Episode 109: MIC DROP: FBI Director Wray unpacks the Volt Typhoon Threat

DINA TEMPLE-RASTON: Hi, it’s Dina. Every week when Click Here brings you a new story about
the people making and breaking our digital world, there is a lot of great material you don’t get
to hear.

MYKHAILYNA: Yeah. My little…boy wants to know what we’re doing.

SON: Hello!

TEMPLE-RASTON (from interview): Hello!

RYAN GREEN: It was a fun thing, it was a powerful thing, and it was a challenge…which is how
things really spiraled out of control.

TEMPLE-RASTON (from interview): So why don’t you tell me about that?

GREEN: Well…

GUY IN IRAN: Are you there or are we losing connection again?

TEMPLE-RASTON (from interview): So if you get into a verbal cul-de sac,-or you decide you want
to say something in a different way, you can say “Hey Dina, let me start for a second and start
again.”

STEVEN ADDAIR: Yeah, sure. Well, I'm in a cul-de-sac. Um, yes.

TEMPLE-RASTON (from interview): I'm sorry, I just never had anybody come into the cul-de-sac
that fast

1
TEMPLE-RASTON: So we thought instead of keeping it all this stuff to ourselves, we’d try
something a little different.

We’re calling it MicDrop — it’s a deeper dive into material we didn’t have time to cover in the
episode that we think you’d love. We have a special guest to kick this off…

TEMPLE-RASTON (from interview): One, two, one, two. Okay.

TEMPLE-RASTON: One early Sunday morning a couple of weeks ago, I broke out my recording
kit to interview someone who … doesn’t do many interviews…

TEMPLE-RASTON (from interview): So, uh, here's the question you're not expecting, which is,
could you introduce yourself to us, please?

CHRISTOPHER WRAY: I'm Chris Wray, the FBI director.

TEMPLE-RASTON (from interview): Okay.

[MUSIC]

TEMPLE-RASTON: I don’t know why but I was expecting a longer answer from him.

I was talking to him just weeks after he went up to the Hill…

WRAY TESTIMONY: Thank you Chairman Gallagher, Ranking Member Krishnamoorthi … for
inviting me to testify here today…

TEMPLE-RASTON: He was there to talk to Congress about the growing threat in cyberspace and
specifically an FBI operation against a Chinese state-sponsored hacking group called Volt
Typhoon.

They had dropped malware in key networks attached to our critical infrastructure … water,
communications, airports…

2
WRAY TESTIMONY: And let’s be clear: Cyber threats to our critical infrastructure represent
real-world threats to our physical safety.

TEMPLE-RASTON: Days after the government announced these Chinese hackers were in U.S.
critical computer networks…

The news got worse… they revealed the group had been lurking there… undetected for years.
And Wray was very candid with me in our rare one-on-one interview about how out of bounds
this is to be in civilian networks like that.

WRAY: This, to me, is another example of the Chinese government showing its contempt. For
the rule of law, for norms that, um, the international community holds dear, um, and we're not
going to tolerate it.

[MUSIC]

TEMPLE-RASTON: After the break, more from Director Wray.

We’ll be right back.

—
STINGER: I’m Dina Temple-Raston, and this is Click Here’s Mic Drop.

TEMPLE-RASTON: 2024 is starting out as a banner year for cyber takedowns.

CBS: International law enforcement agencies including here in this country have cracked a case.

CTV: … mounted a hatchback campaign …

WRAY ANNOUNCEMENT: … ran a court authorized technical operation …

3
CTV: … seized control of the group’s site on the dark web …

WRAY ANNOUNCEMENT: … and just today, we’re announcing yet another success ….

TEMPLE-RASTON: But cyber operations until recently always had a kind of whack-a-mole feel…
Some darknet marketplace or ransomware gang would be taken down one day only to pop up
again somewhere else the next…

Now FBI Director Wray told me they are doing something that they used to do when I was
covering terrorism for NPR.

WRAY: We're trying to get left of boom.

TEMPLE-RASTON: Left of boom… trying to prevent attacks rather than just respond to them.

[MUSIC]

TEMPLE-RASTON (from interview): The way the FBI started stepping in when ISIS was big, right?
Remember, first people would get all the way to ISIS and you'd figure it out, and then there was
Minneapolis where you rounded up lots of people before they got on planes. Can we think
about this in the same way? That it's sort of before they actually can do the damage, where the
FBI is stepping in in a preventative way?

WRAY: Well, obviously there are important differences between terrorism and cyber, not the
least of which is the horrific loss of life and bloodshed that is involved in terrorism. And I never
want to lose sight of the human cost that's involved there. But there are similarities in terms of
how we're trying to approach the threat. And one of them, as you say, is the focus on
prevention and disruption,uh, and trying to get to a point where we can interdict the threat
before it becomes much more serious.

4
TEMPLE-RASTON: And he’s not just talking about preempting individual cyber criminals or
cyber gangs. It’s nation state hackers who tend to do scarier things…

WRAY: A key part of battling the cyber threat, especially with nation states, is to detect access
and prevent access from being used in a way that would harm national security, personal
security or some other interest.

TEMPLE-RASTON (from interview): Is there a pattern emerging here of a change in the way the
cyber fight is being fought?

WRAY: We’re seeing nation-states trying to preposition to get persistent access to, uh, in the
Volt Typhoon case, critical infrastructure, for example. And so that, while that is not a new thing
for, uh, intelligence services and adversaries like the Chinese government, we're seeing it now
on a scale and intensity that we have not previously seen.

TEMPLE-RASTON: And he said the targets of these nation-state hackers are changing. It isn’t
just military installations or defense industries. It’s us, ordinary citizens.

We talked about this in our previous episode… hackers with the GRU, or Russian intelligence,
cracked into the ordinary Wi-Fi routers we have at home or in the office… Shortly after our
episode dropped, the FBI and a roster of international law enforcement agencies released an
advisory warning people they may have been targeted.

ADVISORY TAPE: Russian state sponsored cyber actors are actively exploiting Ubiquiti Edge
routers to conduct malicious cyber operations.

TEMPLE-RASTON: The advisory urged people who owned specific kinds of routers to reset them.
And it offered instructions on how to ensure that malware wasn’t still lurking in their systems.
As we mentioned in our story, the routers that the GRU targeted were older ones.

5
WRAY: The security updates and patches weren't being received and so forth anymore. So as a
result, they found kind of a weak link in the chain. And were able to kind of take advantage of
it.

[MUSIC]

TEMPLE-RASTON: Russian military intelligence, the GRU, had used these common routers to
launch cyber attacks.

WRAY: So it shows the ways in which, uh, the cyber threat is all kind of interwoven. You can't
just look at this sector or that sector or big companies versus small home offices. They're all
kind of interwoven, whether, whether targets in their own right or as, um, vehicles to get to
other parts of the cyber ecosystem.

[MUSIC]

WRAY: And that I think underscores that for, uh, you, you know, average Americans and, and
average citizens in other countries. It's not just a large company or large utilities network that's
at risk. You know, um, personal, networks, uh, are at risk.

TEMPLE-RASTON: Which is the distinction the director was trying to make. This isn’t just spy vs
spy. Espionage is something nation-states do… and that’s generally accepted as part of being
in the world…

What is different here is that adversaries are starting to target civilian infrastructure… power,
communications… not just military networks or government agencies…

And that’s a switch.

6
The U.S. also prepositions themselves inside foreign networks… but inside what they consider
legitimate targets… like military or government networks. They call it Defend Forward.

And I asked what makes Defend Forward different than what the Chinese hackers were doing….

WRAY: I mean, I will let, um, uh, NSA and U. S. Cyber Command speak for themselves. They're
among our very closest partners, um, and, uh, Paul Nakasone is a dear friend. I think when we
testified together, uh, in front of the China Committee, in front of the House, uh, as I recall, he
testified very, uh, explicitly and publicly that we do not target, uh, other countries civilian
critical infrastructure like water, like power. Um, and so, um, uh, and I think he even went so far
as to say, uh, there's no legitimate purpose for that.

[MUSIC]

TEMPLE-RASTON: The bright spot in all of this is that battling our adversaries in cyberspace
isn’t always rocket science…

Wray says ordinary citizens can go a long way toward protecting the country by just doing the
little things.

WRAY: Getting the little stuff right. You know, the, the, the weaknesses that the Chinese were
able to exploit there were fairly simple weaknesses to exploit. And so it's not just black belt
level activity that we have to combat. We have to make sure that we're getting the basics right.
collectively as a country and as a, uh, international community.

TEMPLE-RASTON: Buy a new router, install those patches, get the little stuff right… And all of
us can help prevent these kinds of attacks.

[MUSIC]

7
TEMPLE-RASTON: From Recorded Future News, this has been Mic Drop.

This episode was produced by Sean Powers and Cat Schuknecht.

I’m Dina Temple-Raston, and we’ll be back on Tuesday with an all-new episode of Click Here.

Have a great weekend.