FBI Chief Warns China Poised To Wreak 'Real-World Harm' on US Infrastructure (cbsnews.com) 104
FBI Director Christopher Wray, in his final interview before stepping down, warned that China poses the greatest long-term threat to U.S. national security, calling it "the defining threat of our generation." China's cyber program has stolen more American personal and corporate data than all other nations combined, Wray told CBS News. He said Chinese government hackers have infiltrated U.S. civilian infrastructure, including water treatment facilities, transportation systems and telecommunications networks, positioning themselves to potentially cause widespread disruption.
"To lie in wait on those networks to be in a position to wreak havoc and can inflict real-world harm at a time and place of their choosing," Wray said. The FBI director, who is leaving his post nearly three years early after President-elect Donald Trump indicated he would make leadership changes, said China has likely accessed communications of some U.S. government personnel. He added that Beijing's pre-positioning on American civilian critical infrastructure has not received sufficient attention.
"To lie in wait on those networks to be in a position to wreak havoc and can inflict real-world harm at a time and place of their choosing," Wray said. The FBI director, who is leaving his post nearly three years early after President-elect Donald Trump indicated he would make leadership changes, said China has likely accessed communications of some U.S. government personnel. He added that Beijing's pre-positioning on American civilian critical infrastructure has not received sufficient attention.
surprised? (Score:4, Insightful)
Re: (Score:2, Insightful)
Re:surprised? (Score:5, Insightful)
Re: (Score:1)
Re: (Score:3)
Re: surprised? (Score:4, Insightful)
The telcos are trying to kill POTS right now. If your plan requires a non Internet phone connection, it's a bad plan, because it will be short lived at best.
A better plan would be to use radio. I wonder if utilities get a break on that from the FCC?
Re: (Score:2)
Re: (Score:3)
What you're advocating is called return to office. Is that a thing?
Re: (Score:2)
Re: (Score:2)
That's a poor excuse. Seriously. That's a really poor excuse.
Agreed.
Have people on staff 24 hours a day to monitor everything in the first place, You can have the monitoring equipment work internally without an external connection and without a computer connected to the internet.
Or have the communications be one-way.
If there's some need for remote monitoring of something like the RPM of a turbine at a power plant then have a web cam pointed at a gauge, computer screen, or whatever. It would be trivial to prove that anyone that got in without proper authorization would at best be able to read the gauges rather than have full access to the computers that control anything.
The need for 24 hour staffing should be considered on a case by case basis. I remember a YouTube video wh
Re: (Score:2)
At some point we need to admit that there's no stopping every attack on infrastructure. If China somehow rolled up to this dam with a self propelled howitzer then that's just game over for that dam.
The whole point of artillery is that you can shoot people or stuff far away from where you are, you don't "roll up to" anything.
Re: (Score:2)
Re: (Score:2)
There are limits to how far artillery can fire, so outside of anything built in to a fortification there is a need for it to be moved into place. You would still have to "roll up to" the target even if that means being several miles away.
Indeed. The maximum range on the M109 Paladin and similar self propelled howitzers is about 20 miles.
To do some real damage the M109 is equipped for direct fire, as in firing to line of sight than lobbing a shell over many miles. This turns an artillery piece into a tank destroyer.
https://www.youtube.com/watch?... [youtube.com]
Of course direct fire from a self propelled howitzer also comes in handy to take out large concrete structures, such as various fortifications or a hydroelectric dam. An armored vehicle built sp
Re: (Score:2)
There are cases where it's tough to avoid.
Say you have a substation 100 miles from your nearest service center. You want to monitor what's happening there, and be able to physically manipulate what it's doing (i.e., throw a breaker). You can:
1) Have some poor schmuck camp out there and do nothing but stare at set of dials, and relay that not-realtime data back to the central office. And, occasionally, throw a switch when
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
"That's laziness and a hazard in the first place."
No, that's "The vote for the town budget failed twice already."
Re: (Score:1)
Air gapping needs to be more common
Re:surprised? (Score:5, Insightful)
The bigger question: why is this stuff even connected to the internet in the first place? The only way to ensure that a device is immune from an internet attack is to not have a connection.
Hyperbolic salespeople selling convenience over security to folks that have zero security knowledge to start with and probably net negative technological knowledge to boot.
Re: (Score:2)
Re: (Score:2)
Even if it has an internet connection, there's no excuse these days. The internet data should always be considered as potentially hostile, and as such any data that doesn't match expectations should be aggressively discarded (wrong port, wrong length, etc., plus no universal password).
Re: (Score:2)
Are we surprised? No. This has been true for close to fifty years now and the process is accelerating./quote
There, fixed that for ya
Re: (Score:2)
Infrastructure attack = WMD (Score:5, Interesting)
Make sure they know we will treat a mass infrastructure attack same as any other WMD attack.
Re:Infrastructure attack = WMD (Score:5, Interesting)
But we won't and we don't. We don't even respond to such attacks.
Re: Infrastructure attack = WMD (Score:1)
Idiot. They'll do the same to you.
Re: (Score:1)
the US doesn't publicize it's cyber responses - it only broadcasts takedowns
Re: (Score:3)
Or maybe just improve your security
We are not going to war with China (Score:1, Insightful)
Maybe about a decade ago the Pakistan government was aware of a major terrorist attack about to happen in India.
Pakistan didn't tell India about it. They let the attack happen. Lots of people died and it wa
Honestly that might be an improvement (Score:1, Flamebait)
Elon Musk without a second thought dropped a quarter of a billion dollars (that we know of) getting Trump elected. The Democrats just cannot compete with that.
I do think that the multi-millionaires are starting to worry that the multi-billionaires aren't in the same class. You could see some of them switching over to team blue because they've seen what happens to their lot over
Re: (Score:3)
The likely bad actors hide who launched the attack And even pretend to be a different one, so you won't actually know who the retaliation should be against.
Re: (Score:2)
So you're saying we should have started a global thermonuclear war several times last year?
Re: (Score:2)
To do what (Score:4, Interesting)
Re:To do what (Score:5, Interesting)
Exactly? Hackers have taken down water treatment plants. The result is a local boil advisory for a few days while they switch to manual operation.
Amateurs.
We've never seen a concerted military attack on our infrastructure.
Re: (Score:2)
How do you know? What you mean is that YOU have never seen it.
Re: (Score:1)
You'd know it when tens of millions of people are without drinking water for weeks because the systems were irreparably damaged. You'd know it when air traffic can't be routed because adversaries bricked the entire national airspace system.
I can go on.
The stuff you've seen has mostly been script kiddies and ransomware operators inflicting what is relatively minor damage. A nation state military strike would be real, painful, obvious, and affect tens or hundreds of millions of people all at once.
Re: (Score:2)
Inconvenient? yes. But not exactly the stuff that would distract a modern rich-world country much in a military situation.
Re: (Score:2, Insightful)
Ukraine has. In the years before Putin launched his invasion, there was an ongoing effort to hack and sabotage all manner of public infrastructure. Wired wrote about [wired.com] it in 2016.
The narrative has largely been supplanted by the ongoing efforts by Russia to just blow up Ukraine's infrastructure the ol' fashioned way, but the cyberattacks are definitely ongoing [google.com].
Re: (Score:2)
Re: (Score:2)
To have a real military-scale effect, it would need to be something that actually goes "boom" or at least lights a bunch of stuff on fire and caus
Re: (Score:2)
Re: (Score:2)
The point of such attacks on infrastructure at least initially would not be cripple production etc. That might come latter if a protracted shooting war actually develops - see Russia and Ukraine, but as far as the US goes it would be make response and containment of an initial attack less effective.
If you were going to deploy some bio-weapon, or strategic arms (ICBM) type attack you lead it by some hours with some infrastructure chaos. So everyone is running around like chickens with their heads off, tryi
Naaa (Score:2, Insightful)
They will just watch it crumble all by itself....
lie in wait? (Score:4, Insightful)
""To lie in wait on those networks to be in a position to wreak havoc and can inflict real-world harm at a time and place of their choosing,"
Just like the US does, and every nation does. That's what national defense involves. The US "lies in wait" to "wreak havoc" and "inflict real-world harm" too, that's what weapons are for.
Don't forget that this guy is a Trump appointee and collaborator, and he's also a coward. I would fully expect China to have plans to attack the US, just as the US has to attack China. It's not news.
Re: (Score:2)
https://www.reuters.com/techno... [reuters.com]
Re: (Score:2)
Re: (Score:2, Troll)
Ah yes, whataboutism, the hammer for the nail of every wumao.
Where are all the "But China good!" posts? No crime, no pollution, nothing but benevolence everywhere - according to the CCP politburo.
Re: (Score:2)
Ah yes, whataboutism, the hammer for the nail of every wumao.
Where are all the "But China good!" posts? No crime, no pollution, nothing but benevolence everywhere - according to the CCP politburo.
Gotta ask - what is a wumau?
Re: (Score:3)
Re: (Score:2)
CCP-funded internet troll. It's part of the CCP's 50 Cent Party [wikipedia.org]
Thanks - I learn something new every day!
Re: (Score:2)
In this case, "lie in wait" means "maintain a set of trojans on networks that control critical infrastructure, so we can take said infrastructure down when we want."
In essence, the attack has already happened and they already have bases in our territory. Their trojans are on our networks NOW. They are just hard to detect because they have not been ordered to cause harm yet. That's news because it means we are, right now, extremely vulnerable to devastating attacks.
And, there is something we can do about
Then WHY.... (Score:1)
Re: (Score:2)
Re: (Score:2)
Won't fix it. They will hop on a plane and use the internet in their hotel.
Re: (Score:2)
Hi, welcome to the discussion. It is not hard to send a phishing email or control a botnet from hotel internet, which is what we are talking about.
What TF? (Score:1)
STFU noob (Score:5, Interesting)
If all these intrusions are known why weren't they prevented/currently being mitigated? How does this guy still have his job?
First, that guy doesn't still have his job. He's on his way out the door.
Second, the FBI are police. That's it. They can't force utilities to secure their systems. In fact there is no government agency whose job it is to go around and do that. There's just the NSA, whose ostensible mission is to secure government communications but apparently spends most of their time spying on citizens, and NIST, which creates recommendations which nobody listens to even when they are supposed to because they are handling federal data.
This is indeed part of the FBI's job (Score:3)
https://www.fbi.gov/investigat... [fbi.gov]
The FBI is the lead federal agency for investigating cyber attacks and intrusions. We collect and share intelligence and engage with victims while working to unmask those committing malicious cyber activities, wherever they are.
This is part of what they are supposed to be doing now, as well as counter-terrorism, instead of pursuing white collar fraud. So this press release is essentially telling us the FBI has failed at that job and that it is
Re: This is indeed part of the FBI's job (Score:2)
Engage with victims does not mean forcing them to do things, HTH HAND
Re: (Score:2)
They can't force utilities to secure their systems. In fact there is no government agency whose job it is to go around and do that.
While the FBI isn't equipped to enforce security on infrastructure there are federal government agencies that can at least lean hard on private corporations and state governments to ensure safety of electricity, water, fuel, roads, bridges, dams, etc.
I can give some examples on this. The Department of Energy can set standards on security for any utility or power plant that is connected to an interstate electrical grid. Locks, dams, reservoirs, and other water works would be regulated by the Department of
Re: (Score:2)
If we can't enforce internet security by normal means, maybe we should have the NSA do ransomware attacks on all those cheap assholes (think of it as a fine for bad security).
Re: STFU noob (Score:2)
Honestly I'm here for that. For public corporations you could also have the SEC team them for not reporting risks like their incompetent security. But for a municipal utility I'm not sure what you could really do besides what you said. Sue them? That's just going to cost everyone money... I like your idea.
Re: (Score:2)
US companies were happy to invest in China. Apple, Boeing, Caterpillar, Ford and General Motors. That's why Detroit has become a wasteland.
Sure, Buddy. (Score:1)
Give it two weeks and his name will be mud.
The number of ops against innocent Citizens he's responsible for is a horrent.
One of their prostitutes is making the podcast rounds claiming that Al Qu'e'da, now ruling Syria with CIA's help, will unleash terror attacks simultaneous around the country. And if you question Building Seven you're one of them.
Guess what THEY plan to do in eight days...
greatest threat (Score:2, Informative)
"FBI Director Christopher Wray, in his final interview before stepping down, warned that China poses the greatest long-term threat to U.S. national security, calling it "the defining threat of our generation.""
Wait, wasn't it domestic right wing terrorists just a little while ago? Oh, but then it was Hitler assuming power and ending Democracy. It's really hard for me to keep up.
you fucking worthless traitors (Score:2)
https://www.cnn.com/2021/01/08... [cnn.com]
The upside (Score:2)
And the CEO just called, he says you better continue his children's access, or the whole department will be shut down. Gadammed Computer weirdos anyhow! 8^)
It will be used in 2 years when they invade Taiwan (Score:2, Informative)
2027 is the expected invasion of Taiwan.
https://pjmedia.com/vodkapundi... [pjmedia.com]
"Communist China's People's Liberation Army (PLA) celebrates its centenary in 2027, the same year the CCP has indicated it will be ready to take Taiwan by force — and new satellite photos show that it could be prepared to cross the straits in force before then.
Before you accuse me of being a crazy person for somehow just knowing that Beijing — Xi Jinping, to be more exact — wants war in 2027, it isn't me. Two months a
AI (Score:2)
Major attacks always have to build (Score:2)
For any kind of major attack to be successful, the attackers would have to do significant real-world testing. You can't just figure out how to take down an electric power station, and replicate it across the entire grid. Each uses differing technologies and would require different strategies and different software. In the process of testing the effectiveness of the digital weapon, they would have to perform smaller-scale tests. These would be noticed, and result in countermeasures.
So I don't buy that attack
Stole? (Score:2)
Who cares (Score:2)
If the threat were truly as bad as they claim, they would be taking steps to mitigate the exposure of said i
nfrastructure ( via regulations and rules ) to prevent the attacks in the first place.
If they are not doing so, then this is simply more boogyman propaganda.
Similar to them boasting about the hundreds of terrorist attacks they thwarted last year but can't give specifics :| ( aka: more propaganda )
on any of them because it's all classified
Re: (Score:2, Troll)
Tell me why I should care. Russian and Chinese are perfectly useable languages.
Re: Trump will practically hand it to them (Score:2, Flamebait)
Chinese is famously hardest to learn of the actually used languages. Many people can not get it at all, they are tone deaf. It's going to have to be machine translation, which is a surveillance state's wet dream.
Re: (Score:2)
Re: (Score:2)
I literally often cannot hear the difference between one word and another in Mandarin. It also has an antiquated alphabet which is simply inefficient. This is not to say English is all that great, it has a lot of weird problems, but at least it's possible for most people to learn.