FBI, DHS Warn of Hacker Mercenaries Funded by Nation-States

A screenshot of the warning screen from a purported ransomware attack, as captured by a computer user in Taiwan, is seen on a laptop in Beijing, May 13, 2017.

Mark Schiefelbein/AP

AA Font size + Print

A screenshot of the warning screen from a purported ransomware attack, as captured by a computer user in Taiwan, is seen on a laptop in Beijing, May 13, 2017.

Lawmakers also are considering giving Homeland Security more authority to test anti-drone tech.

Lines between government-backed hackers and cyber criminals are getting fuzzier, top officials told lawmakers Thursday.

That’s one message the FBI wanted to send when it indicted two Russian intelligence officers and two criminal co-defendants for a major breach of the Yahoo email service in March, Director Christopher Wray said.

“We are seeing an emergence of that kind of collaboration which used to be two separate things—nation-state actors and criminal hackers,” Wray told the House Homeland Security Committee. “Now there’s this collusion, if you will.”

The Homeland Security Department is also following the trend, acting Secretary Elaine Duke told the committee.

“What we’re having to do is really understand, as the director said earlier, the difference between state actors, people [who are] maybe just looking for financial gain and those hybrid actors and that’s become more difficult,” she said.

Homeland Security leads civilian government cybersecurity and helps critical infrastructure providers, such as airports, banks and hospitals, secure their computer networks.

U.S. officials have long feared that cyber criminal networks, which operate with relative impunity in parts of Russia, could be deputized for hacking operations that serve the Kremlin’s interests.

Russian President Vladimir Putin even speculated that “patriotic hackers” in Russia might have been responsible for email breaches at Democratic political organizations that sowed chaos during the 2016 U.S. presidential election. He’s disputed, however, U.S. intelligence agencies’ conclusion that the Russian government ordered those breaches.

Increasingly, however, such hybrid government-criminal breaches are becoming a reality, Wray told lawmakers.

“You have the blend of a nation-state actor, in that case, the Russian intelligence service, using the assistance of criminal hackers, which you think of almost like mercenaries, being used to commit cyberattacks,” the FBI director said.

“Russia is attempting to assert its place in the world and relying more creatively on a form of asymmetric warfare to damage and weaken this country economically and otherwise,” he said.   

It’s highly unlikely the Russian Yahoo hackers will see a U.S. courtroom because the U.S. does not have an extradition agreement with Russia, Wray acknowledged.

“On the other hand, if they travel, that’s going to be a challenge for them because they are now, at that point, fugitives wanted by the FBI,” he said.

Wednesday’s House Homeland Security hearing focused broadly on worldwide threats including domestic and international terrorism, aviation security and border security.

Also during Thursday’s hearing:

  • New legislation giving Homeland Security greater authority to test anti-drone technology may be coming soon, according to an exchange between committee chairman Michael McCaul, R-Texas, and Rep. Jim Langevin, D-R.I. The department currently has no authority to test such technology, Duke said, adding that it would be helpful if Congress granted that authority. McCaul and Langevin agreed.
  • Homeland Security is preparing a strategy for how the government should respond to an electromagnetic pulse, or EMP, attack that is due Dec. 23, Duke said. An EMP attack, which is basically a targeted blast of electromagnetic radiation, could theoretically destroy or disable large amounts of electronic equipment, including airplanes and computers.  
  • “On a scale of 1 to 10,” the threat of a cyberattack on U.S. critical infrastructure is “a 7 or an 8,” Duke said. “Because what we know is daunting and we don’t know what we don’t know,” she added.
  • Wray urged lawmakers, once again, to renew Section 702 of the Foreign Intelligence Surveillance Act, which will expire at the end of this year, saying it’s invaluable during the early stages of an investigation to determine which tips are worth pursuing.
Close [ x ] More from DefenseOne