The Director of the Federal Bureau of Investigation (FBI) has said that it is vital that Congress reauthorize the use of electronic spying intelligence when a key piece of legislation comes up for renewal later this year, in order for the US to protect itself against threat actors engaging in sophisticated cyber attacks.
Christopher Wray’s comments came just a couple of days before the White House recommended that the FBI face limitations on how it uses Section 702 of the Foreign Intelligence Surveillance Act, with the President's Intelligence Advisory Board (PIAB) stating that the FBI had at times made “inappropriate use” of it.
Section 702, which was brought in following 9/11, has been facing increased bipartisan scrutiny and criticism in Washington DC, as well as privacy campaigners also arguing for its removal. The main complaint being that spy agencies capture the communications of US citizens and businesses in their efforts to understand the actions of the likes of China and Russia (amongst others), as well as to foil terror plots.
Awareness of the piece of legislation grew significantly, however, after the details of a US Senator and others were included in a search for someone believed to have been at the Capitol insurrection on January 6th 2021. Expansive searches of names were also sought following the 2020 death of George Floyd during ongoing Black Lives Matter protests, which rightly brought further criticism.
Whilst the IAB says in its report that Section 702 is one of the intelligence community’s “most effective and powerful tools”, it also adds:
In attempting to optimize its limited capacity for oversight of FBI’s U.S. person queries, DOJ conducted an FBI-wide audit in 2021 that focused on sensitive queries and queries conducted during the time period of a high-profile event in order to confirm whether FBI personnel properly followed procedures.
Through this audit, DOJ found a large number of noncompliant incidents (although the number of noncompliant incidents amounted to a small percentage of noncompliance during this period of time due to the high volume of queries overall). Some of these noncompliant queries included individuals arrested during the January 6 Capitol breach. DOJ subsequently directed FBI to undertake reforms to address its compliance issue.
The IAB has recommended, as a result, that the FBI have its authority removed to conduct queries for evidence of a non-national security-related crime in its Section 702 data.
However, whilst the FBI has issued a statement saying that the PIAB report highlights how “crucial” Section 702 is and that it should be reauthorized in a manner that “does not diminish its effectiveness”, Director Wray issued some very firm comments in recent days to the FBI Atlanta Cyber Threat Summit - saying that the significance of Section 702 should not be underestimated. Wray said:
Section 702 gives members of the intelligence community, like us, authority to collect communications of foreign adversaries operating outside the US.
Let me be clear, not Americans, foreign targets. And Section 702 is critical to our ability, in particular, to obtain and action cyber intelligence. With 702 we can connect the dots between foreign threats and targets here in the US, searching information already lawfully within the government's holding, so that we can notify victims who may not even know they've been compromised - sometimes warning them even before they get hit.
You might be surprised to hear that malicious cyber actors have accounted for over half of our Section 702 reporting. In fact, in the first half of this year 97% of our raw technical reporting on cyber actors came from Section 702.
That's all intelligence that we can action through threat alerts and defensive briefings, intelligence we use to help cyber victims.
Wray provided some examples, citing how Section 702 enabled the FBI to verify the identity of the hacker responsible for the ransomware attack on Colonial Pipeline in 2021, where it recovered most of the $4.4 million ransom. Section 702 also saved a US nonprofit from an Iranian ransomware attack last year and recovered their stolen information so they didn't have to pay a ransom at all, Wray added. And finally, he said, because of 702 the FBI was able to identify intrusion efforts by Chinese hackers against a transportation hub in the US, preventing the loss of millions of dollars - avoiding widespread transit disruptions.
Reiterating his point, Wray emphasized:
Most importantly, [Section 702 keeps] the American public safe.
The intelligence we obtained through our 702 authorities is absolutely vital to safeguarding the American public and American businesses.
Now, those of you who know me know that I'm not the kind of guy that is prone to overstatement. So when I say it's vital, it's not helpful, it's not important - it's vital. You know that I mean it.
The threat of AI
Wray also spent time at the Cyber Summit discussing how cyber threats against the USA are rapidly evolving, pointing in particular to the challenges that AI and generative AI pose for security. The cybersecurity challenge is stark, before you even consider AI, Wray said.
For instance, the FBI is currently investigating more than 100 different ransomware variants - and that’s just ransomware. The Bureau is also particularly concerned about China and the scale of its cyber operations. Wray said:
At the same time, we're dealing with a whole host of unique cyber threats posed by nation states. And it's becoming increasingly difficult to discern where cyber criminal activity ends and nation state activity begins, as the line between those two continues to blur. Like when we see foreign intelligence officers moonlighting, making money on the side through cybercrime, or hackers who are profit motive minded criminals by day but state sponsored by night.
Among nation states, China in particular poses a formidable cyber threat on a scale unparalleled by foreign adversaries. It's got a bigger hacking programme than that of every major nation combined. And it has stolen more of our personal and corporate data, then every nation, big or small, combined.
To give you a sense of the scale of their operations, if you took every single one of the FBI cyber agents and intelligence analysts, and I told them to focus only on China, nothing but China, cyber hackers from China would still outnumber FBI cyber personnel by at least 50 to one. At least 50 to one. And of course the Chinese government is hardly the only hostile nation state we're contending with.
Wray said that complicating matters even further is the constant development of new and emerging technologies, which unsurprisingly includes content enabled by AI. He explained that artificial intelligence is ripe for potential misuse and that Machine Learning Models are already being exploited by criminal actors.
While Large Lange Model systems, such as ChatGPT, are being touted as the solution to future productivity and economic growth, the FBI is grappling with AI-generated deep fakes and malicious code. Wray said that in one example earlier this year, a dark net user claimed to produce malicious code with the aid of ChatGPT and then instructed other cyber criminals on how to use it to recreate malware strains and techniques, based on common variants. He added that this is “just the tip of the iceberg”.
On the challenge facing the FBI as it relates to AI, Wray said:
We assess that AI is going to enable threat actors to develop increasingly powerful, sophisticated, customizable and scalable capabilities - and it's not going to take them long to do it. That goes double for China, which as I mentioned earlier, has already spent years stealing both our innovation and massive troves of data, which turns out to be perfect for training machine learning models. Now they're in a position to close the cycle, to use the fruits of their widespread hacking, to power with AI, even more powerful hacking efforts.
So it's clear that the threat environment and the threat actors that we're up against are continuously evolving, growing more complex and more dangerous every day. And we need to lean on a wide variety of tools and techniques to combat them, because the threat is too great for any one agency or any one business to combat alone.
This is why we also rely more heavily than ever on partnerships with our colleagues throughout the intelligence, law enforcement and international communities. Together, we're working to execute more and more joint sequenced operations, leveraging our collective efforts to exert maximum impact on our adversaries.
Security is always a delicate balance between privacy and protection. It seems that according to the White House, the FBI seems to have tipped the scales too far the wrong way and now may face restrictions on some of the tools at its disposal. Protecting citizens, businesses and the country is critical for the FBI, but it ultimately also needs to recognize that if people don’t trust it to do so, then even more problems arise. And the challenge of cybersecurity is only going to get increasingly worse as AI allows malicious actors to scale and automate their capabilities.