FBI Director Lays Out Bureau’s Stance on Artificial Intelligence at Cyber Threat Summit
Wray also explained how the FBI’s FISA Section 702 authorities empower cyber efforts
During a July 26 keynote at the FBI Atlanta Cyber Threat Summit, Director Christopher Wray warned that cybercriminals are weaponizing artificial intelligence—and the resulting threat will only worsen as machine-learning models become increasingly sophisticated.
Wray also explained that the FBI’s authorities under Section 702 of the Foreign Intelligence Surveillance Act, or FISA, enable our efforts to combat international cybercriminals. He identified 702-powered successes and stressed the urgency of reauthorizing that portion of the federal law.
Wray also discussed nation-state threats in cyberspace, noting that China, in particular, poses a formidable cyber threat, but Russia is not far behind.
Finally, he underscored the importance of public-private partnerships in securing the American people and economy from cyber threats.
“For 115 years (in fact, literally today—today is actually the FBI’s birthday), the Bureau has been charged with protecting the American people and upholding the Constitution," he said. "And the men and women of the FBI work tirelessly every day to fulfill that mission—but we could not do it without partners—without partners like you,” he said.
Director Wray recently said the FBI is examining ways it can use artificial intelligence to help support its mission, such as by “triaging and prioritizing the mountains of data we collect in our investigations.”
But during the summit, he warned that bad actors are exploiting machine-learning models to commit crimes.
The same generative AI technologies that can be used to save people time by automating tasks can also be used to “generate deepfakes or malicious code,” he said.
As an example, he explained one case in which a darknet user allegedly created malware using a generative AI program. Wray said the user "then instructed other cybercriminals on how to use it to recreate malware strains and techniques based on common variants."
"And that’s really just the tip of the iceberg," he continued. "We assess that AI is going to enable threat actors to develop increasingly powerful, sophisticated, customizable, and scalable capabilities—and it's not going to take them long to do it."
Wray said that the Chinese government is particularly well-positioned to use the increasing powers of AI and machine learning against the United States, especially in conjunction with data it has stolen from the United States.
Director Wray said that the authorities granted to the FBI by Section 702 of the Foreign Intelligence Surveillance Act, or FISA, are key to the Bureau's ability to crack down on cybercrime around the world.
“Section 702 is critical to our ability, in particular, to obtain and action cyber intelligence,” he said. “With 702, we can connect the dots between foreign threats and targets here in the U.S., searching information already lawfully within the government’s holdings so that we can notify victims who may not even know they’ve been compromised, sometimes warning them even before they get hit.”
Wray stressed that the FBI’s Section 702 authorities only let it collect information on foreign targets of intelligence surveillance—and not U.S. citizens.
More than half of the FBI’s data reporting under Section 702 has targeted cybercriminals, Wray said. And the Bureau’s 702 authorities yielded 97% of the Bureau’s "raw technical reporting on cyber actors" in the first half of 2023, he added.
"That’s all intelligence that we can action through threat alerts and defensive briefings," he said.
Wray said the FBI’s Section 702 authorities also powered cybersecurity wins, including:
- Identifying the perpetuator of the 2021 Colonial Pipeline ransomware attack and recovering most of the $4.4 million ransom the company paid in response.
- Saving an American nonprofit organization who fell victim to a ransomware attack and recovering their data so they didn’t need to give Iranian cybercriminals a dime.
- Sniffing out attempts by Chinese cybercriminals to hack into an American transportation hub before they could wreak havoc.
"The intelligence we obtain through our 702 authorities is absolutely vital to safeguarding the American public and American businesses," he said. "Now, those of you who know me know that I'm not the kind of guy that is prone to overstatement, so when I say it’s vital—it's not helpful, it's not important, it's vital—you know that I mean it."
“Section 702 is critical to our ability, in particular, to obtain and action cyber intelligence. With 702, we can connect the dots between foreign threats and targets here in the U.S., searching information already lawfully within the government’s holdings so that we can notify victims who may not even know they’ve been compromised, sometimes warning them even before they get hit.”
FBI Director Christopher Wray
The FBI is also dealing with cyber threats posed by nation-states, Wray said, though it’s not always obvious when a foreign government is responsible for a cyberattack.
"It’s becoming increasingly difficult to discern where cybercriminal activity ends and nation-state activity begins, as the line between those two continues to blur," he said. Wray pointed to foreign intelligence agents who moonlight as cybercriminals and hackers who take on state-sponsored assignments on the side as evidence of this trend.
In terms of specific nation-state threats, Wray said China poses the largest-scale threat in cyberspace due to the amount of data it has stolen from the United States and the sheer size of its hacking program.
"If you took every single one of the FBI’s cyber agents and intelligence analysts, and I told them focus only on China—nothing but China—cyber actors from China would still outnumber FBI cyber personnel by at least 50 to 1,” Wray said.
But, he cautioned, Russia also ranks among our top hostile nation-state threats in cyberspace.
"Although Russia’s invasion of Ukraine may be taking place on physical battlefields half a world away, we’re seeing the effects of that invasion right here at home," he said. "For instance, we’ve seen Russia conducting reconnaissance on [the] U.S. energy sector. And that’s particularly worrisome because we know that once a cyber actor can establish access, they can switch from using that access to collect information to using it to conduct a destructive attack. And they can do it pretty quickly and without notice."
Wray said the threat posed by today’s cyber threats is too immense for any single organization to tackle alone—including the FBI.
This is why our cyber partnerships with both public and private sectors are paramount.
Our public sector partnerships with intelligence, law enforcement, and international agencies give us the power to carry out "joint, sequenced operations," he explained.
But private sector partnerships with businesses help us preempt cyberattacks with preparedness.
"We’re doing things like pushing out more and more threat alerts and developing more and more relationships—both on a one-on-one basis and through organizations like InfraGard, like DSAC—the Domestic Security Alliance Council—to expand our engagement with U.S. businesses," Wray said. "We’re providing defensive briefings more often to help you keep your data and networks safe from cyberattacks. And we’re trying wherever we can to declassify and share as much information as possible to keep potential victims informed as the threats continue to evolve."
Our partnerships with the business sector also help us better understand what we’re actually up against in cyberspace.
"The reality is, at the FBI, we can’t build a comprehensive picture of the cyber threat landscape alone," he said. "We know that an enormous amount of information about the cyber threat landscape exists on the systems and servers of U.S. businesses. So we're working hard to use the information one company gives us to develop an analysis about who an adversary is, what they're doing, where, why, and how they’re doing it, taking pains in the process to protect that company’s identity, not unlike we do with our confidential human sources."
The FBI then shares that analysis with our domestic and international public-sector partners, sector risk management agencies, and service providers, he said.
"And they use it to provide us with even more information, enhancing our global investigations," Wray said. "And ultimately, that helps us discover malicious infrastructure that we might not have known about before that we can then target, and that means that we can then alert you to new threats so you can better remediate and protect yourselves."
Wray also emphasized that the FBI acts on the cyber threat data it receives. He touted the Bureau’s successful effort to disrupt the Hive ransomware group—which he said extorted businesses around the world out of ransom payments totaling over $110 million—as proof.
In July 2022, he recalled, the FBI Tampa Field Office got access to the group’s control panel and used it to help victims—all without tipping off the cybercriminals.
"We used our access to identify Hive’s targets and offered more than 1,300 of those victim businesses keys to decrypt their infected networks, saving victims an estimated $130 million in ransom payments," Wray said. "And then, working hand-in-hand with our European partners, we seized control of the servers and websites that Hive had been using to communicate with their members, in effect shutting down Hive’s operation and their ability to attack and extort more victims."
But, he noted, the Bureau’s fight against the ransomware threat is far from over.
"Even as I'm standing here speaking to you, the Bureau is investigating more than 100 different ransomware variants—and that's just ransomware—each one of those variants, with scores of victims, wreaking havoc on business operations, causing devastating financial losses, and targeting everything from hospitals and emergency services to the energy sector to state and local government," he said.