We have all seen the concerning trend lines: Hostile adversaries are conducting cyber operations with alarming scale, speed, and sophistication. Cyber has become the vector of choice for hostile nation-states seeking to steal our most sensitive technologies to exert foreign malign influence and project messages of repression at diaspora communities, and to compromise critical infrastructure.

The list of capable adversaries engaging in such activity is by no means limited to China and Russia. Iran and Iranian-backed proxies engage in a broad array of sophisticated cyber activities both to generate revenue and to advance operations. The DPRK engages in sophisticated crypto-heists and IT worker schemes to fund its nuclear program and authoritarian agenda. And we are seeing increasing use of cryptocurrency from international terrorist groups to advance plots.

First, in January, we announced a court-authorized takedown of what was referred to as the “KV botnet.” That was a botnet of hundreds of U.S.-based small office/home office (SOHO) routers hijacked by People’s Republic of China (PRC) state-sponsored hackers known as “Volt Typhoon.” The hackers used this botnet to conceal the PRC origin of further hacking activities directed against U.S. and other foreign victims, including a campaign targeting critical infrastructure organizations in the U.S. and elsewhere. Using one of our age-old investigative tools, a Rule 41 search and seizure warrant, we deleted Volt Typhoon’s malware and took steps to sever the routers from the botnet.

When the Justice Department returns public charges against a malicious cyber actor, we are telling the world that we stand ready to prove the allegations in our case beyond a reasonable doubt with public evidence. We send a clear message about what conduct the U.S. government believes is so out of bounds that it is deserving of criminal punishment even when committed by overseas actors.

This public attribution enables us to galvanize international support. A good recent example is the indictment unsealed a few weeks ago in the Eastern District of New York. That indictment charged seven PRC nationals who were members of a group called APT31 with engaging in a 14-year cyber campaign targeting U.S. and foreign businesses, political officials, and critics of the PRC.

In addition to going after the cyber actors themselves, the Justice Department is also redoubling our efforts to go to the source – the cutting-edge technology that enables these threats.

Last year, the Department stood up the Disruptive Technology Strike Force, an interagency enforcement team co-led by NSD and the Commerce Department’s Bureau of Industry and Security. The Strike Force was created to counter efforts by authoritarian governments to acquire sensitive technologies, including the technology that enables advanced computing and autonomous vehicle capabilities – such as semiconductors and microelectronics.

The Strike Force brings together the collective power of law enforcement agencies to pursue enforcement actions against those who would violate export control and trade secrets laws to acquire sensitive U.S. technology. We’ve created 15 enforcement teams made up of federal prosecutors and agents strategically located across the country where there is a strong tech industry presence or heavy commercial trade – including in San Francisco, Phoenix, Miami, and Boston.

This collaboration is generating tangible results. In less than a year, the Strike Force has announced 16 criminal prosecutions charging actors in the United States and abroad with procuring microelectronics on behalf of the Russian war effort, software engineers with stealing source code and other proprietary information to take to China, and buyers working on behalf of the Iranian regime with seeking to illicitly acquire UAV and ballistic missile technology.

The Strike Force’s cases include protecting technology that can be used for cyber-related malign activity, including AI – which is an area of focus of this work. Last May, for example, we announced charges against a former employee at Apple who allegedly stole large quantities of data related to the company’s self-driving car technology before decamping to a subsidiary of a Chinese company working to develop the same technology.

Just last month, we announced the arrest of a software engineer at Google who allegedly stole over 500 confidential files from the company. The stolen information included details about the hardware infrastructure and software platform used in Google’s advanced supercomputing data centers. About the same time the defendant was allegedly stealing the information, he was secretly working with two China-based tech companies, including an AI-focused company he founded.

###

Source: U.S. Department of Justice

Speaker: David Newman, Principal Deputy Assistant Attorney General for the National Security Division (NSD)

Format: Speech

Link to Original Source