|Threats to U.S. National Securit |
Threats to U.S. National Security
Statement for the record: Louis J. Freeh, Director, Federal Bureau of Investigation, Before the Senate Select Committee on Intelligence, Washington, D. C., January 28, 1998.
Good Morning Mr. Chairman, Vice Chairman Kerrey and Members of the Committee. I welcome this opportunity to be part of this distinguished panel to discuss threats to U.S. national security.
The overriding concern now facing law enforcement is how rapidly the threats from terrorists and criminals are changing, particularly in terms of technology, and the resulting challenge to law enforcement’s ability to keep pace with those who wish to do harm to our nation and our nation’s citizens. This is why the encryption issue is one of the most important issues confronting law enforcement and potentially has catastrophic implications for our ability to combat every threat to national security that I am about to address in my statement here today. Law enforcement remains in unanimous agreement that the widespread use of robust non-recovery encryption ultimately will devastate our ability to fight crime and terrorism. Uncrackable encryption is now and will continue, with ever increasing regularity, allow drug lords, terrorists and even violent gangs to communicate about their criminal intentions with impunity and to maintain electronically stored evidence of their crimes impervious to lawful search and seizure. Other than some type of key-recoverable system, there is currently no viable technical solution to this problem for law enforcement.
This is not a problem that will begin sometime in the future with theoretical implications. In many important investigations effective law enforcement is being frustrated by criminals and terrorists using non-recoverable encryption. For example:
- Convicted spy Aldrich Ames was told by his Soviet handlers to encrypt computer file information that was to be passed to them.
- Ramzi Yousef and other international terrorists were plotting to blow up 11 U.S.-owned commercial airliners in the far east. Yousef's laptop computer, which was seized in Manila, contained encrypted files concerning this terrorist plot.
- A major international drug trafficking subject recently used a telephone encryption device to frustrate court-approved electronic surveillance.
Requests for cryptographic support pertaining to electronic surveillance interceptions from FBI field offices and other law enforcement agencies have steadily risen over the past several years. From 1995 to 1996, there was a two-fold increase (from 5 to 12) in the number of instances where the FBI's court-authorized electronic efforts were frustrated by the criminal’s use of encryption that did not allow for law enforcement access.
Over the last two years, the FBI has also seen the number of computer-related cases utilizing encryption and/or password protection increase from two (2) percent to seven (7) percent, to include the use of 56 bit Data Encryption Standard (DES) and 128 bit "Pretty Good Privacy" (PGP) encryption.
It is for this reason that the law enforcement community is urgently calling for our Nation's policy makers to adopt a balanced public policy on encryption. In our view, any legislative approach to the encryption issue that does not achieve such a balanced approach seriously jeopardizes the utility of some of our most important and effective investigative techniques upon which law enforcement must depend to ensure public safety and to maintain national security.
Several bills have been introduced in this Congress that address certain aspects of the encryption issue. Unfortunately, most of these legislative proposals would largely remove existing export controls on encryption products, and would promote the widespread availability and use of uncrackable encryption products regardless of the impact on public safety and national security.
It is important to note that S.909, the "Secure Public Networks Act," introduced by Senators Kerrey, McCain, and Hollings, comes close to addressing law enforcement's public safety needs in the area of encryption. However, law enforcement believes that the bill does not contain sufficient legislative assurances to adequately address law enforcement's public safety needs regarding the use and availability of encryption products and service within the United States.
Conversely, the substitute bill adopted by the House Permanent Select Committee on Intelligence (HPSCI) on September 11, 1997 during their mark-up of H.R. 695 does effectively address all of law enforcement's public safety and national security concerns regarding encryption products and services manufactured for use in the United States or imported into the United States. The HPSCI substitute bill would require all such encryption products and services to contain features that would allow for the immediate access by law enforcement to the "plain text" of encrypted criminal-related communications or electronically stored data pursuant to a court order.
We are now at an historic crossroad on this issue. If public policy makers act wisely, the safety of all Americans will be enhanced for decades to come. But if narrow interests prevail, law enforcement will be unable to provide the level of protection that people in a democracy properly expect and deserve. I do not believe it is too late to deal effectively with this issue and would encourage the Committee to look closely at the action taken by the HPSCI in their efforts to adopt a balanced encryption policy.
The counterintelligence mission of the FBI is to identify, penetrate and neutralize foreign intelligence and terrorist activities directed against the United States. This mission includes the investigation of espionage. At the outset, I want to emphasize that the "fall of communism" has not reduced the level or amount of espionage and other serious intelligence activity conducted against the United States.
In many cases, the targets have not changed at all: there is still a deadly serious foreign interest in "traditional" intelligence activities such as penetrating the U.S. intelligence community, collecting classified information on U.S. military defense systems, and purloining the latest advances in our country’s science and technology sector.
In addition to these traditional intelligence operations, there have been at least three changes in foreign intelligence activity that have required the FBI to modify its counterintelligence programs.
The first change is intelligence activity by non-intelligence personnel. Today, national security issues go beyond the passage of classified military information. There have been many cases which show that individuals outside the intelligence service apparatus, but who are no less foreign sponsored, engage in clandestine activity that is inimical to the security and economic well-being of the United States.
A second area of change has been the intelligence environment, which includes the growing importance of maintaining the integrity of our country’s information infrastructure. Our growing dependence on computer networks and telecommunications has made the U.S. increasingly vulnerable to possible cyber attacks against such targets as military war rooms, power plants, telephone networks, air traffic control centers and banks.
Third, many traditional and non-traditional adversaries today are technologically sophisticated and have modified their intelligence methodologies to use advanced technologies to commit espionage. In telecommunications, even some smaller intelligence adversaries now use equipment the FBI is unable to monitor.
To address these changes in intelligence activity, intelligence environment, and intelligence methodology, the FBI uses a general investigative strategy we refer to as the national security threat list or NSTL. It is a concept adopted in 1992 to prioritize issues and countries at which to direct our efforts. Our counterintelligence investigative techniques include the recruitment of human assets, double agents, undercover operations, various surveillance techniques, and analysis. NSTL has given the FBI additional flexibility to approach non-traditional intelligence problems from new perspectives.
In addition, the FBI also has created the Computer Investigations and Infrastructure Threat Assessment Center (CITAC), which draws on the technical expertise of a number of other U.S. agencies in order to bring more analytical power to bear on defending our ability to peacefully and securely enjoy important recent advances in our country’s information technology sphere.
Regarding the problem of monitoring advanced communications techniques used by some of our country’s intelligence adversaries, I have already stressed that, the FBI supports pending legislative proposals to allow law enforcement access to encryption-recovery information.
Let me summarize this general overview by stating that the simple truth is that there has been no "peace dividend" in the form of a reduced need for FBI counterintelligence operations.
On the contrary, foreign intelligence activities against the United States have grown in diversity and complexity in the past few years.
Press reports of recent espionage cases involving Russia, South Korea, and China are just the tip of a large and dangerous intelligence iceberg. In addition to these and other covert intelligence operations run by intelligence officers using standard intelligence methodologies, however, the FBI these days is just as likely to encounter covert activity on the part of non-intelligence people such as visiting scientists or foreign businessmen.
Although I believe the FBI is well positioned for the counterintelligence challenges before us, what some pundits have called the "end of history" is definitely not the end of dangerous intelligence attacks against the United States. Through our continuing efforts to develop effective intelligence and through dedicated, hard work, the FBI continues to strive to identify, penetrate and neutralize foreign intelligence and terrorist activity directed against the United States. We cannot accomplish this alone. Only with the continued cooperation of other U.S. government agencies, the Congress, state and local authorities, and the American public, can the FBI accomplish its mission.
The threat of international terrorism directed at Americans and U.S. national interests is following the general pattern we have identified in terrorist activity worldwide. Although the number of attacks directed at American interests remains comparatively low, the trend toward more large-scale incidents designed for maximum destruction, terror, and media impact actually places more Americans at risk. As you are aware, and as recent tragedies demonstrate, this threat confronts Americans both at home and abroad. America’s democratic tradition and global presence make Americans a fast, and often all-too-easy, target for opportunists who are willing to kill innocent victims to further their extremist causes.
The international terrorist threat can be divided into three general categories. Each poses a serious and distinct threat, and each has a presence in the United States.
The first category, state-sponsored terrorism, violates every convention of international law. State sponsors of terrorism include Iran, Iraq, Syria, Sudan, Libya, Cuba, and North Korea. Put simply, these nations view terrorism as a tool of foreign policy. In recent years, the terrorist activities of Cuba and North Korea have declined as their economies have deteriorated. However, the activities of the other states I mentioned continue and, in some cases, have intensified during the past several years.
The second category of international terrorist threat is made up of formalized terrorist organizations. These autonomous, generally transnational organizations have their own infrastructures, personnel, financial arrangements, and training facilities. They are able to plan and mount terrorist campaigns on an international basis, and actively support terrorist activities in the United States.
Extremist groups such as Lebanese Hizbollah, the Egyptian Al-Gamat Al-Islamiya, and the Palestinian Hamas have placed followers inside the United States who could be used to support an act of terrorism here.
The third category of international terrorist threat stems from loosely affiliated extremists--characterized by the World Trade Center bombers and rogue terrorists such as Ramzi Ahmed Yousef. These loosely affiliated extremists may pose the most urgent threat to the United States at this time because their membership is relatively unknown to law enforcement, and because they can exploit the mobility that emerging technology and a loose organizational structure offer.
The FBI believes that the threat posed by international terrorists in each of these three categories will continue for the foreseeable future.
In response to these threats, the United States has developed a strong response to international terrorism. Legislation and executive orders enacted during the past 15 years to expand the FBI’s role in investigating international terrorism directed at American interests has strengthened the ability of the U.S. Government to protect its citizens.
As you are aware, recent congressional appropriations have helped strengthen and expand the FBI’s counterterrorism capabilities. To enhance its mission the FBI centralized many specialized operational and analytical functions in the Counterterrorism Center.
Established in 1996, the Counterterrorism Center combats terrorism on three fronts: International terrorism operations both within the United States and in support of extraterritorial investigations, domestic terrorism operations, and counterterrorism relating to both international and domestic terrorism.
Within the Center, the FBI has deployed over 50 new intelligence analysts since 1996. These highly skilled analysts work in every facet of the Bureau’s National Security Program from counterterrorism to industrial security. This enhanced analytical ability helps to increase the efficiency of the Bureau’s overall investigative efforts in these areas.
The Domestic Counterterrorism Center also represents a new direction in the FBI’s response to terrorism. Eighteen federal agencies maintain a regular presence in the Center and participate in its daily operations. These agencies include the CIA, the Defense Intelligence Agency, and the United States Secret Service, among others. This multi-agency arrangement provides an unprecedented opportunity for information-sharing and real-time intelligence analysis among the various components of the American intelligence community.
But the threat of international terrorism demands continued vigilance. Today’s terrorists have learned from the successes and mistakes of terrorists who have gone before them. The terrorists of tomorrow will have an even more dangerous arsenal of weapons and technologies available to further their destructive ambitions. Compounding the enhanced capabilities of contemporary terrorists is another disturbing aspect of modern terrorism. As recent events have shown, this "web of terrorism" perpetuates violence upon violence and poses a particular challenge to nations that take a strong stand against terrorism.
The November 1997 attack on foreign tourists in Luxor, Egypt, was apparently carried out in an attempt to pressure the United States into releasing Sheik Omar Abdel Rahman. Sheik Rahman is serving a life sentence in a federal prison for his part in the plot to assassinate the President of Egypt and bomb several sites in New York City in 1994.
Since his imprisonment in 1995, followers of Sheik Rahman have issued several threats warning of violence in retaliation for his continued imprisonment.
Likewise, a series of letter bombs addressed to the Washington, DC, and New York offices of the Al-Hayat newspaper and the parole officer at the federal penitentiary in Leavenworth, Kansas, in December 1996 appear to be part of an effort to force the U.S. Government to release imprisoned fundamentalist terrorists. All of the bombs were rendered safe by law enforcement. Each of the 12 letter bombs bore an Alexandria, Egypt, postmark.
Circumstances surrounding the November 12, 1997, ambush of four American businessmen in Karachi, Pakistan, suggest a link to the conviction of Mir Aimal Kasi in a Virginia court for his 1995 attack on CIA workers outside the agency’s headquarters. Although no clear motive has been established for the killings in Karachi, the attackers tracked the activities of the victims for several days and launched the attack within 36 hours of the verdict. Earlier, Kasi had predicted that "his people" would retaliate for his prosecution.
In the 15 years since President Reagan designated the FBI as the lead agency for countering terrorism in the United States, Congress and the executive branch have taken important steps to enhance the federal government’s counterterrorism capabilities. The FBI’s counterterrorism responsibilities were further expanded in 1984 and 1986, when Congress passed laws permitting the Bureau to exercise federal jurisdiction overseas when a U.S. national is murdered, assaulted, or taken hostage by terrorists, or when certain U.S. interests are attacked. Since the mid 1980s, the FBI has investigated more than 350 extraterritorial cases.
More recently, the Antiterrorism and Intelligence Authorization Acts and the Antiterrorism and Effective Death Penalty Act of 1996 (AEDPA) have broadened the FBI’s ability to combat international terrorism. Enactment of the AEDPA will enhance the ability of the U.S. Government to respond to terrorist threats. Section 302 of the Act authorizes the Secretary of State, in conjunction with the Attorney General and Secretary of the Treasury, to designate as foreign terrorist organizations (FTOs) groups that meet certain specific criteria. This designation means that funds raised in the U.S. by an FTO can be confiscated by the federal government. In time, the Act could prove an invaluable tool to disrupt the fundraising capabilities of international terrorist organizations.
During the past 3 years, the United States has sent a clear signal to terrorists and potential terrorists: We will not tolerate attacks against Americans and will make every effort to apprehend those who perpetuate such acts. Thanks in large part to the expanded resources Congress has committed to the fight against terrorism, we have been successful in bringing to justice some of the most egregious terrorist plotters of the recent past: Ramzi Ahmed Yousef, mastermind of the 1993 World Trade Center bombing, was extradited by Pakistan and made to stand trial in the United States for his crime. In November 1997, he was found guilty of his crime and on January 8 of this year was sentenced to 240 years in federal prison.
On November 10, 1997, Mir Aimal Kasi was found guilty of capital murder in a Fairfax, VA, courtroom. His conviction culminated an intense 5 year investigation that began the day in 1993 when he opened fire outside CIA headquarters in Langley, VA, killing two CIA employees and wounding several others. In June 1997, FBI agents had located Kasi in Pakistan and "rendered" him to the United States to stand trial. Because he had previously been convicted in absentia in an American court for the attack, the FBI had the authority to apprehend Kasi in Pakistan and return him to the United States to stand trial in person.
In 1995, Sheik Omar Rahman was sentenced to life in prison for his part in a conspiracy to bomb the Holland and Lincoln tunnels and several major landmarks throughout New York.
As satisfying as these and other recent convictions are, the battle against international terrorism leaves little time to relish past successes. The FBI and Saudi Arabian investigators continue to investigate the attack on the Al-Khobar housing complex in Dhahran, which left 19 Americans dead and wounded 500. Within hours of the truck bombing on June 25, 1996, the FBI dedicated vast resources to the investigation. In the immediate aftermath of the explosion, we sent 125 personnel to Dhahran, including a Special Agent in Charge, who directed the crisis response and investigative effort. During the first months of the investigation, personnel in Dhahran were supported by the FBI’s Legal Attache office in Rome. However, in 1997 the FBI opened a Legal Attache office (or Legat) in Riyadh, Saudi Arabia, which now coordinates the joint investigation with Saudi investigators
Terrorism is perpetrated by individuals with a strong commitment to the causes in which they believe. An action in one location can bring about a reaction somewhere else. The web-like nature of terrorism underscores the need for vigilance in counteracting terrorist groups. Unfortunately, American successes can spur reprisals. As the United States develops a stronger investigative and prosecutorial response to international terrorism, we may witness more attempts at reprisal both at home and abroad.
Also, reliance on computers and other amazing technologies has inadvertently created vulnerabilities that can be exploited from anywhere in the world. Modern transportation and modern technology give terrorists abilities unheard of only a few years ago.
Domestic terrorism investigations are among the highest priorities of the FBI’s National Security Division.
Domestic terrorist groups are those which are based and which operate entirely within the United States, or its territories, and whose activities are directed at elements of the U.S. Government or its civilian population. The threat posed by domestic terrorist groups has remained significant over the past several years. Domestic terrorist groups represent interests spanning the full political spectrum, as well as social issues and concerns. However, FBI investigations of domestic terrorist groups are not predicated upon social or political beliefs; rather, they are based upon planned or actual criminal activity.
The current domestic terrorist threat primarily comes from right-wing extremist groups, including radical paramilitary (militia) groups, Puerto Rican terrorist groups, and special interest groups.
Right-Wing Extremist Groups
A basic philosophical tenet of many right-wing extremist groups is a belief in the superiority of the white race and that blacks, Jews, and other ethnic minorities are inferior racially, mentally, physically, and spiritually. Much of their philosophy flows from racist, anti-Semitic religious beliefs such as "Christian Identity." Christian Identity teaches that white Aryans are God’s chosen race and that Jews are the offspring of Satan. Aryans who cooperate with Jews and darker races are considered "race-traitors."
Many right-wing extremist groups also espouse anti-government sentiments. In an attempt to live apart from "inferior people," some right-wing groups advocate creating a separate nation from the five states comprising the northwest region of the United States--Washington, Oregon, Idaho, Montana, and Wyoming.
Examples of right-wing extremist groups operating in the United States are the Aryan Nations, True Knights of the Ku Klux Klan, and the Republic of Texas. You may recall that in April 1997, three members of the True Knights of the Ku Klux Klan were arrested and have been found guilty in Texas for planning to blow up a natural gas storage facility as a diversionary tactic prior to robbing an armored carrier. This was the FBI’s "Sour Gas" investigation.
As another example, you may be familiar with the FBI’s "Rapid Lightning" investigation. This investigation involved a series of criminal acts committed by individuals associated with a domestic terrorist organization known as the Phineas Priesthood. The subjects of the investigation were responsible for at least two bombing/bank robbery incidents in Spokane, Washington, in April and July 1996. Three subjects were arrested in October 1996, and a fourth in 1997. Since then, all four have been convicted of all eight felony counts for which they were charged and have received lengthy
Militia groups are often multi-racial, but they are predominately white. Their members often view themselves as "sovereign citizens" who are exempt from the laws and regulations of the U.S. Government. Many militia members subscribe to the theory that the federal government is in a conspiracy with the United Nations that would result in the creation of a one-nation world government, or "New World Order." This one-world government would use foreign troops in the United States to seize all privately owned weapons and imprison and execute patriotic militia members.
Many militia groups advocate stockpiling weapons and explosives and conducting paramilitary training as part of their preparation for what they believe will be an inevitable armed conflict with the government and the impending U. N. invasion. Some militia groups openly advocate the overthrow of the federal government.
Since 1992, the United States has seen a growth of militia groups. While the majority of militia members are law abiding citizens, there is a small percentage of members within militia groups who advocate and conspire to commit violent criminal acts. Of particular concern to the FBI is the potential for militias to be infiltrated by extremists who seek to exploit militias and their members in order to further their own violent terrorist agendas.
Militia members who engage in criminal acts commit a wide variety of criminal activity, such as bombings, bank robberies, and destruction of government property. They also file spurious lawsuits and liens designed to harass law enforcement, elected officials, and others, as well as to disrupt the courts. Militia members have engaged in fraudulent financial schemes to raise funds.
As an example, I’d like to mention the FBI’s investigation of the Mountaineer Militia. This investigation was initiated in August 1995. The group had obtained the plans to the FBI Criminal Justice Information Services facility in Clarksburg, West Virginia, and they intended to destroy the facility as part of their war on the U.S. Government. The FBI began an undercover investigation and arrested seven key members of the group in October 1996. All seven have since been convicted and sentenced to lengthy jail sentences.
Puerto Rican Terrorist Groups
Although the last terrorist incident involving Puerto Rican terrorist groups was a bombing in Chicago in December 1992, these groups continue to be of concern. Between 1982 and 1994, approximately 44 percent of the terrorist incident committed in the United States and its territories are attributed to Puerto Rican terrorist groups. Efforts are continuing to locate fugitives still at large from these incidents.
Puerto Rican terrorist groups believe the liberation of Puerto Rico from the United States justifies the use of violence to obtain that objective. These groups characterize their terrorism activities as "acts of war" against invading forces and, when arrested, they consider themselves to be "prisoners of war" who must be treated as such according to the Geneva Convention. Clandestine behavior and security are of utmost importance in these group’s activities.
The EPB-Macheteros has been the most active and violent of the Puerto Rican-based terrorist groups since it emerged in 1978. The FALN (Armed Forces for Puerto Rican National Liberation) is a clandestine terrorist group-based in Chicago which emerged in the 1970s. The MLN (Movement of National Liberation) is the "above ground" support group and political arm of the FALN. The MLN is the major fundraiser for the FALN.
Special Interest Terrorist Groups
Special interest terrorist groups engage in criminal activity to bring about specific, narrowly-focused social or political changes. They differ from more traditional domestic terrorist groups which seek more wide-ranging political changes. It is their willingness to commit criminal acts that separate special interest terrorist groups from other law-abiding groups that often support the same popular issues. By committing criminal acts, these terrorists believe they can force various segments of society to change attitudes about issues considered important to them.
The existence of these types of groups often does not come to law enforcement attention until after an act is committed and the individual or group leaves a claim of responsibility. Membership in a group may be limited to a very small number of co-conspirators or associates. Consequently, acts committed by special interest terrorists present unique challenges to the FBI and other law enforcement agencies.
An example of special interest terrorist activity is the February 2, 1992, arson of the mink research facility at Michigan State University. Rodney Coronado, an animal rights activist, pled guilty to arson charges on July 3, 1995. Other acts of violence against animal enterprises have occurred recently and are under investigation.
Weapons of Mass Destruction
The FBI views the proliferation of weapons of mass destruction (WMD) as serious and growing threat to our national security. Pursuant to our terrorism mandate and statutory requirements, we are developing within the inter-agency setting broad-based, pro-active programs in support of our mission to detect, deter, or prevent the threat of nuclear, chemical and biological weapons, their delivery systems, and WMD proliferation activities occurring in or directed at the United States.
Our programs cover the broad spectrum of Foreign Counterintelligence (FCI), criminal and counterterrorism investigations, focusing on persons or organizations involved in WMD proliferation activities.
During 1997, the FBI initiated over 100 criminal cases pertaining to nuclear, biological and chemical threats, incidents, or investigations (excluding Proliferation cases) . Many of these threats were determined to be non-credible; however, this represents a three fold increase over 1996. Credible cases have resulted in arrests and prosecutions by the FBI, and state and local authorities. In support of this growing problem, legislative changes by Congress over the past three years have strengthened the FBI’s powers to investigate and bring to prosecution those individuals involved in WMD proliferation.
The FBI has also investigated and responded to a number of threats which involved biological agents and are attributed to various types of groups or individuals. For example, there have been apocalyptic-type threats which actually advocate destruction of the world through the use of WMD. We have also been made aware of interest in biological agents by individuals espousing white-supremacist beliefs to achieve social change; individuals engaging in criminal activity, frequently arising from jealousy or interpersonal conflict; individuals and small anti-tax groups, and some cult interest. In most cases, threats have been limited in scope and have targeted individuals rather than groups, facilities, or critical infrastructure. Threats have surfaced which advocate dissemination of a chemical agent through air ventilation systems. Most have made little mention of the type of device or delivery system to be employed, and for this reason have been deemed technically not feasible. Some threats have been validated. As an example, during 1997, a group with white supremacist views pled guilty to planning to explode tanks containing the deadly industrial chemical hydrogen sulfide as a diversionary act to their primary activity, an armored car robbery.
The FBI has experienced an increase in the number of cases involving terrorist or criminal use of WMD. These cases frequently have been small in scale and committed primarily by individuals or smaller splinter/extremist elements of right wing groups which are unrelated to larger terrorist organizations.
For example: As most of you will remember, on April 24, 1997, B’nai B’rith headquarters in Washington, D.C. received a package containing a petri dish labeled "Anthracis Yersinia," a non-existent substance and a threat letter. Although testing failed to substantiate the perceived threat, the significant response mobilized to mitigate the situation highlights the disruption, fears, and complexity associated with these types of cases.
On September 17, 1997, an individual was indicted in violation of Title 18, U.S.C. Section 175(A)/Biological Weapons Anti-Terrorism Act for knowingly possessing a toxin (ricin and nicotine sulfate) for use as a weapon and knowingly possessing a delivery system designed to deliver or disseminate a toxin. On October 28, 1997, he pled guilty to manufacturing a toxin (ricin) for use as a weapon. On January 7,1998, he was sentenced to 12 years and 7 months in federal prison to be followed by 5 years of supervised release.
In what the FBI considers a significant prevention, the FBI arrested four members of a white supremacist organization in Dallas, Texas, who planned to bomb a natural gas refinery, which could have caused a release of a deadly cloud of Hydrogen Sulfide. This act was planned to divert law enforcement attention from the groups original objective of committing an armored car robbery. On video, the subjects discussed their complete disregard for the devastating consequences of their intended actions. The four were indicted on several charges to include Use of Weapons of Mass Destruction. The group pled guilty to several criminal charges and are awaiting sentencing.
The FBI’s countermeasure initiatives, such as the Domestic Preparedness Program which is being worked jointly with the Department of Defense and other members of the federal interagency community to train local "first responders" and about which the FBI has previously provided testimony, is designed to address the potential widespread consequences associated with WMD.
As a result of increased funding from the Antiterrorism and Effective Death Penalty Act of 1996, the Director supported and the Attorney General approved an enhancement of 175 Special Agents to the WMD program throughout our 56 field offices. Additionally, $21,200,000 from the 1998 FBI’s Counterterrorism budget has been allocated to ensure that state and local agencies have basic equipment and training for responding to chemical or biological incidents and incidents involving improvised explosive devices. The FBI’s National Security Division, Laboratory Division, and the Critical Incident Response Group (CIRG) have received total funding in the amount of $8,000,000 from the ‘FY 97 budget for equipment, training, and assistance to be provided to the FBI field offices to address this growing problem.
Notwithstanding that which we have already faced and continually plan for, the potential for WMD to damage our national security does exist and trends are troublesome. The ease of manufacturing or obtaining biological and chemical agents is disturbing. Available public source material makes our law enforcement mission a continuous challenge. Nevertheless, I can and will assure you that the FBI will remain vigilant to the threat and continue to strive to prevent and counter the use and proliferation of WMD.
Critical Infrastructure Protection
In a few short months, on July 26, 1998, the FBI will celebrate its 90th birthday. The FBI has been a remarkable institution for many reasons, not the least of which has been its ability to remake itself to address new challenges to U.S. national security and criminal justice. In the beginning, FBI agents were not authorized to carry firearms. In response to the gang-era of the 1920s and 1930s, agents were first issued handguns, and then the storied Thompson submachine gun. In what is much more than a symbolic shift, today’s agents are issued laptop computers. This important advancement is the direct result of an evolution in national security vulnerabilities.
As one consequence of technological innovation, deregulation, and economic imperatives, critical infrastructure systems have become more complex and interdependent. Digital control systems-based on commercial off-the-shelf hardware and software are being used to streamline network operations and reduce personnel requirements. These control networks frequently are connected by publicly-accessible telecommunications systems and commercially available information technologies -- the National Information Infrastructure (NII) -- a trend that will accelerate as utility, transportation, and government activities eliminate antiquated, expensive private telecommunications networks. The result is a revolutionary and systemic improvement in industrial and commercial processes that has been widely recognized and exploited by both public and private sectors.
Public- and private-sector organizations that rely on information technologies are diverse. Within the government, information technologies provide leverage for performing traditional missions more efficiently, e.g., law enforcement, intelligence gathering and exploitation, and national defense. In the private sector information systems allow rapid, efficient transfers of information and capital, enable a new wave of electronic commerce, and enable far-flung, technically complex operations to exist over vast geographic distances.
However, as commercial information technologies create advantages, their increasingly indispensable nature transforms them into high-value targets. Moreover, in practice these developments have resulted in diminished systems redundancy and the consolidation of core assets, heightening the risk of catastrophic single-point failures. These vulnerabilities are accompanied by a more variegated threat picture. The range of potential adversaries that may seek to attack U.S. infrastructure systems is broad and growing. Disgruntled employees, disaffected individuals or groups, organized crime, domestic and international terrorists, and adversary nations are all potential sources of attack.
Hundreds of information system vulnerabilities are discovered every day -- many directly related to U.S. national security. Dozens of previously unknown computer system vulnerabilities are uncovered every day by the vast yet interconnected community of technical experts. Most of these vulnerabilities are subsequently posted publicly, usually on the Internet first. For example, Internet mailing lists routinely distribute vulnerability information and software that can be used to exploit vulnerabilities.
Vulnerability publicity usually follows through a succession of books, magazine and newspaper articles, electronic bulletin board messages, and a growing list of World Wide Web sites that are targeted at informing hackers, crackers, "phreakers," and, potentially, members of terrorist organizations and foreign intelligence services, about the latest methodology for staging successful cyber attacks. Lists of Frequently Asked Questions (FAQs) outlining the specifics of system vulnerabilities are widespread. "The Unofficial Web Hack FAQ," "The Hacker FAQ," and "How To Hack a Website" are popular, accessible, and easily downloaded from the Web. These vulnerabilities are present in the same commercial, off-the-shelf computer hardware and software used by both private industry and government.
These developing phenomena are associated with another, perhaps even more worrisome development. As information technologies and the physical infrastructure systems they control become increasingly complex, our ability to reliably anticipate system-wide behavior diminishes. This is because as systems increase in complexity, the effect of manipulating, degrading, or eliminating a single component is difficult to predict. Accidents, even seemingly minor ones, can have catastrophic effects. This creates a growing increase in the likelihood of catastrophic, single-point failures -- accidental or induced.
The details of the nation’s infrastructure vulnerabilities are clearly illustrated in both classified and unclassified arenas. For instance, the myriad of government studies and reports on the matter include one recently published by the President’s Commission on Critical Infrastructure Protection. The report was preceded by similar assessments by the Defense Science Board, the Office of Science and Technology Policy, and the Office of Management and Budget.
With very few exceptions, attacks against the nation’s cyber assets can be aggregated into one of four categories: crime, terrorism, foreign intelligence, or war. Regardless of the category, any country or group can acquire the capability to conduct limited attacks against information systems from friendly nations, commercial vendors, arms dealers, hacker conferences, the Internet, and computer bulletin boards.
Software is one weapon of information-based attacks. Such software includes computer viruses, Trojan Horses, worms, logic bombs and eavesdropping sniffers. Advanced electronic hardware can also be useful in information attacks. Examples of such hardware are high-energy radio frequency (RF) weapons, electromagnetic pulse weapons, RF jamming equipment, or RF interception equipment. Such weapons can be used to destroy property and data; intercept communications or modify traffic; reduce productivity; degrade the integrity of data, communications, or navigation systems; and deny crucial services to users of information and telecommunications systems.
Where hackers formerly may have been motivated by the technical challenge of breaking into a computer system, the motivation may be shifting more toward hacking for profit. As more and more money is transferred through computer systems, as more fee-based computer services are introduced, as more sensitive proprietary economic and commercial information is exchanged electronically, and as the nation’s defense and intelligence communities increasingly rely on commercially-available information technology, the tendency toward information threats emerging as national security threats will increase.
Terrorists, transnational criminals, and intelligence services are quickly becoming aware of and exploiting the power of information tools and weapons. This has been true in the past as new means of communication, transportation, and secrecy have been introduced to the public. For example, narcotics traffickers began using communications advances such as pagers and cellular phones soon after their introduction to the public.
Perhaps the most imminent threats today come from insiders. Insiders have the advantage of not needing to break into computer systems from the outside, but only to use, or abuse, their legitimate access. A large portion of the computer intrusion reports that the FBI and other law enforcement organizations receive have at their core an employee, or a former employee, who has exceeded his or her access, often in revenge for a perceived offense or wrong. These individuals have the knowledge of where the most sensitive information is stored, how to access the information, and, at times, how to steal or damage the data.
One such example involves a U.S. defense contractor firm that subcontracted with a foreign firm. The U.S. firm employed foreign contractors onsite, and allowed these employees access to certain areas of the premises that were necessary to their duties. However, the foreign contractors used their knowledge of the company’s computer system to access other areas of the company’s computer network that were off limits to non-U.S. employees. The foreign contractors were able to access proprietary and potentially classified information regarding the U.S. company’s government contracts. Their activities jeopardized the competitiveness of the company and posed a potential threat to U.S. national security.
Another insider incident occurred in October 1997 when a former Pacific Gas & Electric Co. worker caused a widespread power outage in San Francisco. Moreover, security experts have repeatedly and publicly demonstrated the ease of compromising security at both private- and public-sector facilities through social engineering -- posing as an insider to easily acquire information on internal security, passwords, and system configurations.
In terms of the maturity of the threat, the numbers tell the story. So far, in the month of January 1998 alone, there have been over forty reported hacked web sites according to hacked.net, a website that tracks such statistics. The FBI’s load of computer intrusion-related cases is more than doubling every year. Because of the uncertainties associated with the evolutionary path of information technologies, the threat picture fifteen years hence is difficult to predict. However, some certainties apply: information technology is sure to proliferate, and those who would exploit these technologies for nefarious purposes are sure to multiply.
The FBI Response
The FBI was among the first to recognize the importance of predicting information-based attacks on critical infrastructures, preventing their occurrence, and mitigating damage in the event such attacks did occur. Since the 1992 creation of the National Computer Crime Squad in the FBI’s Washington Field Office, additional regional computer squads in New York, San Francisco, Boston, Atlanta, Dallas, and Los Angeles. In addition to regional squads, the FBI has created computer investigative teams in each of its 56 field offices that will respond to computer incidents within their geographical area of responsibility.
The expansion of the National Computer Crime Squad was accompanied by the creation of a new National Security Threat List (NSTL) issue within the FBI’s FCI program: Targeting the National Information Infrastructure, which the Attorney General approved in September 1995. The addition of this issue to the NSTL makes it possible for the FBI, working within its FCI authority, to investigate information infrastructure-related incidents perpetrated or coordinated by foreign intelligence services. These attacks might be directed against the U.S. Government or U.S. corporations, establishments, or persons and could target physical facilities, personnel, information, or computer, cable, satellite, or telecommunications systems. With the new NSTL issue, these teams have responsibilities over both the criminal investigative and the potential national security implications of computer intrusions.
The FBI is responding to these novel threat and vulnerability combinations through a coordinated interagency effort that includes, among other important participants, the Department of Defense, the National Security Agency, the Central Intelligence Agency, and the President’s Commission on Critical Infrastructure Protection.
The Infrastructure Protection Center
One important interagency attempt to meet the emerging threat to the nation’s critical infrastructures is the Infrastructure Protection Center (IPC). The IPC, a government-industry partnership hosted by the FBI, will provide a mechanism for assessing, warning, investigating, and responding to attacks on interconnected and interdependent infrastructures. The IPC units will be staffed with representatives from FBI and DOD, Intelligence Community, and agency detainees experienced in computer crimes and infrastructure protection. To build private confidence and information sharing, IPC will hire representatives of private industry or private sector computer emergency response teams (CERTs) making them an integral part of the center. Direct electronic connectivity is also being established with private industry and the CERTs.
Twenty-four-hour watch presence and connectivity maintained between the FBI, the National Security Agency, the Defense Intelligence Agency, and the Defense Information Systems Agency reinforce the respective strengths these parties bring to the infrastructure assurance mission. Future connectivity will include other government participants.
The IPC builds on and enhances close ties to the "first responders" to an attack on critical infrastructures - state and local law enforcement and government. Building on the FBI’s long standing relationships with state and local law enforcement (through mechanisms like the Joint Terrorism Task Forces), the IPC will conduct outreach, provide training, share information, and coordinate interagency efforts during an attack. The IPC would also establish direct electronic connectivity to state and local governments building on existing FBI programs such as the Law Enforcement On-line (LEO) and Awareness of National Security Issues and Response (ANSIR) systems.
Though the national security threat from cyber-related issues is of concern, the FBI, with its private- and public-sector partners, is building a firewall of protection between malevolent actors and critical U.S. infrastructure systems. The threat is real and growing, but an effective response is underway. The IPC will embody the collected interagency expertise in the infrastructure protection mission, and exemplifies the depth of commitment the FBI has made to this important law enforcement and national security issue.
Since I last appeared before this committee, the passage of the Economic Espionage Act of 1996 (EEA) has greatly assisted the FBI in its battle against Economic Espionage. Important partnerships have been formed with the Department of Defense and industry allowing for successful investigative efforts.
Through the use of the EEA and other tools, the FBI has developed significant information on the foreign economic espionage threat, to include: 1) identification of the perpetrators of economic espionage; 2) the economic targets of their spying and criminal activities, and 3) the methods used to steal clandestinely and illicitly U.S. trade secrets and technology.
The increasing value of trade secrets in the global and domestic marketplaces, and the corresponding spread of technology, have combined to significantly increase both the opportunities and methods for conducting economic espionage. The development and production of trade secret information is an integral part of virtually every aspect of U.S. trade, commerce, and business. Consequently, the security of trade secrets is essential to maintaining the health and competitiveness of critical segments of the U.S. economy.
The Economic Espionage Act has helped to protect valuable U.S. trade secrets. The statute was the result of a Congressional mandate, coupled with a joint effort on the part of the FBI and industry, to provide law enforcement with a tool to deal effectively with trade secret theft. The EEA resolved many gaps and inadequacies in existing federal laws by creating two new felonies outlawing acts of economic espionage (Title 18, U.S.C. 1831) and commercial theft (Title 18, U.S.C. 1832) , and by specifically addressing the national security aspect of these crimes.
The FBI National Security Division sponsored a series of six regional Economic Espionage Conferences. These conferences brought together elements of industry and U.S. federal government criminal and intelligence sectors which play a role in economic espionage matters.
Traditional threat countries and a number of non-traditional threat countries continue their collection of U.S. trade secrets. The U.S. counterintelligence community has specifically identified the suspicious collection and acquisition activities of foreign entities from at least 23 countries. Analysis of updated information indicates that of those identified countries, 12 are assessed to be most actively targeting U.S. proprietary economic information and critical technologies. This list has not changed since the 1996 Annual Report on Foreign Economic Collection and Industrial Espionage.
Foreign collection continues to focus on U.S. trade secrets and S&T information products. Of particular interest to foreign collectors are dual-use technologies and technologies which provide high profitability.
The FBI National Security Division’s Awareness of National Security Issues and Response (ANSIR) Program brings to the attention of U.S. corporations their potential vulnerability to classic and economic espionage, as well as other national security concerns. In each of the FBI’s 56 field offices, there is a Special Agent assigned as the ANSIR coordinator who deals directly with the corporate security directors in their region.
Through ANSIR, the FBI has undertaken several initiatives. ANSIR-FAX is a facsimile transmission system for the dissemination of unclassified counterintelligence and terrorism threat warning information to approximately 25,000 corporate directors. ANSIR-FAX is used to provide corporate America with updates on economic espionage. Briefings have been provided to American corporations overseas. Corporate security directors and other personnel in Australia, Ireland, New Zealand, Panama, South Korea, and the United Kingdom have received briefings on economic espionage. Local and national government officials in the Czech Republic, Austria, the Slovak Republic, and Hungary were also briefed.
Examples of some recent Economic Espionage Cases are: Pittsburgh: On December 7, 1996, the first arrest under the new law occurred in Pittsburgh, Pennsylvania. Patrick Worthing and his brother, Daniel, were arrested by FBI agents after agreeing to sell Pittsburgh Plate Glass (PPG) information for $1,000 to a Pittsburgh agent posing as a representative of Owens-Corning, Toledo, Ohio. Both subjects were charged under Title 18, United States Code, Section 1832 (18 U.S.C. 1832; Theft of Trade Secrets). On April 18, 1997, due to his minimal involvement, Daniel Worthing was sentenced to six months of home confinement, five years probation, and 100 hours community service. In June 1997, Patrick Worthing was sentenced to 15 months in jail and three years probation. Philadelphia: On June 14, 1997, Hsu Kai-lo and Chester H. Ho, naturalized U.S. citizens, were arrested by the FBI and charged with attempting to steal the plant cell culture technology of Taxol, patented and licensed by the Bristol-Myers Squibb (BMS) Company. On July 10, 1997, a Federal Grand Jury for the Eastern District of Pennsylvania returned indictments, totaling eleven counts against Hsu, Ho, and Jessica Chou (a Taiwanese citizen who was actively involved with Hsu in attempting to obtain the Taxol formulas). Hsu and Chou are employed by the Yuen Foong Paper Manufacturing Company of Taiwan, a multinational conglomerate. Ho is a professor at the National Chaio Tung University and the Institute of Biological Science and Technology in Taiwan. Chou remains in Taiwan. Two of the eleven counts were violations of Title 18, U.S.C. 1832. Taxol is a billion dollar a year industry for BMS. The foreign market share is estimated to be $200,000,000. Potential losses could have been in the billions of dollars over the ten year period BMS holds the patent for the plant cell culture technology. Cleveland: On September 5, 1997, Pin Yen Yang, and his daughter Hwei Chen Yang (aka Sally Yang) were arrested on several charges, including Title 18, U.S.C. 1832. Also charged is the Four Pillars Company, which has offices in Taiwan, and a registered agent in El Campo, Texas. It is alleged that the Four Pillars Company, Pin Yen Yang, Sally Yang, and Dr. Ten Hong Lee were involved in a conspiracy to illegally transfer sensitive, valuable trade secrets and other proprietary information from the Avery Dennison Corporation, Pasadena, California, to Four Pillars in Taiwan. Dr. Lee, who is at present not charged and is cooperating with the investigation, has been an Avery Dennison employee since 1986, at the company’s Concord, Ohio facility. Dr. Lee allegedly received between $150,000 and $160,000 from Four Pillars/Pin Yen Yang for his involvement in the illegal transfer of Avery Dennison’s proprietary manufacturing information and research data over a period of approximately eight years. Direct development costs of technology transferred during this time is estimated to be in the tens of millions of dollars. On October 1, 1997, a Federal Grand Jury returned a 21 count indictment, charging Four Pillars, Pin Yen, and Sally Yang with attempted theft of trade secrets, mail fraud, wire fraud, money laundering, and receipt of stolen property. On the same date, Dr. Ten Hong Lee plead guilty to one count of wire fraud and promised continued cooperation with the investigation. Memphis: On October 3, 1997, the Memphis Division arrested Steven Louis Davis, who was indicted in the Middle District of Tennessee on five counts of fraud by wire and theft of trade secrets. Wright Industries, the victim company and a sub-contractor of Gillette, had fully cooperated with the FBI’s investigation. Although the FBI knows that Davis reached out to one foreign owned company (BIC), it is unclear if he was successful in disseminating trade secrets overseas. The FBI, however, has learned that a competitor in Sweden had seen the drawings of the new Gillette razor. The case is pending. Buffalo: Harold C. Worden was a 30-year employee of the Eastman Kodak Corporation who established his own consulting firm upon retiring from Kodak. Worden subsequently hired many former Kodak employees and stole a considerable amount of Kodak trade secret and proprietary information for use at his firm. The market share at risk could have been in the billions of dollars. As a result of investigation, Worden signed a plea agreement with the U.S. Attorney's Office for the Western District of New York in which he pled guilty to one felony count of violating Title 18, U.S.C., Section 2314 (the Interstate Transportation of Stolen Property). Worden was sentenced to one year imprisonment, three months of home confinement with monitoring bracelet, three years of supervised probation, and a fine of $30,000. Investigation is continuing in this matter. Boston: This case involved unauthorized intrusion into a voice-mail system by a disgruntled former employee. The victim was Standard Duplicating Machines Corporation (Standard), whose main competitor was the U.S. affiliate, Duplo Manufacturing Corporation of Japan (Duplo). John Hebel was employed by Standard as a field sales manager from 1990 to 1992, when he was terminated. Through an unsolicited phone call from a customer, Standard discovered Hebel had accessed Standard’s phone mail system and had used the information to compete against Standard. Hebel was employed by Duplo at the time of the intrusions. On November 6, 1996, Hebel was charged with one count of violating Title 18, U.S.C. Section 1343 (Wire Fraud). On March 14, 1997, Hebel was sentenced to two years probation. Recent press accounts have highlighted the high financial risk of economic espionage to American businesses, communities, and jobs. The American Society of Industrial Security (ASIS) reported this month to the FBI that over $30 billion in American intellectual property were "placed at risk" from attempted theft in 1996 alone. Over 270 separate incidents were confirmed in the ASIS study. ASIS presently is finalzing its results for publication this year.
International Drug Trafficking
The President has stated in PDD-42 that international organized crime and drug trafficking are a threat to national security. A Presidential Directive, however, is not required to convince law enforcement and the citizens of the United States that the trafficking in illicit drugs is a serious threat to all aspects of our daily lives and consequently to our National Security.
Unlike traditional threats to national security, the drug threat is not the result of the political agenda of a terrorist group or foreign government. Instead, it is perpetuated by criminal enterprises that conduct a myriad of egregious acts of violence, corruption, fraud, murder and extortion, all generated by personal greed and a quest for power. Extremist groups or foreign powers have yet to cause the level of devastation to our communities and affect the fabric of our society as that due to illicit drug trafficking.
The rippling effects of the political and/or economic destabilization of other countries by drug trafficking organizations indirectly impacts on our nation’s security. Drug trafficking and international organized crime groups often attempt to thwart enforcement action by bribing or threatening foreign government officials. In some instances, entire governments or sectors of governments operate as criminal enterprises, using the appurtenances of the state for illicit purposes. The United States is not immune to the political, moral and societal debilitation that has occurred in other countries due to the distribution of criminally obtained assets to buy assistance or ensure ignorance from corrupt government officials.
The goal of the FBI’s drug program is to identify, disrupt and dismantle core trafficking organizations by attacking their command and control structures. This is most effectively ac