians
- A U.S. Treasury employee has been arrested and charged with leaking to a BuzzFeed News reporter multiple secret reports about suspicious financial transactions.
- The documents relate to former Trump campaign chief Paul Manafort, Trump campaign official Richard Gates, accused Russian agent Maria Butina, the Russian Embassy and suspected Russian money launderer Prevezon Alexander.
- The accused employee, Natalie Mayflower Sours Edwards will face criminal charges in New York.
A U.S. Treasury employee has been arrested on charges that she leaked to BuzzFeed News multiple reports about suspicious financial transactions involving ex-Trump campaign chief Paul Manafort, law-enforcement officials said.
The highly confidential documents allegedly leaked by the employee also were related to former Trump campaign official Richard Gates, accused Russian agent Maria Butina, a suspected Russian money launderering entity and the Russian Embassy in Washington, according to a criminal complaint.
Natalie Mayflower Sours Edwards, a 40-year-old senior advisor in Treasury’s financial crimes enforcement network who was arrested Tuesday, will face federal criminal charges in New York, officials said.
She is charged with unlawfully disclosing so-called suspicious activity reports, or SARS, and conspiracy to do the same. Both felony counts carry a maxmium potential sentence of five years in prison.
A Quinton, Virginia, resident, Edwards was released on a $100,000 personal recognizance bond after her presentment Wednesday afternoon in U.S. District Court for the Eastern District of Virginia. Under the conditions of her release, Edwards is barred from contacting reporters or handling documents belonging to her Treasury division without approval.
A lawyer for Edwards did not immediately respond to a request for comment.
SARS are used to alert Treasury officials and other authorities about financial transactions that may be related to criminal conduct, such as money laundering. Treasury’s FinCEN division, for which Edwards works, manages the collection of SARS. It is illegal for a government employee to disclose a SAR or its contents outside of the scope of their work.
The complaint against Edwards says that she started leaking “numerous SARS in October 2017” to an unidentified reporter, and continued doing so until this month.
She had “hundreds of electronic communications” with the reporter, “many via an encrypted application,” the complaint said.
After Edwards began leaking SARS, the journalist wrote about a dozen articles which mentioned the details of those reports, according to the complaint.
Articles cited in the complaint carry the bylines of Jason Leopold and Anthony Cormier, two BuzzFeed reporters, as well as other journalists at that media outlet.
The articles cited documents transactions pertaining to Manafort and Gates, both of whom have since pleaded guilty to financial crimes related to their consulting work for a pro-Russia political party in Ukraine.
They also related to Butina, who is currently being held without bond on charges of being a Russian agent, the accused money launderering real-estate entity Prevezon Alexander, and the Russian Embassy in Washington.
At the time of Edwards’ arrest, according to federal prosecutors in Manhattan, she “was in possession of a flash drive” that appeared to be the same device “on which she saved the unlawfully disclosed” SARS.
Also in her possession was “a cellphone containing numerous communications over an encrypted application in which she transmitted [SARS] and other sensitive government information” illegally, prosecutors said.
“When questioned by law enforcement officials [Tuesday], Edwards confessed she has provided [SARS] to [the reporter] via an encrypted application, through falsely denied knowing that [the reporter] intended to or did publish that information” through a news organization, the complaint said.
BuzzFeed News declined to comment. Leopold and Cormier did not immediately return requests for comment.
DHS Concerns on Election Related Incidents, Facebook Doesn’t Care
The Department of Homeland Security notices an increase of election-related incidents, but thinks midterm voting will go off relatively unproblematically. Anomali reports a surge in black-market trafficking of voter records.
But you wont find out from Facebook if there are any issues….Facebook is going to block all posts regarding voting issues.
What could be the issues?
Anomali Labs researchers in close partnership with Intel 471, a leading cybercrime intelligence provider, have uncovered a widespread unauthorized information disclosure of US voter registration databases. To be clear, this voter information is made generally available to the public for legitimate uses. Anomali and Intel 471 researchers discovered dark web communications offering a large quantity of voter databases for sale. The databases include valuable personally identifiable information and voting history. The disclosure reportedly affects 19 states and includes 23 million records for just three of the 19 states. No record counts were provided for the remaining 16 states, but do include prices for each state. We estimate that the entire contents of the disclosure could exceed 35 million records. Researchers have reviewed a sample of the database records and determined the data to be valid with a high degree of confidence.
Of note, the seller indicates they receive weekly updates of voter registration data across the states and that they receive information via contacts within the state governments. Certain states require the seller to personally travel to locations in-state to receive the updated voter information. This suggests the information disclosure is not necessarily a technical compromise but rather a likely targeted campaign by a threat actor redistributing possibly legitimately obtained voter data for malicious purposes on a cybercrime forum.
To our knowledge, this represents the first reference on the criminal underground of actors selling or distributing lists of 2018 voter registration data, including US voters’ personally identifiable information and voting history. With the November 2018 midterm elections only four weeks away, the availability and currency of the voter records, if combined with other breached data, could be used by malicious actors to disrupt the electoral process or pursue large-scale identity theft. More here.
Meanwhile, over to Facebook…. (who are they to determine what is false? See something, say something and Facebook will punish us all.)
MENLO PARK, Calif. (Reuters) – Facebook Inc will ban false information about voting requirements and fact-check fake reports of violence or long lines at polling stations ahead of next month’s U.S. midterm elections, company executives told Reuters, the latest effort to reduce voter manipulation on its service.
The world’s largest online social network, with 1.5 billion daily users, has stopped short of banning all false or misleading posts, something that Facebook has shied away from as it would likely increase its expenses and leave it open to charges of censorship.
The latest move addresses a sensitive area for the company, which has come under fire for its lax approach to fake news reports and disinformation campaigns, which many believe affected the outcome of the 2016 presidential election, won by Donald Trump.
The new policy was disclosed by Facebook’s cybersecurity policy chief, Nathaniel Gleicher, and other company executives.
The ban on false information about voting methods, set to be announced later on Monday, comes six weeks after Senator Ron Wyden asked Chief Operating Officer Sheryl Sandberg how Facebook would counter posts aimed at suppressing votes, such as by telling certain users they could vote by text, a hoax that has been used to reduce turnout in the past.
The information on voting methods becomes one of the few areas in which falsehoods are prohibited on Facebook, a policy enforced by what the company calls “community standards” moderators, although application of its standards has been uneven. It will not stop the vast majority of untruthful posts about candidates or other election issues.
“We don’t believe we should remove things from Facebook that are shared by authentic people if they don’t violate those community standards, even if they are false,” said Tessa Lyons, product manager for Facebook’s News Feed feature that shows users what friends are sharing.
Links to discouraging reports about polling places that may be inflated or misleading will be referred to fact-checkers under the new policy, Facebook said. If then marked as false, the reports will not be removed but will be seen by fewer of the poster’s friends.
Such partial measures leave Facebook more open to manipulation by users seeking to affect the election, critics say. Russia, and potentially other foreign parties, are already making “pervasive” efforts to interfere in upcoming U.S. elections, the leader of Trump’s national security team said in early August.
Just days before that, Facebook said it uncovered a coordinated political influence campaign to mislead its users and sow dissension among voters, removing 32 pages and accounts from Facebook and Instagram. Members of Congress briefed by Facebook said the methodology suggested Russian involvement.
Trump has disputed claims that Russia has attempted to interfere in U.S. elections. Russian President Vladimir Putin has denied it.
WEIGHING BAN ON HACKED MATERIAL
Facebook instituted a global ban on false information about when and where to vote in 2016, but Monday’s move goes further, including posts about exaggerated identification requirements.
Facebook executives are also debating whether to follow Twitter Inc’s recent policy change to ban posts linking to hacked material, Gleicher told Reuters in an interview.
The dissemination of hacked emails from Democratic party officials likely played a role in tipping the 2016 presidential election to Trump, and Director of National Intelligence Dan Coats has warned that Russia has recently been attempting to hack and steal information from U.S. candidates and government officials. More here.
FBI Director Threat Assessment to Senate Committee
210 Billion Attacks in Q2 2018
Report Highlights Include:
- Analysis of 151 million global cybercrime attacks and 1.6 billion bot attacks
- 72 percent growth in mobile transactions year-on-year
- One third of all attacks now targeting mobile
Related reading: Terrorists likely to attack U.S. with drones, says FBI director
Related reading: FBI director says bureau is investigating 5,000 terrorism cases across the world
_______________________________
Threats to the Homeland
Good morning Chairman Johnson, Ranking Member McCaskill, and members of the committee. Thank you for the opportunity to appear before you today to discuss the current threats to the United States homeland. Our nation continues to face a multitude of serious and evolving threats ranging from homegrown violent extremists (HVEs) to cyber criminals to hostile foreign intelligence services and operatives. Keeping pace with these threats is a significant challenge for the FBI. Our adversaries—terrorists, foreign intelligence services, and criminals—take advantage of modern technology to hide their communications; recruit followers; and plan and encourage espionage, cyber attacks, or terrorism to disperse information on different methods to attack the U.S. homeland, and to facilitate other illegal activities. As these threats evolve, we must adapt and confront these challenges, relying heavily on the strength of our federal, state, local, and international partnerships.
Counterterrorism
The threat posed by terrorism—both international terrorism (IT) and domestic terrorism (DT)—has evolved significantly since 9/11. Preventing terrorist attacks remains the FBI’s top priority. We face persistent threats to the homeland and to U.S. interests abroad from HVEs, domestic terrorists, and foreign terrorist organizations (FTOs). The IT threat to the U.S. has expanded from sophisticated, externally directed FTO plots to include individual attacks carried out by HVEs who are inspired by designated terrorist organizations. We remain concerned that groups such as the Islamic State of Iraq and ash-Sham (ISIS) and al Qaeda have the intent to carry out large-scale attacks in the U.S.
The FBI assesses HVEs are the greatest terrorism threat to the homeland. These individuals are global jihad-inspired individuals who are in the U.S., have been radicalized primarily in the U.S., and are not receiving individualized direction from FTOs. We, along with our law enforcement partners, face significant challenges in identifying and disrupting HVEs. This is due, in part, to their lack of a direct connection with an FTO, an ability to rapidly mobilize, and the use of encrypted communications.
In recent years, prolific use of social media by FTOs has greatly increased their ability to disseminate their messages. We have also been confronting a surge in terrorist propaganda and training available via the Internet and social media. Due to online recruitment and indoctrination, FTOs are no longer dependent on finding ways to get terrorist operatives into the United States to recruit and carry out acts of terrorism. Terrorists in ungoverned spaces—both physical and cyber—readily disseminate propaganda and training materials to attract easily influenced individuals around the world to their cause. They motivate these individuals to act at home or encourage them to travel. This is a significant transformation from the terrorist threat our nation faced a decade ago.
Despite significant losses of territory, ISIS remains relentless and ruthless in its campaign of violence against the West and has aggressively promoted its hateful message, attracting like-minded extremists. Unlike other groups, ISIS has constructed a narrative that touches on all facets of life, from family life to providing career opportunities to creating a sense of community. The message is not tailored solely to those who overtly express signs of radicalization. It is seen by many who click through the Internet every day, receive social media notifications, and participate in social networks. Ultimately, many of the individuals drawn to ISIS seek a sense of belonging. Echoing other terrorist groups, ISIS has advocated for lone offender attacks in Western countries. Recent ISIS videos and propaganda have specifically advocated for attacks against soldiers, law enforcement, and intelligence community personnel.
Many foreign terrorist organizations use various digital communication platforms to reach individuals they believe may be susceptible and sympathetic to extremist messages. However, no group has been as successful at drawing people into its perverse ideology as ISIS, who has proven dangerously competent at employing such tools. ISIS uses high-quality, traditional media platforms, as well as widespread social media campaigns to propagate its extremist ideology. With the broad distribution of social media, terrorists can spot, assess, recruit, and radicalize vulnerable persons of all ages in the U.S. either to travel or to conduct an attack on the homeland. Through the Internet, terrorists overseas now have direct access to our local communities to target and recruit our citizens and spread the message of radicalization faster than was imagined just a few years ago.
The threats posed by foreign fighters, including those recruited from the U.S., are very dynamic. We will continue working to identify individuals who seek to join the ranks of foreign fighters traveling in support of ISIS, those foreign fighters who may attempt to return to the United States, and HVEs who may aspire to attack the United States from within.
ISIS is not the only terrorist group of concern. Al Qaeda maintains its desire for large-scale spectacular attacks. However, continued counterterrorism pressure has degraded the group, and in the near term al Qaeda is more likely to focus on supporting small-scale, readily achievable attacks against U.S. and allied interests in the Afghanistan/Pakistan region. Simultaneously, over the last year, propaganda from al Qaeda leaders seeks to inspire individuals to conduct their own attacks in the U.S. and the West.
In addition to FTOs, domestic extremist movements collectively pose a steady threat of violence and economic harm to the United States. Trends within individual movements may shift, but the underlying drivers for domestic extremism—such as perceptions of government or law enforcement overreach, socio-political conditions, and reactions to legislative actions—remain constant. The FBI is most concerned about lone offender attacks, primarily shootings, as they have served as the dominant mode for lethal domestic extremist violence. We anticipate law enforcement, racial minorities, and the U.S. government will continue to be significant targets for many domestic extremist movements.
As the threat to harm the U.S. and our interests evolves, we must adapt and confront these challenges, relying heavily on the strength of our federal, state, local, and international partnerships. The FBI uses all lawful investigative techniques and methods to combat these terrorist threats to the United States. Along with our domestic and foreign partners, we collect and analyze intelligence concerning the ongoing threat posed by foreign terrorist organizations and homegrown violent extremists. We continue to encourage information sharing, which is evidenced through our partnerships with many federal, state, local, and tribal agencies assigned to Joint Terrorism Task Forces around the country. The FBI continues to strive to work and share information more efficiently, and to pursue a variety of lawful methods to stay ahead of threats to the homeland.
Intelligence
Incorporating intelligence in all we do remains a critical strategic pillar of the FBI strategy. The constant evolution of the FBI’s intelligence program will help us address the ever-changing threat environment. We must constantly update our intelligence apparatus to improve the way we collect, use, and share intelligence to better understand and defeat our adversaries. We cannot be content only to work the matters directly in front of us. We must also look beyond the horizon to understand the threats we face at home and abroad, and how those threats may be connected. We must also ensure we are providing our partners, whether in the public or private sectors, with actionable, relevant intelligence to help them address their own unique threats.
To that end, The FBI gathers intelligence, pursuant to legal authorities, to help us understand and prioritize identified threats, to reveal the gaps in what we know about these threats, and to fill those gaps. We do this for national security and criminal threats, on both national and local field office levels. We then compare the national and local perspectives to organize threats into priorities for each of the FBI’s 56 field offices. By categorizing threats in this way, we place the greatest focus on the gravest threats we face. This gives us a better assessment of what the dangers are, what is being done about them, and where we should prioritize our resources.
Given the fast pace of technological evolution, we must also focus on ensuring our information technology capabilities allow us to collect and assess information as quickly and thoroughly as possible. We must continue to deploy superior technological capabilities and solutions for large data sets, such as those derived from digital media.
Integrating intelligence and operations is part of the broader intelligence transformation the FBI has undertaken in the last decade to improve our understanding and mitigation of threats. Over the past few years, we have taken several steps to improve this integration. The FBI’s Intelligence Branch, created in August 2014, provides strategic direction and oversight of the FBI’s intelligence program and is responsible for intelligence strategy, resources, policies, and operations. Our special agents and intelligence analysts train together at the FBI Academy, where they engage in joint training exercises and take core courses together, prior to their field deployments. As a result, they are better prepared to integrate their skill sets in the field. To build on the Quantico-based training, the FBI now offers significant follow-on training courses that integrate special agents, intelligence analysts, staff operations specialists, and language analysts. Additionally, our training forums for executives and front-line supervisors continue to ensure our leaders are informed about our latest intelligence capabilities and allow them to share best practices for achieving intelligence integration.
Counterintelligence
The nation faces a rising threat, both traditional and asymmetric, from hostile foreign intelligence services and their proxies. Traditional espionage, often characterized by career foreign intelligence officers acting as diplomats or ordinary citizens, and asymmetric espionage, often carried out by students, researchers, or business people operating front companies, are prevalent. Foreign intelligence services not only seek our nation’s state and military secrets, but they also target commercial trade secrets, research and development, and intellectual property, as well as insider information from the federal government, U.S. corporations, and American universities. Foreign intelligence services and other state-directed actors continue to employ more creative and more sophisticated methods to steal innovative technology, critical research and development data, and intellectual property in an effort to erode America’s economic leading edge. These illicit activities pose a significant threat to national security and continue to be a priority and focus of the FBI.
Our counterintelligence efforts are also aimed at the growing scope of the insider threat—that is, when trusted employees and contractors use their legitimate access to steal secrets for personal benefit or to benefit a company or another country. This threat has been exacerbated in recent years as businesses have become more global and increasingly exposed to foreign intelligence organizations. We are also investigating media leaks, when federal employees and contractors violate the law and betray the nation’s trust by selectively leaking classified information, sometimes mixed with disinformation, to manipulate the public and advance their personal agendas.
In addition to the insider threat, the FBI has focused on a coordinated approach across divisions that leverages both our classic counterespionage tradecraft and our technical expertise to more effectively identify, pursue, and defeat hostile state actors using cyber means to penetrate or disrupt U.S. government entities or economic interests.
We have also continued our engagement with the private sector and academia on the threat of economic espionage and technology transfer. We have addressed national business and academic groups, met with individual companies and university leaders, worked with sector-specific groups, and encouraged all field offices to maintain close, ongoing liaison with entities across the country that have valuable technology, data, or other assets.
Cyber
Virtually every national security and criminal threat the FBI faces is cyber-based or technologically facilitated. We face sophisticated cyber threats from foreign intelligence agencies, hackers for hire, organized crime syndicates, and terrorists. These threat actors constantly seek to access and steal our nation’s classified information, trade secrets, technology, and ideas—all of which are of great importance to U.S. national and economic security. They seek to strike our critical infrastructure and to harm our economy.
As the committee is well aware, the frequency and impact of cyber attacks on our nation’s private sector and government networks have increased dramatically in the past decade and are expected to continue to grow. We continue to see an increase in the scale and scope of reporting on malicious cyber activity, which can be measured by the amount of corporate data stolen or deleted, personally identifiable information compromised, or remediation costs incurred by U.S. victims. Within the FBI, we are focused on the most dangerous malicious cyber activity: high-level intrusions by state-sponsored hackers and global organized crime syndicates, and other technically sophisticated attacks.
Botnets used by cyber criminals are one example of this trend and have been responsible for billions of dollars in damages over the past several years. The widespread availability of malicious software (malware) that can create botnets allows individuals to leverage the combined bandwidth of thousands, if not millions, of compromised computers, servers, or network-ready devices to conduct attacks. Cyber threat actors have also increasingly conducted ransomware attacks against U.S. systems by encrypting data and rendering systems unusable, thereby victimizing individuals, businesses, and even public health providers.
Cyber threats are not only increasing in scope and scale, but are also becoming increasingly difficult to investigate. Cyber criminals often operate through online forums, selling illicit goods and services, including tools that can be used to facilitate cyber attacks. These criminals have also increased the sophistication of their schemes, which are more difficult to detect and more resilient. Additionally, many cyber actors are based abroad or obfuscate their identities by using foreign infrastructure, making coordination with international law enforcement partners essential.
The FBI is engaged in a myriad of efforts to combat cyber threats, from improving threat identification and information sharing inside and outside of government, to developing and retaining new talent, to examining the way we operate to disrupt and defeat these threats. We take all potential threats to public and private sector systems seriously and will continue to investigate and hold accountable those who pose a threat in cyberspace.
Going Dark
“Going Dark” describes circumstances where law enforcement is unable to obtain critical information in an intelligible and usable form (or at all), despite having a court order authorizing the government’s access to that information. As a technical matter, this challenge extends across several products and platforms, whether it involves “data at rest,” such as on a physical device, or “data in motion,” as with real-time electronic communications.
Going Dark remains a serious problem for the FBI across our investigative areas, from counterterrorism to child exploitation, gangs, drug traffickers, and white-collar crimes. The inability to access evidence or intelligence despite the lawful authority to do so significantly impacts the FBI’s ability to identify, investigate, prosecute, or otherwise deter criminals, terrorists, and other offenders.
Our federal, state, local, and international law enforcement partners face similar challenges in maintaining access to electronic evidence despite having legal authorization to do so. Indeed, within the last few months, the nation’s sheriffs called for “the U.S. Congress to exercise leadership in the nation’s public safety interest” to address the Going Dark challenge. Several of our closest law enforcement and intelligence partners (the United Kingdom, Canada, Australia, and New Zealand) similarly described this as a “pressing international concern that requires urgent, sustained attention and informed discussion.”
The FBI recognizes the complexity of the issue, but we believe there is a tremendous opportunity for responsible stakeholders to work together to find sustainable solutions that preserve cybersecurity and promote public safety.
Weapons of Mass Destruction
The FBI, along with its U.S. government partners, is committed to countering the weapons of mass destruction (WMD) threat (e.g., chemical, biological, radiological, nuclear, and explosives) by preventing terrorist groups and lone offenders from acquiring these materials either domestically or internationally through preventing nation state proliferation of WMD sensitive technologies and expertise.
Domestically, the FBI’s counter-WMD threat program, in collaboration with our U.S. government partners, prepares for and responds to WMD threats (e.g., investigate, detect, search, locate, diagnose, stabilize, and render safe WMD threats). Internationally, the FBI, in cooperation with our U.S. partners, provides investigative and technical assistance as well as capacity-building programs to enhance our foreign partners’ ability to detect, investigate, and prosecute WMD threats.
Countering Unmanned Aircraft Systems (UAS)
The threat from unmanned aircraft systems in the U.S. is steadily escalating. While we are working with FAA and other agencies to safely integrate UAS into the national airspace system, the FBI assesses with high confidence that terrorists overseas will continue to use small UAS to advance nefarious activities and exploit physical protective measures. While there has been no successful malicious use of UAS by terrorists in the United States to date, terrorist groups could easily export their battlefield experiences to use weaponized UAS outside the conflict zone. We have seen repeated and dedicated efforts to use UAS as weapons, not only by terrorist organizations, such as ISIS and al Qaeda, but also by transnational criminal organizations such as MS-13 and Mexican drug cartels, which may encourage use of this technique in the U.S. to conduct attacks. The FBI assesses that, given their retail availability, lack of verified identification requirement to procure, general ease of use, and prior use overseas, UAS will be used to facilitate an attack in the United States against a vulnerable target, such as a mass gathering. This risk has only increased in light of the publicity associated with the apparent attempted assassination of Venezuelan President Maduro using explosives-laden UAS.
The FBI recently disrupted a plan in the United States to use drones to attack the Pentagon and the Capitol building. On November 1, 2012, Rezwan Ferdaus was sentenced to 17 years in federal prison for attempting to conduct a terrorist attack and providing support to al Qaeda. Ferdaus, who held a degree in physics, obtained multiple jet-powered, remote-controlled model aircraft capable of flying 100 miles per hour. He planned to fill the aircraft with explosives and crash them into the Pentagon and the Capitol using a GPS system in each aircraft. Fortunately, the FBI interrupted the plot after learning of it and deploying an undercover agent.
Last week, thanks in large part to the outstanding leadership of this Committee, the FBI and DOJ received new authorities to deal with the UAS threat in the FAA Reauthorization Act of 2018. That legislation enables the FBI to counter UAS threats while safeguarding privacy and promoting the safety and efficiency of the national airspace system. The FBI is grateful to the chairman, the ranking member, and other members of this committee for championing this critical authority.
Conclusion
Finally, the strength of any organization is its people. The threats we face as a nation have never been greater or more diverse and the expectations placed on the Bureau have never been higher. Our fellow citizens look to the FBI to protect the United States from all of those threats, and the men and women of the FBI continue to meet and exceed those expectations, every day. I want to thank them for their dedicated service.