Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
China Government Security United States

FBI Director Warns Chinese Hackers Aim To 'Wreak Havoc' On US Critical Infrastructure (nbcnews.com) 98

"China's hackers are positioning on American infrastructure in preparation to wreak havoc and cause real-world harm to American citizens and communities, if or when China decides the time has come to strike," said FBI Director Christopher Wray in a prepared testimony before the House Select Committee on the Chinese Communist Party. NBC News reports: Wray also argued that "there has been far too little public focus" that Chinese hackers are targeting critical infrastructure in the U.S. such as water treatment plants, electrical grids, oil and natural gas pipelines, and transportation systems, according to the prepared remarks. "And the risk that poses to every American requires our attention -- now," his prepared testimony said.

As Wray testified, the Justice Department and FBI announced they had disabled a Chinese hacking operation that had infected hundreds of small office and home routers with botnet malware that targeted critical infrastructure. The DOJ said the hackers, known to the private sector as "Volt Typhoon," used privately owned small routers that were infected with "KV botnet" malware to conceal further Chinese hacking activities against U.S. and foreign victims. Wray addressed the malware in his testimony, emphasizing that it targets critical infrastructure in the U.S. [...]

At Wednesday's hearing, the director of the federal Cybersecurity and Infrastructure Security Agency, Jen Easterly, testified that Americans should expect efforts by China to wage influence campaigns online relating to the 2024 election. However, Easterly added that she was confident that voting systems and other election infrastructure are well-defended. "To be very clear, Americans should have confidence in the integrity of our election infrastructure because of the enormous amount of work that's been done by state and local election officials, by the federal government, by vendors, by the private sector since 2016," Easterly said in her testimony.

Wray emphasized in the remarks that the "cyber onslaught" of Chinese hackers "goes way beyond prepositioning for future conflict," saying in the prepared remarks that every day the hackers are "actively attacking" U.S. economic security, engaging in "wholesale theft of our innovation, and our personal and corporate data." "And they don't just hit our security and economy. They target our freedoms, reaching inside our borders, across America, to silence, coerce, and threaten our citizens and residents," the excerpts said.

This discussion has been archived. No new comments can be posted.

FBI Director Warns Chinese Hackers Aim To 'Wreak Havoc' On US Critical Infrastructure

Comments Filter:
  • by Tablizer ( 95088 ) on Wednesday January 31, 2024 @08:30PM (#64204952) Journal

    I'm pretty sure US & Taiwan have done similar hacks into China's infrastructure. If Taiwan gets invaded, we can probably kiss modern conveniences goodbye for several weeks at least.

    • Kissing goodbye to banking and electronic payments for a few weeks would be inconvenient indeed.

      As in, nationalize all foodstuffs and roll out the National Guard to the distribution centers inconvenient.

    • by cusco ( 717999 ) <brian@bixby.gmail@com> on Wednesday January 31, 2024 @10:14PM (#64205146)

      Actually they probably don't, most of their infrastructure is rather new and fairly homogeneous and standardized and penalties for leaving them available to be attacked. Security is an achievable goal in that situation. They don't have the patchwork crazy-quilt of antique analog systems with digital adapters kluged on, the slapped together low-bid SCADA installs illegally connected to the corporate network, or the corporate executives too lazy to VPN into the network who insist on infrastructure connected directly to the Internet so they can review it while sitting in the coffee shop downstairs, or the regulators unable/unwilling to control the companies they're supposed to oversee.

    • Re: (Score:2, Interesting)

      by rilister ( 316428 )

      Isn't a bit like MAD theory with nuclear weapons? If both sides have a weapon so powerful, neither side can use it?
      I suspect the US has penetrated every bit as deeply as China has, and they both have their hands all over the critical infrastructure (energy, finance, telecoms, IT, etc). There doesn't seem to be much that either side can keep secret if they try (eg. the Shadowbrokers taking out the elite NSA TAO group).
      I imagine that we'd see much more strategic disruptions, ones that causes maximum embarrass

      • I suspect the US has penetrated every bit as deeply as China has, and they both have their hands all over the critical infrastructure (energy, finance, telecoms, IT, etc).

        I doubt we (US) are in as deeply as China is to our country.

        Its much easier for them to actually physically come over here (spies) in our open society and not stand out, than it is for us to go inside China.

        I fear they have much better and nastier capabilities against our society than we do against theirs at this point.

        I HOPE that's no

      • why would you think that the USA has done exactly what Diector Wray suggests that the Chinese have done? I mean, for every 1 really smart hacker in the USA, the chinese have 4. In the USA it is the culture to piss on the government and to consider the government to be evil. In China, this MAY be true as well (to piss on the Chinese government) but I am betting very few ()compared with the size of their population) do so publicly, rather instead there are huge numbers of 'patriotic organizations' of hackers
    • by VeryFluffyBunny ( 5037285 ) on Thursday February 01, 2024 @03:25AM (#64205372)
      The poor innocent White House & NSA are beside themselves with shock & grief at this news. They're totally unprepared because Al Gore invented the internet to make the world a better place. And now, here come those evil Chinese, weaponising it! I reckon some people in the White House & NSA are going to need counselling & maybe some compassionate leave to get over this.
    • >> I'm pretty sure US & Taiwan have done similar hacks into China's infrastructure. If Taiwan gets invaded, we can probably kiss modern conveniences goodbye for several weeks at least.

      HAHA Weeks.
      Nope.
      It's more like, decades.

  • politicians, ceo's and accountants havent already/
  • by ObliviousGnat ( 6346278 ) on Wednesday January 31, 2024 @08:35PM (#64204964)

    That reminds me of a quote:

    "The Navy is ready. It is not going to be caught napping." --US Secretary of the Navy Frank Knox, December 4, 1941

  • What other critical infrastructure is there?

    • What other critical infrastructure is there?

      Shit which never should've been connected to the internet in the first place. It's like someone watched that late 90s "Hackers" flick and thought it was actually a good idea to implement all the net-connected things Hollywood took artistic license with, for real.

      • Stuxnet demonstrated that a sufficiently motivated attacker can wreak havoc on an air-gapped system.
    • Power grid... thousands of small devices monitoring/interacting with power grids are on the net. Remember the 2003 blackout? It could be way worst with the push of a button, to disrupt all of those devices.
  • Paper ballots (Score:5, Insightful)

    by penguinoid ( 724646 ) on Wednesday January 31, 2024 @08:57PM (#64204996) Homepage Journal

    Where I am we have paper ballots, which are machine counted, and there's occasional hand recounts. Paper of course is notoriously difficult to hack, they'd also have to get physical access to both the ballots and the electronic record, also the final count is printed out and reported when the polls close, messing with all this would be absurdly difficult, and the several tons of paper they'd need to create and swaparoo won't fit in the pocket and is immune to the internet.

    • I think the hackers would pretty much just need to alter the results of the ballot counting in such a way that it isn't likely to trigger any hand recounts. Florida would be an easy state to manipulate because the elections are normally pretty close anyway, so you could easily get whatever result you wanted without it looking too suspicious. Although, for the Chinese there's not much point to messing with our democracy - both of our two major parties have jumped on the China BAD bandwagon.

      • They ought to be doing a few hand recounts randomly, and they probably are, that's just basic quality assurance.

        • Re: (Score:3, Insightful)

          by Anonymous Coward

          There isn't really any reason to need to electronically count. There just isn't.

          People did hand counts for decades, using paper ballots. It's not confusing, it's not hard to do, and at least where I am -- members of all parties that wish it, can have a representative watch the count real-time. It's so immensely simple and non-complex. EG, you break them into groups of 10, or 100, or whatever, and then form bricks of votes in those groups. Again, super simple.

          But people want to sell new machines, and bl

          • how confusing a pencil and an X are

            That's actually the one thing the machine does that hand-counting cannot, for about 1-5% of ballots the machine says "Hey dumbass, you put too many Xs, if you like you can void this ballot and try again, instead of guessing maybe use our giant magnifying glass". So fewer spoiled/ambiguous ballots. The machine also provides the various vote counts right when polls close, so probably a very slight increase in security.

            Conversely there's the possibility that the machine might be able to tell who voted for who,

      • How to do it (Score:5, Interesting)

        by Okian Warrior ( 537106 ) on Wednesday January 31, 2024 @10:26PM (#64205158) Homepage Journal

        I think the hackers would pretty much just need to alter the results of the ballot counting in such a way that it isn't likely to trigger any hand recounts.

        The way to do this is to slowly add fake voter registrations in the weeks leading up to the election, then enter create ballots for all the fake voters. Some of these can be absentee ballots.

        The focus on ballot counting machines and process problems during the election night are completely misdirected - you need a way to cheat that would be undiscovered during a hand recount.

        Live up-to-the-minute reporting is a big help here. You keep track of which candidate is winning, estimate how much your candidate will lose by, then drop off boxes containing only enough ballots for your candidate to win by a small margin. This minimizes the number of fake ballots entered into the system, and reduces your chance of getting caught.

        For extra safety, cook up some reason to pause counting until the next day, then drop the boxes off late at night when everyone's asleep.

        Bayesian prior: if this practice were widespread, we should see a large number of elections where candidates win by a thin margin, and not several percentage points.

        Bayesian prior: if this practice were widespread, we should see boxes of ballots dropped off late in the process (ie - late at night, after counting has stopped, or after polls close generally).

        • Re:How to do it (Score:5, Insightful)

          by edi_guy ( 2225738 ) on Thursday February 01, 2024 @12:07AM (#64205256)

          That's actually a very good point. The whole voter registration process does seem like a weak spot. Just looking at a few state's Voter Registration sites, basically they are asking for your name, address, and drivers license / state id number. So the real vector could be the DMV.

          Though I think (hope) with this new Federal 'RealID' there is less opportunity to screw around with the DMV databases.

          And the debates about people who don't have official id not being able to vote...I'm ok with that. Same with people who forgot to register, or waited until after midnight to register...lots of things require you to prove your identity and do stuff on time. Voting is one of them.

          • Oh you mean you can lose your right to free speech, or to not be warrantlessly searched, etc if you don't register on time and show ID? Or just voting? You know, we have an affidavit process that allows for filling out a ballot despite having no ID, then proving your ID later. So this nonsense about ID is not about election security, it introduces a security flaw into the election process. Same with registration, if someone deletes the registration of all Rep voters for example should that invalidate them f

        • then drop off boxes containing only enough ballots for

          Right, you just drop them off, how easy.

          For extra safety, cook up some reason to pause counting until the next day, then drop the boxes off late at night when everyone's asleep.

          Right, because that will somehow be less suspicious.

          Bayesian prior: if this practice were widespread, we should see a large number of elections where candidates win by a thin margin, and not several percentage points.

          Bayesian prior: if this practice were only happening in the imaginations of deranged idiots, we should see a large number of elections where candidates win by a thin margin, and not several percentage points.

          Bayesian prior: if this practice were widespread, we should see boxes of ballots dropped off late in the process (ie - late at night, after counting has stopped, or after polls close generally).

          Bayesian prior: there's idiots who think boxes of ballots can just be "dropped off" and for some reason people would be stupid enough to count them, plus be even less suspicious if there were a break-in, plus thi

    • Americans don't want paper ballots, because they can't manipulate them easily.

      Their parties play politics like it's a game rather than a duty... and even then not seeming to care about doing it honestly so long as they can get away with it.

    • Re: (Score:3, Interesting)

      by edi_guy ( 2225738 )

      I confess that way back in the day I was a proponent of electronic voting. In the way that a younger person cringes at any small amount of friction or inconvenience in their life. But maybe sometime after 2000 election but way before all the last 10-12 years of insanity I've done a 180.

      Paper ballots, with machine counting is the way to go. It's the correct mix of tamper-resistant and relative expediency. If something looks fishy, or even if it doesn't fire up the hand recount. In the past I would h

      • Re:Paper ballots (Score:5, Interesting)

        by Seahawk ( 70898 ) <ttsNO@SPAMimage.dk> on Thursday February 01, 2024 @08:13AM (#64205580)

        In Denmark we have paper ballots and hand counting. Voting places closes at 8 pm and we have a result of how many seats different parties have around midnight.

        The day after it is recounted and split into which candidates are actually elected - does it really have to be any faster than that?

      • by necro81 ( 917438 )

        I confess that way back in the day I was a proponent of electronic voting.

        You are probably referring to the process of casting your vote 100% on a computer system, with no paper ballot.

        However, I still believe there are still use cases for voting with a compute: using the computer to assist folks in filling out a ballot. This makes support for multiple languages and accommodations for the disabled easier and more flexible.*

        I only advocate such a system if the output is a prepared paper ballot (inc

    • by BigZee ( 769371 )
      I do find it bizarre that a country like the USA has so much automation in use for elections. It's not as if it's really that difficult to do using more traditional methods. I'm in the UK. Voting is by paper ballot. When it comes to counting, it's done by hand with appropriate oversight. None of this stops the result from being announced the day after the election. Indeed, for some constituencies, they've made the counting into something of a race to be the first to complete the count. Now, I can understand
    • by Striek ( 1811980 )

      Obligatory XKCD [xkcd.com]

    • We could only dream of such a setup in the US.

      It's far more difficult to cheat if the data isn't in digital form and / or has a hardcopy receipt to back the digital data up.
      ( Kinda like trying to steal a few billion dollars when the target has stored the entire thing in $1 bills )

      I'll go ahead and make this prediction right now:

      If the 2024 election in the US isn't the most honest, transparent and cleanly run election in the history of this country,
      mass violence and chaos is going to be the end result. Folk

  • Will be the bombs that china drop on it, for the continuous relentless anti china propaganda coming form the US that seem hell bent to start a war.
    • There is similar rhetoric from China about US if you read Chinese-language media. Nothing overt, but slowly ratcheting the threat level. Hard to tell which side is driving it. At this point, probably both.

      • by AmiMoJo ( 196126 )

        It would be surprising if one or the other came out and said they didn't think there was any significant threat. The default assumption here is that in the event of an escalation, pretty much everyone is ready to start hacking. We have seen it in Russia and Ukraine, and from North Korea, and of course for profit from numerous outfits all around the world.

    • Tyrannous Maoist  China/CCP is an existential threat to libertarian (re)publician  America. The USA should use all available power to weaken the grasp of CCP influence on world affairs ... and on their own enslaved peoples. A good 1st step is to  forbid all business arrangements  & Chinese imports . Use-ir-here ... make-it-here. Can be done with rigid tariff and tax laws and really fuck-over U. Chicago slaver-types.   
    • by skam240 ( 789197 )

      Sure, China claiming incredibly important international waters that facilitate massive amounts of international shipping along with the territorial waters of many neighboring countries all while not ruling out armed conflict over the claims isnt causing problems that could potentially lead to war at all. It's all the words the US is saying obviously!

      Never mind Chinas appalling human rights record that makes us look like saints in comparison.

  • ”If or when” China decides? I’ve heard more valid threats from a fucking 6-year old on the playground. Sounds more like Wray is desperate to put the spotlight on anyone but him right now. Don’t fall for that standard shit to dispel incompetence and/or corruption.

    • by thrasher thetic ( 4566717 ) on Thursday February 01, 2024 @10:40AM (#64205910)
      The FBI is a totally trustworthy organization with our best interests at heart. It would never have ulterior motives for releasing statements like this.
  • by echo123 ( 1266692 ) on Wednesday January 31, 2024 @09:38PM (#64205078)

    China has been attributed [csoonline.com] by the US government of hacking the OPM database in 2015. That database has every HR detail you can image and then some, on every US Federal government employee with exception to the CIA and military, (if I am not mistaken on that last detail).

    Attacking US critical infrastructure via hacks is one of China's best options against the US, and is aimed to make the US think twice about defending Taiwan. Unlike bombs, many levels of hacks don't face reciprocity, like the OPM database theft. By the way, that database OPM used was part of Adobe Coldfusion [arstechnica.com]. Coldfusion got hacked.

    FWIW, who knew people still use Coldfusion [adobe.com], or that there's still Coldfusion conferences [adobeevents.com]? Who is using Coldfusion in 2024?

  • Fear mongering Incorporated.

  • CNN tells it best, https://www.cnn.com/2024/01/31... [cnn.com]

    “Unfortunately, the technology underpinning our critical infrastructure is inherently insecure because of decades of software developers not being held liable for defective technology. That has led to incentives where features and speed to market have been prioritized against security, leading our nation vulnerable to cyber invasion. That has to stop,” Easterly said.

    But if you don't prioritize features and speed to market your company loses ou

  • by NotEmmanuelGoldstein ( 6423622 ) on Thursday February 01, 2024 @02:33AM (#64205328)

    ... the risk that poses to every American ...

    Once, the US government labelled comic-books a risk "to every American".

    Nowadays, internal risks are more likely to collapse the USA than international threats: The need to sacrifice specific demographics has spread past US racism and anti-immigration. The US is choosing ideological fanaticism which breeds authoritarianism. The normal result is civil war and a dictator but both are near-impossible in the USA. Instead, the USA will suffer paranoia and mistrust until the normal regulation of society is impossible: That doesn't mean destruction and apocalypse, it means the cost of operating and protecting government will rise exponentially. We're already seeing the first step with the massive spending, propaganda campaigns and partisanship in US elections.

    As long as US elections are won by people willing to label some demographics as second-class citizens, this downward spiral will continue.

  • Next week it will be Russia or North Korea or Iran again.

    Or it could be some bored teenagers with an off-the-shelf ransomware package in a bedroom in California like it actually was the last few times, but that doesn't unlock the big budgets.

    • by mjwx ( 966435 )

      Next week it will be Russia or North Korea or Iran again.

      Or it could be some bored teenagers with an off-the-shelf ransomware package in a bedroom in California like it actually was the last few times, but that doesn't unlock the big budgets.

      At this point I'm convinced that the FBI is just putting Christopher Wray on PR duties to keep him off of real duties where he could be doing serious harm. Given his past announcements (ironically, about China too) he's not got a good history.

  • by endus ( 698588 ) on Thursday February 01, 2024 @09:18AM (#64205678)

    I appreciate the need to increase confidence in our election systems after the 2020 debacle, but, "confident that voting systems and other election infrastructure are well-defended"? What in the entire history of electronic voting machines would lead someone to say something like that?

  • I would have thought this to be obvious.
  • I'm in Canada, not the US, but maybe if the problem is security, then invest into improving security. Making a call-out that "Everything except voting / election infrastructure is a dumpster fire waiting to combust", is absolutely nonsense.
  • If it's a real problem people should just learn how to manage a firewall. My Ubiquiti Unifi Secure gateway blacklists the entire world. I whitelist what I deem safe and I limit the hop count to prevent access from crafty script kiddies that took over computers with a chatbot virus. Granted this is not foolproof but it mitigates the possibility of an attack. The most common attack vector is through email. You need to be vigilant. I have Thunderbird configured to view mail headers all the time.
  • She pays out fairly regularly for Intel to fuck her with its dirty corporate cock.

  • I'm 52. Been around way too long to get my panties in a whirl here. Remember how everyone was all wound up over Russian election hacking? Turned out that was a big nothing burger and that's just the latest in a long line. We'll probably find out in a year or two wasn't much to this either. We always have to have boogeymen. Remember those couple years between the fall of the Berlin wall and Desert Storm. I miss that.

As you will see, I told them, in no uncertain terms, to see Figure one. -- Dave "First Strike" Pare

Working...