Chinese government hackers are busily targeting water treatment plants, the electrical grid, transport systems and other critical infrastructure inside the United States, FBI Director Chris Wray told House lawmakers on Wednesday in a fresh warning from Washington about Beijing’s global ambitions.
Underscoring the threat, the US Justice Department and Federal Bureau of Investigation announced just before the hearing that they had disrupted a botnet of hundreds of US-based small office and home routers owned by private citizens and companies and hijacked by the Chinese state hackers to cover their tracks and hide their origin as they sowed the malware.
Speaking before the House Select Committee on the Chinese Communist Party, Wray said there’s been “far too little public focus” on a cyber threat that affects “every American.”
“China’s hackers are positioning on American infrastructure in preparation to wreak havoc and cause real-world harm to American citizens and communities, if or when China decides the time has come to strike,” Wray he said.
Jen Easterly, the director of the Department of Homeland Security’s cybersecurity arm, voiced a similar sentiment at the hearing.
“This is a world where a major crisis halfway across the planet could well endanger the lives of Americans here at home through the disruption of our pipelines, the severing of our telecommunications, the pollution of our water facilities, the crippling of our transportation modes – all to ensure that they can incite societal panic and chaos and to deter our ability” to respond, she said.
The comments align with assessments from outside cybersecurity firms including Microsoft, which said in May that state-backed Chinese hackers had been targeting US critical infrastructure and could be laying the technical groundwork for the potential disruption of critical communications between the US and Asia during future crises.
That operation, attributed to a group of hackers known as Volt Typhoon, has now been disrupted after FBI and Justice Department officials obtained search-and-seizure orders in a Texas federal court. The hackers infiltrated targets through multiple avenues, including cloud and internet providers, disguising themselves as normal traffic.
Chinese hackers spying on US critical infrastructure, Western agencies say
Chinese hackers spying on US critical infrastructure, Western agencies say
The US has in the past few years become more aggressive in trying to disrupt and dismantle both criminal and state-backed cyber operations. But state-backed hackers, especially Chinese and Russian, are good at adapting and finding new intrusion methods and avenues.
“Today, and literally every day, they’re actively attacking our economic security, engaging in wholesale theft of our innovation, and our personal and corporate data,” Wray said of China.
US officials have long been concerned about such hackers hiding in US-based infrastructure, and the end-of-life Cisco and NetGear routers exploited by Volt Typhoon were easy prey because they were no longer supported by their manufacturers with security updates.
Because of the urgency, law enforcement officials said, US cyber operators deleted the malware in those routers without notifying their owners directly – and added code to prevent reinfection.
02:04
‘Stop stealing’: China condemns US over Trojan horse cyberattacks on state-funded university
‘Stop stealing’: China condemns US over Trojan horse cyberattacks on state-funded university
A Justice Department official who briefed reporters on condition of anonymity under ground rules set by the government said officials were determined to disrupt the Volt Typhoon operation as soon as possible because the hackers were using the botnet as a stepping stone to hide in US internet traffic while burrowing into the networks of critical infrastructure, ready to maliciously exploit that access at a time of their choosing.
China has called the US government’s allegations baseless. Beijing has accused the US of “almost daily” and “huge amounts of intrusions against Chinese government, with Wang Wenbin, a spokesman for the Chinese foreign ministry, saying last year that “China is the biggest victim of cyberattacks”.
But General Paul Nakasone, the outgoing commander of US Cyber Command, said “responsible cyber actors” do not target civilian infrastructure.
“There’s no reason for them to be in our water,” Nakasone said. “There’s no reason for them to be in our power.”