The FBI is sounding the alarm that Washington, D.C.-area think tanks are new targets of foreign adversaries looking to monitor their work and their interaction with the U.S. government, The Washington Times has learned.
FBI Special Agent Matthew O’Brien, a private sector coordinator in the Washington Field Office, told The Times that the FBI has discovered foreign adversaries from Russia, China and Iran attempting to breach the think tanks’ networks.
Mr. O’Brien, who is responsible for the National Capital Region’s approximately 200 think tanks, said the attackers are looking to hack into the policy hubs’ digital networks and physical systems to surveil the policy debate happening inside Washington’s think tanks and spot and assess sources of information.
The at-risk think tanks cover a broad spectrum of politics and policy and are not limited to a single ideology or subject matter but share proximity to the federal government.
“The think tanks are influencers, and even though a lot of what they are going to do is published, these foreign nation-states are interested in hacking in to understand, maybe to hear, the disagreements between various individuals in think tanks,” Mr. O’Brien said.
When the attackers are unable to breach targeted think tanks’ systems remotely, Mr. O’Brien said attackers have slipped into think tanks’ offices and plugged in keystroke loggers to learn how to get the credentialing necessary to bypass cybersecurity defenses.
“We’ve got reports from the think tanks locally that they’ll try to piggyback coming in through doors and just walk in and see if they can get access to somewhere,” Mr. O’Brien said. “Which, you’d think it’s a lot more sophisticated but it’s not always that way, sometimes it’s just taking advantage of everybody’s kind of lull in security practices.”
Mr. O’Brien said the FBI has witnessed foreign adversaries deploy similar tactics at colleges and universities where the bad actors have shown up on campuses asking for tours of various buildings and laboratories. Mr. O’Brien’s team also focuses on D.C.-area colleges and corporations.
While the college-campus threat has garnered headlines after several recent public prosecutions of researchers beholden to foreign countries, the problems at think tanks have remained far more hidden. Mr. O’Brien said a dramatic uptick in foreign influence surrounding the 2016 election made foreign influence a top priority for the FBI, and he joined the private sector team in D.C. about a year ago.
While Mr. O’Brien styles his job as both a community police officer and traffic cop serving the think tank community, the research community’s working relationship with the FBI was chilly before his arrival.
Some think-tank employees felt a cold shoulder from the FBI after alerting federal agents to potential problems. The FBI’s radio silence while working to fend off foreign threats does not provide the same level of transparency that think tanks are accustomed to getting from private cybersecurity firms.
The FBI has also struggled to explain the nature of the cybersecurity and counterintelligence threats facing the research community, according to two Senate investigators. One Senate investigator said the FBI’s past outreach to the research community particularly at universities was “hamfisted” and did not make the academics believe that a real threat existed.
“A lot of what we heard from universities was that the FBI wasn’t really working well with them,” a second Senate investigator said. “They were sort of showing up on campus, scaring everybody to death, providing no concrete examples about what the threat was, and then leaving with the university with its hands in the air still asking questions.”
The FBI said it has taken steps to improve relations with the research and academic community nationwide. Just before the coronavirus outbreak spread, the FBI held a summit at headquarters for several hundred officials from universities and research centers where FBI Director Christopher A. Wray fielded questions, according to Mr. O’Brien.
Mr. O’Brien said the FBI held a symposium in September 2019 for D.C.’s research community to learn details of the threats from subject matter experts and cyber investigators who discussed the actions of specific countries. Since the coronavirus outbreak hit, the FBI’s cyber investigators held a webinar for D.C.-area think tanks about how to protect themselves when working from home.
Washington think tanks that have engaged directly with the FBI are wary of publicly discussing the attacks they have faced. One Washington think tank fell victim to a misinformation campaign that involved a foreign adversary “spoofing” their website, where a website that mirrored the think tank’s digital presence spread misleading information to trick unsuspecting people attempting to visit the think tank’s real website.
The think tank, which was provided anonymity because of concerns surrounding attempted attacks on its systems, said the problem of cyberattackers spoofing think tanks’ work is not uncommon and other think tanks would benefit from working with the FBI as it did.
“Establishing contact with the FBI takes no time at all and maintaining that relationship, again, it takes no time,” the Washington think tank said. “There is benefit in the offerings that they bring folks together and share the story and make sure that everybody’s aware of what the most recent risks and threats are, what the most recent actors are. Those sorts of things are all a benefit and then on the flip side when you need something, when you’ve got something kind of strange going on, you have a point of contact to reach out to.”
Mr. O’Brien said the FBI’s desire is not to make D.C.-area think tanks fearful, but to provide them greater awareness of the foes the United States is actively fighting.
“There’s nothing worse than giving a brief on how bad things are but there’s nothing you can do about it — and that’s just not the case, it does all start off as awareness and it has to be seriously taken,” Mr. O’Brien said. “We’re not trying to scare, we’re just trying to be as real as we can with them. Like, ‘Hey this is, it’s a constant threat, it’s not stopping.’”