The Washington Post

Several nations trying to penetrate U.S. cyber-networks, says ex-FBI official

At least half a dozen countries with offensive cyber-capabilities are probing U.S. corporate and military computer systems, looking for data and a toehold should they one day want to disrupt or destroy the networks, according to the FBI’s former top cyber-sleuth.

Shawn Henry, who retired from his post last month, declined to identify the countries, but other cyber-experts have said that China, Russia and Iran are among them.

Henry said U.S. adversaries have shown that they are capable not only of stealing sensitive information, but of manipulating and destroying it. In some cases, he said, hackers have penetrated corporate networks so thoroughly that companies have had to jettison hardware and software before recovering.

“Once they’re in,” Henry said of the hackers, “they’re in.”

Despite an entreaty by FBI Director Robert S. Mueller III to remain at the bureau, Henry this month joined a cybersecurity start-up called CrowdStrike, where, he said, he hopes to help clients take the fight to sophisticated foreign adversaries.

“I know a lot of companies have suffered, and they are going to want to see somebody come in and assist them,” said Henry, former executive assistant director of the FBI’s Criminal, Cyber, Response and Services Branch. “It won’t be the U.S. government . . . so it’s going to have to be the private sector.”

Henry’s remarks come as more current and former officials are speaking out about the need for action to contain a threat that Mueller recently said is likely to eclipse terrorism as the top menace to the country.

Last week, Rear Adm. Samuel Cox, director of intelligence at U.S. Cyber Command, said that “a global cyber arms race” is underway. James E. Cartwright Jr., who retired in August as vice chairman of the Joint Chiefs of Staff, said at a separate event that even a limited cyberattack on the nation’s power grid or financial system could spark tremendous public fear.

“If you can take out one area of electric power or one bank, the question that puts in people’s minds about the security of others is what you’re really worried about,” Cartwright said last week at a conference hosted by the Center for Strategic and International Studies.

Despite such concerns, experts have said the government is legally constrained in its ability to help companies protect their networks, in part because of privacy issues surrounding the sharing of information between the government and the private sector.

Congress is set to take up proposals aimed at fostering information-sharing as well as security standards for some companies to better protect commercial networks.

In the meantime, the costs of cyber-espionage are proving to be enormous.

Scott Borg, chief economist at the U.S. Cyber Consequences Unit, a research group, has assessed the annual loss of intellectual property and investment opportunities across all industries at $6 billion to $20 billion.

Henry, a former executive assistant director of the FBI’s cyber-crime branch, said the bureau knew of one company that lost $1 billion — 10 years’ worth of research and development — in a weekend after being hacked. One thinly capitalized firm that processed credit card payments was forced to close two years ago when it was breached.

The FBI has become more aggressive in collecting and correlating intelligence, and over the past couple of years it has notified dozens of defense contractors, government agencies and companies that they were being targeted for intrusion, according to Henry.

Still, he said: “There needs to be much greater sharing of intelligence across all the sectors.”

“You can only be punched in the face so many times before you fall to your knees,” he added. “There needs to be more offense and less defense.”

As head of services at CrowdStrike, Henry, who spent 24 years at the FBI, said he will adopt many of the techniques used by government intelligence agencies. But unlike the government, CrowdStrike is planning to name names — not just of individual hackers but of foreign government agencies, said the firm’s co-founder, Dmitri Alperovitch.

Ellen Nakashima is a national security reporter for The Washington Post. She focuses on issues relating to intelligence, technology and civil liberties.



Success! Check your inbox for details. You might also like:

Please enter a valid email address

See all newsletters

Show Comments

Sign up for email updates from the "Confronting the Caliphate" series.

You have signed up for the "Confronting the Caliphate" series.

Thank you for signing up
You'll receive e-mail when new stories are published in this series.
Most Read



Success! Check your inbox for details.

See all newsletters

Your Three. Videos curated for you.
Play Videos
How to make Sean Brock's 'Heritage' cornbread
New limbs for Pakistani soldiers
The signature dish of Charleston, S.C.
Play Videos
Why seasonal allergies make you miserable
John Lewis, 'Marv the Barb' and the politics of barber shops
What you need to know about filming the police
Play Videos
The Post taste tests Pizza Hut's new hot dog pizza
5 tips for using your thermostat
Michael Bolton's cinematic serenade to Detroit
Play Videos
Full disclosure: 3 bedrooms, 2 baths, 1 ghoul
Pandas, from birth to milk to mom
The signature drink of New Orleans

To keep reading, please enter your email address.

You’ll also receive from The Washington Post:
  • A free 6-week digital subscription
  • Our daily newsletter in your inbox

Please enter a valid email address

I have read and agree to the Terms of Service and Privacy Policy.

Please indicate agreement.

Thank you.

Check your inbox. We’ve sent an email explaining how to set up an account and activate your free digital subscription.