---

Video Transcript

Well, thanks, Carrie. Morning, everybody. I want to begin by adding my thanks to FBI, Atlanta and Georgia Tech for co-hosting today's event. And as you heard, it will come as no surprise that I'm always happy to have the opportunity to come back home to Atlanta. This is where my career in law and soon after law enforcement really began. So it's both an honor and a pleasure to be here with you here this morning. Getting so many industry leaders together in one room for the day is an invaluable opportunity to talk about the threats that we're seeing and just as important, to discuss the ways we can work together to stay ahead of them. We've got an impressive slate of speakers on today's agenda, including Bryan Vorndran, who heads the FBI Cyber Division and a host of other distinguished cybersecurity experts and partners from both government and the private sector. And I know that they will be doing an in-depth dive into the threat picture and some of the most important challenges we face. So I'd like to spend my short time with you here this morning talking about how the FBI sees the cyber ecosystem and how the threats have evolved over the years and how our efforts to mitigate them have evolved.

I don't think it's a stretch to say that an awful lot has changed since the FBI was founded in 1908, and in fact, not sure even H.G. Wells could have conceived that we'd one day be battling threats online and in an entirely new universe called cyberspace. But today, that's, of course, the source of some of our most complex, most severe and most rapidly evolving threats. And for more than two decades, the FBI has had an entire cyber division and a cadre of cyber experts throughout the field, all devoted to identifying and mitigating those threats. And what they know and what everybody in this room knows is that today's cyber threats are more pervasive, hit a wider array of victims, and carry the potential for greater damage than ever before. Even as I'm standing here speaking to you, the Bureau is investigating more than 100 different ransomware variants. And that's just ransomware. With scores-each one of those variants- with scores of victims wreaking havoc on business operations, causing devastating financial losses and targeting everything from hospitals and emergency services to the energy sector to state and local government. At the same time, we're dealing with a whole host of unique cyber threats posed by nation states, and it's becoming increasingly difficult to discern where cyber criminal activity ends and nation state activity begins as the line between those two continues to blur. Like when we see foreign intelligence officers moonlighting, making money on the side through cyber crime, or hackers who are profit motive minded criminals by day, but state sponsored by night among nation states, China in particular, poses a formidable cyber threat on a scale unparalleled by foreign adversaries. It's got a bigger hacking program than that of every major nation combined, and it has stolen more of our personal and corporate data than every nation, big or small, combined.

To give you a sense of the scale of their operations, if you took every single one of the FBI's cyber agents and intelligence analysts and I told them, focus only on China, nothing but China. Cyber hackers from China would still outnumber FBI, cyber personnel by at least 50 to 1, at least 50 to 1. And of course, the Chinese government is hardly the only hostile nation state we're contending with. Russia is near the top of that list, too. A threat you'll hear more about from our next speaker, Mr. Zhora of the state Special Communications Service of Ukraine. Although Russia's invasion of Ukraine may be taking place on physical battlefields half a world away, we're seeing the effects of that invasion right here at home. For instance, we've seen Russia conducting reconnaissance on US energy sector, and that's particularly worrisome because we know that once a cyber actor can establish access, they can switch from using that access to collecting information, to using it to conduct a destructive attack. And they can do it pretty quickly and without notice.

Complicating matters even further is the constant development of new and emerging technologies. For example, I doubt anybody in this room will be shocked to hear that content enabled by A.I., by artificial intelligence is ripe for potential misuse, and that machine learning models can have already been exploited by criminal actors. So while generative AI enabled by platforms like ChatGPT can certainly save law abiding citizens time by automating tasks, it also makes it a lot easier for the bad guys to do things like generate deepfakes and malicious code. In just one example, earlier this year, a Darknet user claimed to have produced such code with the assistance of ChatGPT, and then instructed other cyber criminals on how to use it to recreate malware strains and techniques based on common variants. And that's really just the tip of the iceberg. We assess that AI is going to enable threat actors to develop increasingly powerful, sophisticated, customizable and scalable capabilities, and it's not going to take them long to do it. That goes double for China, which as I mentioned earlier, has already spent years stealing both our innovation and massive troves of data that turns out to be perfect for training machine learning models. And now they're in a position to close the cycle, to use the fruits of their widespread hacking to power with A.I. even more powerful hacking efforts.

So it's clear that the threat environment and the threat actors that we're up against are continuously evolving, growing more complex and more dangerous every day. And we need to lean on a wide variety of tools and techniques to combat them because the threat is too great for any one agency or any one business to combat alone. This is why we also rely more heavily than ever on partnerships with our colleagues throughout the intelligence, law enforcement and international communities. Together, we're working to execute more and more joint sequenced operations, leveraging our collective efforts to exert maximum impact on our adversaries. But we're also rely more heavily than ever on our partnerships with the private sector. With all of you, we're doing things like pushing out more and more threat alerts and developing more and more relationships, both on a one on one basis and through organizations like InfraGard, like DSAC, the Domestic Security Alliance Council, to expand our engagement with U.S. businesses. We're providing defensive briefings more often to help you keep your data and networks safe from cyber attacks. And we're trying wherever we can to declassify and share as much information as possible to keep potential victims informed as the threats continue to evolve.

But it is not a one way street. But the reality is that the FBI, we cannot build a comprehensive picture of the cyber threat landscape alone. We know that an enormous amount of information about the cyber threat landscape exists on the systems and servers of U.S. businesses. So we're working hard to use the information one company gives us to develop an analysis of who the adversary is, what they're doing, where, why and how they're doing it. Taking pains in the process to protect that company's identity, not unlike we do with our confidential human sources. And then we pass what we've developed to our fellow U.S. and foreign intelligence services, foreign law enforcement partners, CISA, and sector risk management agencies and service providers. And they use it to provide us with even more information enhancing our global investigations. And ultimately, that helps us discover malicious infrastructure that we might not have known about before that we can then target. And that means that we can then alert you to new threats so you can better remediate and protect yourselves. It's what we like to think of as a virtuous cycle, but it only works-it's only possible when we're all working together.

So as I think you can see and hear, we're not just collecting information to dump it in some database somewhere, we're acting on it. I'll give you an example. Earlier this year, we announced the culmination of a year and a half long campaign to disrupt the HIVE Ransomware group. The HIVE’s attacks were extensive and financially devastating. The group extorted victims all around the globe, both big businesses and small ones for more than $110 million in ransom payments. But last July, we took the fight to them. Our field office in Tampa gained access to HIVE’s control panel, in effect, hacking the hackers. And for about seven months we exploited that access to help victims. And we did it all while keeping the HIVE actors in the dark. We used our access to identify HIVE’s targets and offered more than 1300 of those victim businesses keys to decrypt their infected networks, saving victims, an estimated $130 million in ransom payments. And then working hand in hand with our European partners. We seized control of the servers and websites that HIVE had been using to communicate with their members, in effect, shutting down HIVE’s operation and their ability to attack and extort more victims. Now that's a huge success story and it's a testament to the power of partnerships both across the private and public sectors and around the world. But the information we get from our partners is just one piece of the puzzle. We also rely heavily on the Foreign Intelligence Surveillance Act, on FISA, specifically on Section 702 of FISA.

It's up for reauthorization by Congress at the end of this year, and it's already been in the news a lot lately. So some of you may have heard about this, but Section 702 gives members of the intelligence community like us, the authority to collect communications of foreign adversaries operating outside the U.S. Let me be clear, not Americans foreign targets. And Section 702 is critical to our ability in particular to obtain an action cyber intelligence. With 702 we can connect the dots between foreign threats and targets here in the U.S., searching information already lawfully within the government's holding so that we can notify victims who may not even know they've been compromised, sometimes warning them even before they get hit. You might be surprised to hear that malicious cyber actors have accounted for over half of our Section 702 reporting. In fact, in the first half of this year, 97% of our raw technical reporting on cyber actors came from Section 702. That's all intelligence that we can action through threat alerts and defensive briefings, intelligence we use to help victims, cyber victims. Because of 702, we verified the identity of the hacker responsible for the ransomware attack on Colonial Pipeline in 2021 and recovered most of the $4.4 million ransom that Colonial paid. Because of 702 we saved a U.S. nonprofit from an Iranian ransomware attack last year and recovered their stolen information so they didn't have to pay a ransom at all. And because of 702, we identified intrusion efforts by Chinese hackers against a transportation hub in the U.S., preventing the loss of millions, possibly billions of dollars, avoiding widespread transit disruptions, and most importantly, keeping the American public safe.

The intelligence we obtain through our 702 authorities is absolutely vital to safeguarding the American public and American businesses. Now, those of you who know me know that I'm not the kind of guy that is prone to overstatement. So when I say it's vital, it's not helpful. It's not important. It's vital. You know that I mean it. For 115 years in fact, literally today, today's actually the FBI birthday. The Bureau has been charged with protecting the American people and upholding the Constitution. And the men and women of the FBI work tirelessly every day to fulfill that mission. But we could not do it without partners, without partners like you. So I want to thank you again for making the time to join us here today. And I want you to know how grateful we are, how grateful I am for your commitment to collaboration and cooperation as we work together to keep the American country safe. So we're honored to call you our partners. Thank you.