F.B.I. Director Warns of China Hacking Threat
Christopher A. Wray, director of the Federal Bureau of Investigation, warned on Wednesday that China was ramping up an extensive hacking operation geared at taking down the United States’ power grid, oil pipelines and water systems in the event of a conflict over Taiwan.
Mr. Wray, appearing before a House subcommittee on China, offered an alarming assessment of the Chinese Communist Party’s efforts. Its intent is to sow confusion, sap the United States’ will to fight and hamper the American military from deploying resources if the dispute over Taiwan, a major flashpoint between the two superpowers, escalates into a war, he added.
Before his testimony, F.B.I. and Justice Department officials revealed that last month, they had obtained a court order that authorized them to gain access to servers infiltrated by Volt Typhoon, a Beijing-directed hacking network that has targeted a range of critical infrastructure systems, often by infiltrating small businesses, contractors or local government networks.
“China’s hackers are positioning on American infrastructure in preparation to wreak havoc and cause real-world harm to American citizens and communities, if or when China decides the time has come to strike,” said Mr. Wray, who pressed the committee to increase funding for the bureau.
“Low blows against civilians are part of China’s plan,” he added.
Hackers for Volt Typhoon compromised hundreds of Cisco and NetGear routers, many of them outdated models no longer supported by manufacturer updates or security patches, in an effort to embed an army of sleeper cells that would be activated in a crisis.
In May, U.S. officials warned business, local governments and foreign allies that the group was taking aim at “networks across U.S. critical infrastructure sectors” and was likely to apply the same techniques against other countries.
The operation was stopped before it affected the “legitimate functions” of infrastructure agencies and the Chinese do not seem to have collected “content information” from the routers.
The government is informing owners of the equipment, officials said.
Mr. Wray said a major hurdle in countering Chinese hacking operations was the reluctance of small business owners and local governments to inform the F.B.I. of suspicious activity on their networks, which could “prevent the attack from metastasizing to other sectors and other businesses.”
Also on Wednesday, the department unsealed an indictment against four Chinese citizens. They are accused of operating a yearslong conspiracy to smuggle electronic components from the United States to Iran, in violation of longstanding sanctions and restrictions on the export of military technology to the Islamic Republic.
The suspects, who all live in China, are charged with using front companies to funnel components that could be used to build drones and ballistic missile systems to Iran from 2007 to at least 2020, according to the indictment in Federal District Court in Washington.
As a result, a “vast amount” of U.S. technology was diverted to Iran, prosecutors said. They did not specify the potential harm to national security.
In recent months, the F.B.I. and Justice Department have intensified their warnings about malicious activity by China, Iran and Russia inside the United States. Those include murder-for-hire plots against dissidents, efforts to infiltrate U.S. law enforcement agencies, election interference, intellectual property theft and online breaches like those Mr. Wray and cybersecurity officials identified at the hearing on Wednesday.
Mr. Wray has for years emphasized the threat from China, describing it as existential.
“It’s a threat to our economic security — and by extension, to our national security,” Mr. Wray said in 2020.
China has often taken aim at the weakest links in the country’s business and government networks, particularly outdated home-office routers that allow them to hack into more sophisticated computer systems, officials said.
The goal is to “induce societal panic” to discourage the United States from supporting Taiwan or more aggressively confronting Beijing on other geopolitical and economic issues, said Jen Easterly, the director of the federal Cybersecurity and Infrastructure Security Agency.
Ms. Easterly suggested that officials in Beijing might have been motivated to focus on civilian infrastructure after the 2021 ransomware attack on Colonial Pipeline by a Russian hacking collective.
“Imagine that on a massive scale — imagine not one pipeline, but many pipelines disrupted,” she said. “Telecommunications going down so people can’t use their cellphone. People start getting sick from polluted water. Trains get derailed.”
Beijing has long denied targeting U.S. civilian infrastructure, and senior Chinese officials recently told the national security adviser, Jake Sullivan, that they would not influence the outcome of the 2024 election by infiltrating networks.
American hackers target China’s military and government servers, but have historically avoided the kind of infrastructure attacks directed by Beijing, said Gen. Paul M. Nakasone, the departing commander of United States Cyber Command.
“Responsible cyberactors of democracies like our own do not target the civilian infrastructure,” he said. “There’s no reason for them to be in our water. There’s no reason for them to be in our power. This is a decision by an actor to actually focus on civilian targets. That’s not what we do.”