“Surveying today’s threats is somewhat like peering into a kaleidoscope…“
On Thursday, FBI Director Robert S. Mueller laid out some of the challenges posed by terrorists, spies, and hackers to group at the Commonwealth Club of California in San Francisco.
In his speech, Mueller noted that “terrorists, spies, and hackers are always thinking of new ways to harm us,” citing examples of recent cases and describing how the FBI plans to address some of these threats.
On the topic of espionage, Muller commented, “Nations will always try to learn one another’s secrets to gain political, military, or economic advantage, because so much sensitive data is now stored on computer networks. Our adversaries often find it as effective, or even more effective, to steal secrets through cyber intrusions.”
“Foreign spies have increased their skill at exploiting weaknesses in our computer networks,” Muller said. “Once inside, they can exfiltrate government and military secrets, as well as valuable intellectual property—information that can improve the competitive advantage of state-owned companies.”
A transcript of the Director’s Speech titled, “Changing Threats in a Changing World: Staying Ahead of Terrorists, Spies, and Hackers,” is below:
Thank you, Mason, and good afternoon everyone. It is always good to be back in San Francisco, and to meet with the Commonwealth Club.
Two months ago, we marked the tenth anniversary of the September 11th attacks. The horrific events of that day were the prelude to a decade of political, economic, and cultural transformation—and globalization and technology have accelerated these changes.
Consider how different our world was in the summer of 2001.
The leaders of Egypt, Iraq, and Libya were entrenched in power. Barack Obama was an Illinois state senator, and Arnold Schwarzenegger was just a movie actor.
Ten years ago, most Americans had never heard of a credit-default swap or mortgage-backed securities. Lehman Brothers had just celebrated its 150th anniversary.
In 2001, Mark Zuckerberg was captain of his high school fencing team. Borders Bookstores had $3 billion in annual revenue; meanwhile, “Kindle” was something you did to a fire, and a “Nook” was merely a small corner of a room.
And back then, most Americans knew little about Usama Bin Laden or al Qaeda.
At the time, I was the U.S. Attorney here in San Francisco, and I myself paid little attention to those terrorist attacks occurring overseas.
Today, our world can change in the blink of an eye—and the effects of that change are felt more rapidly and more broadly than ever before. Consider the current economic climate. When companies fail to recognize and adapt to change, they can go out of business almost overnight.
Law enforcement and the intelligence community face a similar challenge. If we in the FBI fail to recognize how the world is changing, the consequences can be devastating. Lives can be lost…our national security can be threatened…and the balance of power can tip toward our adversaries.
Terrorism, espionage, and cyber attacks are the FBI’s top priorities. Terrorists, spies, and hackers are always thinking of new ways to harm us. Today I want to discuss how these threats are evolving. And I want to share what the FBI is doing to stay one step ahead, to keep our nation safe, prosperous, and free.
Let us begin with the terrorist threat.
During the past decade, we have weakened al Qaeda due to the coordinated efforts of our military, the intelligence community, law enforcement, and our international partners.
We have captured or killed many al Qaeda leaders and operatives, including Usama Bin Laden and Anwar al-Awlaki. We have shut down terrorist training camps, frozen their finances, and disrupted their communications. Most importantly, we have uncovered dozens of cells and prevented attacks.
Yet core al Qaeda, operating out of Pakistan, remains committed to high-profile attacks against the West. We confirmed this with the records seized from bin Laden’s compound upon his death. And we saw this with the plot by Najibullah Zazi to bomb the New York subway system in 2009.
Meanwhile, al Qaeda affiliates have emerged as significant threats. Al Qaeda in the Arabian Peninsula, operating in Yemen, has attempted several attacks on the United States, including the failed Christmas Day airline bombing in 2009, and the attempted bombing of U.S.-bound cargo planes in October of 2010.
Most recently, we have a growing concern about the threat from homegrown violent extremists. These individuals have no typical profile; their experiences and motives are often distinct. But they are increasingly savvy and willing to act alone, which makes them difficult to find and to stop.
The recent case of Hosam Smadi is one example. In 2009, Smadi was a 19-year-old Jordanian citizen living in Texas. Although he espoused loyalty to bin Laden and al Qaeda, Smadi was not affiliated with any group or other would-be terrorists. He had become radicalized on his own, through the Internet.
When Smadi expressed a clear interest in attacking a Dallas skyscraper, the FBI used undercover agents to set up a sting. Three agents who spoke Arabic began talking with Smadi, first online and later in person. He believed he had found an al Qaeda sleeper cell to assist him.
After months of planning, Smadi parked what he believed was a truck bomb underneath the skyscraper, and dialed a cell number he thought would detonate the bomb. But the bomb was a fake, supplied by our undercover agents—and the call signaled agents to make the arrest. Last year, Smadi was convicted and sentenced to 24 years in prison.
Intelligence led us to Smadi. And the combined efforts of our federal, state, and local partners helped us to stop him—before he could harm anyone.
We in the Bureau will continue to enhance our intelligence capabilities—to get the right information to the right people at the right time. We will continue to build strong partnerships—for these tools have been the foundation for our success against terrorism over the past 10 years.
We must keep adapting to these changing terrorist threats, to stay one step ahead of those who would do us harm. And we must do all of this while respecting the rule of law and the safeguards guaranteed by the Constitution.
Now let us turn from terrorists to spies. Many people assume the end of the Cold War made the world of cloak-and-dagger obsolete. Unfortunately, espionage is still very much with us.
Nations will always try to learn one another’s secrets to gain political, military, or economic advantage. Indeed, the foreign intelligence presence operating in the United States is roughly the same as it was during the Cold War.
We still confront traditional espionage, such as spies working under diplomatic cover, or even posing as ordinary citizens. Consider the arrest last year of 10 agents of the Russian Foreign Intelligence Service. Many of you may have seen TV news stories and videos covering the techniques we used in our investigation, code-named Ghost Stories. It featured the stuff of a John Le Carré novel—dead-drops in train tunnels, brush passes at night, and clandestine meetings in cafés.
Apart from the more traditional types of espionage, today’s spies are just as often students, researchers, businesspeople, or operators of “front companies.” And they seek not only state secrets, but trade secrets from corporations and universities—such as research and development, intellectual property, and insider information.
Consider the recent case of Noshir Gowadia, a naturalized U.S. citizen from India. For 18 years he was an engineer at Northrop Grumman, the defense contractor that built the B-2 stealth bomber—one of our nation’s most important strategic assets.
Gowadia decided to offer his knowledge of sensitive military secrets to anyone willing to pay for it. He sold highly classified information about the B-2’s stealth technology to several nations, including China. He also made six covert trips to China to assist them in the development of stealth technology for their cruise missiles.
Partnerships were essential in finding and stopping Gowadia before he could further damage our national security. Together with the Air Force, U.S. Customs, the IRS, and other agencies, we built a strong case against him—and this past January, he was sentenced to 32 years in prison.
Foreign spies know that military superiority is merely one factor that determines the world’s balance of power. Just as important is the kind of economic innovation we find here in the Bay Area.
So it is no surprise that spies also target the most valuable secrets of American companies and universities. They hope that stealing the fruits of American innovation will give their nations a shortcut to economic pre-eminence.
Let me give you one example of the cost of this type of espionage. Last month, Kexue Huang, a former scientist for two of America’s largest agricultural companies, pled guilty to charges that he sent trade secrets to his native China.
While working at Dow AgroSciences and later at Cargill, Huang became a research leader in biotechnology and the development of organic pesticides. Although he had signed non-disclosure agreements, he transferred stolen trade secrets from both companies to persons in Germany and China. His criminal conduct cost Dow and Cargill millions of dollars.
These two cases illustrate the growing scope of the “insider threat”—when employees use their legitimate access to steal secrets for the benefit of another company or country.
Add to this that so much sensitive data is now stored on computer networks, our adversaries often find it as effective, or even more effective, to steal secrets through cyber intrusions.
Foreign spies have increased their skill at exploiting weaknesses in our computer networks. Once inside, they can exfiltrate government and military secrets, as well as valuable intellectual property—information that can improve the competitive advantage of state-owned companies.
Earlier this month, the intelligence community issued a report to Congress stating that cyber-based economic espionage is increasingly pervasive. The report publicly confirms that other nations are using cyber capabilities to collect sensitive American technology and economic secrets.
While state-sponsored cyber espionage is a growing problem, it is but one aspect of the cyber threat. The number and the sophistication of computer intrusions have increased dramatically in recent years.
American companies are losing billions of dollars’ worth of intellectual property, research and development, and trade secrets. Outside attackers burrow into company networks and remain undiscovered for months or even years. It is much like having termites in your house—often, by the time you discover them, the damage is done. And “hacktivist” groups are pioneering their own forms of digital anarchy. Here in the Bay Area, you witnessed their work firsthand when individuals hacked the BART website and released personal data of BART customers.
We also must consider that hostile nations or terrorist groups could launch cyber attacks against our critical infrastructure.
The anonymity of the Internet makes it difficult to discern the identity, the motives, and the location of an intruder. And the proliferation of portable devices that connect to the Internet only increases the opportunity to steal vital information.
We in the FBI cannot merely react to computer intrusions. Hackers will seek to exploit every vulnerability, and we must be able to anticipate their moves.
Let me share one example. In April, the FBI brought down an international “botnet” known as Coreflood. Botnets are those networks of virus-infected computers controlled remotely by an attacker. To shut down Coreflood, the FBI took control of five servers the hackers had used to infect some two million computers with malware. This malware allowed the hackers to steal personal and financial information by recording users’ keystrokes.
We not only shut down the servers—we took another unprecedented step. With court approval, the FBI responded to signals sent from infected computers in the United States. We sent those computers a command that stopped the malware, preventing harm to hundreds of thousands of users.
Staying Ahead of Threats
Surveying today’s threats is somewhat like peering into a kaleidoscope, where even the slightest rotation creates new patterns of color and light. Just when it seems you understand a threat, the world turns, and the threat has changed.
As Tom Friedman has described in his book, The World is Flat, advances in technology, travel, commerce, and communications have broken down barriers between nations and between individuals. Globalization has had a flattening effect, leveling the playing field for all of us. This hyper-connectivity is empowering and engaging people around the world—both friend and foe alike.
So how do we stay ahead of terrorists, spies, and hackers?
Intelligence will continue to drive our investigations. We must ask ourselves: What do we know about these threats? What are the gaps in our intelligence? And what human sources must we cultivate to fill these gaps?
Each of us—government leaders, business executives, and everyday citizens alike—must ask ourselves what vulnerabilities we may have overlooked.
We must also place even greater emphasis on partnerships and information sharing. No single agency, company, or nation can defeat these complex, global threats alone. And in these days of tight budgets, working together is essential.
Finally, we need the right tools and capabilities to address shifting threats—for example, the foreign language skills we used to stop Hosam Smadi, and the advanced cyber capabilities we used to shut down the Coreflood botnet.
Still another critical tool is the FBI’s ability to intercept electronic communications.
Many social networking conduits—in contrast to traditional communications carriers—are not able now to produce the electronic communications we seek in response to a court order. When investigators cannot collect communications pursuant to court order in near-real-time, they may be unable to act quickly to disrupt threats or to protect public safety.
Laws covering this area have not been updated since 1994—a lifetime ago in the Internet age. So we are working with Congress, the courts, our law enforcement partners, and the private sector to ensure that our ability to intercept communications is not eroded by advances in technology.
One last, but important, point: The FBI has always adapted to meet new threats. And we must continue to evolve, because terrorists, spies, and hackers certainly will.
But our values can never change. Regardless of emerging threats, the impact of globalization, or changing technology, the rule of law will remain the FBI’s guiding principle. In the end, we know that we will be judged not only by our ability to keep Americans safe, but also by whether we safeguard the liberties for which we are fighting, and maintain the trust of the American people.
Our adversaries are persistent and clever, and the pressures of globalization and technology are ever-present. Change is a constant in today’s world—and we must prepare for it.
Yet change is just one constant; the other is the American people’s resolve to defend our freedom and our way of life. This same resolve drives the FBI every day. And together, we can and we will keep our country safe from harm.
Transcript Source: FBI