FBI Director Chris Wray told a security conference on Thursday that China’s state-run hacker army “considers all areas of running our society to be fair game in order to gain an upper hand on the world stage.” Ta.
Wray said China’s plan is to “inflict a low blow on civilian infrastructure to create panic and break the U.S. will to resist.”
The FBI director spoke as follows: security meeting “Summit on Modern Conflicts and Emerging Threats” hosted by Vanderbilt University in Nashville. The 2024 edition of the summit focused on “the challenges posed by China to the United States,” from China’s dominance of critical supply chains to the fentanyl epidemic and cyberwar.
Ray called for the audience’s attention. bolt typhoona large-scale hacking operation linked to the People’s Republic of China (PRC) that compromised a surprising number of critical infrastructure systems in the United States, including water, power, oil, and transportation systems.
Bolt Typhoon was detected and exposed by Microsoft cybersecurity engineers in May 2023. Microsoft said the Chinese state-sponsored hackers sought to develop “capabilities that could disrupt critical communications infrastructure between the United States and the Asian region in the event of a future crisis.”
Wray said Chinese-backed hackers were “preparing for potential cyberattacks against U.S. oil and gas companies as far back as 2011.”
Federal Bureau of Investigation Director Christopher Wray (OLIVIER DOULIERY/POOL/AFP via Getty Images)
“When a victim company sets up a honeypot (essentially a trap designed to look like a legitimate part of a computer network with decoy documents), hackers use It took 15 minutes to steal the data,” he said. I remembered.
Ray noted that the hackers ignored “financial and business-related information” in that incident, suggesting that “their objectives were even more sinister than stealing financial benefits.” He pointed out that there was.
The honeypot system is Usually hardened To make core software extremely difficult to crack, designers disguise systems to appear much more vulnerable than they actually are.Honeypot is the setup and its administrator know Since they are going to be invaded, it is an amazing accomplishment for the invaders to quickly defeat the traps and break through the security of the rogue system.
Bolt Typhoon was a menacing example. hacking techniques This is known as “living off the land,” where hackers infiltrate a system, place a malware payload, and hide their presence by abusing and mimicking normal system functionality. This approach can be compared to a thief who takes a job as a bank teller, works there silently for years, and finally decides to rob a bank.
The “living off the land” tactic is alarming, as most private hacker groups don’t bother hiding for years after infiltrating a system. Hackers are usually motivated to steal, destroy, or take over a system immediately after a break-in, fearing that their presence will be detected or that access to the system will be cut off. They usually try to steal data for fun or profit.
As Ray explained at the Vanderbilt seminar, the main reason that highly skilled and coordinated groups of hackers remain in systems for years is because they are planning large-scale sabotage. , as they wait for government officials to tell them the right time. strike.
Ray Said The Chinese Communist Party is driven by a “desire for wealth and power” and wants to achieve this by taking the lead in “economic development in the areas most important to tomorrow’s economy.”
Other speakers at the seminar included Gen. Timothy Ho, head of the National Security Agency (NSA) and U.S. Cyber Command, who highlighted Bolt Typhoon as a new and dangerous type of cyber warfare threat.
“What you see in ‘Bolt Typhoon’ is an example of how China is trying to establish access to make things threatening. There is no legitimate intelligence reason to investigate water treatment plants from a cyber perspective. ” he says. It pointed out.
Ho warned that Bolt Typhoon sent a “pretty loud signal” about how China plans to “use cyberspace in crises,” such as the conflict with the United States over Taiwan. He urged us to listen to the signals.
“China is pursuing a deliberate campaign to gain advantage in every aspect of its national power. The threat it poses is real, and China has a desire to achieve equal standing with us on the world stage. and the ability to do so,” Ho said.
Mr. Wray pointed to a “crisis between China and Taiwan” as a scenario in which China would activate its latent cyber warfare assets. He predicts the crisis could arrive by 2027, a timeline that explains why China seems less concerned about hackers getting caught and is ramping up “cyber intrusions and criminal activities.” It will explain.
“The reality is that China’s targeting of critical infrastructure is widespread and relentless,” he said.
RELATED — Cyber official: ‘Great’ Blinken plans to ‘discuss’ capabilities with China as attacks on critical infrastructure are difficult to prevent
Ray said “joint and ordered operations” with partner agencies and companies are key to thwarting new types of cyber warfare. He cited several recent examples of hacker attacks where damage was quickly contained by working with partner agencies and companies such as Microsoft.
For example, when Microsoft Exchange was hacked in 2021, Wray said the FBI and Microsoft worked together to create a “first-of-its-kind, court-authorized program to copy and remove harmful code from hundreds of vulnerable computers.” He said that he had created a “surgical operation”.
The FBI similarly said it is working with private companies on Operation Bolt Typhoon to “not only remove Bolt Typhoon malware from infected routers across the United States, but also disconnect those routers from networks and prevent reinfection. ”
Ray said private companies should maintain their own cybersecurity operations, develop response plans for intrusions, and follow good system practices, such as installing regular software updates, if they suspect a cyber-attack is in progress. suggested that the FBI should be promptly notified.
in interview with Vanderbilt Hustler After the security conference, Ho said that while China has some advantages in cyber warfare as a closed, authoritarian society with extensive security and censorship mechanisms, the United States has He said there is a big advantage in being able to work with allies on projects. AUKUS Pillar IIwhich includes cutting-edge cybersecurity developments.
Ho suggested that free societies need to improve their collective ability to detect and respond to cyber threats such as TikTok, a social media platform controlled by the Chinese Communist Party. Ban In government – and it could be soon completely prohibited Because in the United States, we actively collect data about our users.
The TikTok logo is displayed outside TikTok’s offices in Culver City, California, on December 20, 2022. (Mario Tama/Getty Images) // Chinese President Xi Jinping waves during an event to introduce new members of the Politburo Standing Committee at the Great Hall of the People in Beijing, Sunday, October 23, 2022. (AP Photo/ Andy Wong).
“Are individuals concerned about their data being accessed by other countries on their orders? Are we making sure that we fully address it in a way that everyone really understands what that risk means?” I don’t know if I could have conveyed it,” Ho mused.
