EXCLUSIVE INTERVIEW — For American law enforcement, today’s threat landscape may be as daunting, complex and dynamic as it’s ever been. The threat of terrorism remains high, and top U.S. intelligence officials say it’s been made worse by Israel’s long war in Gaza and the civilian toll there. But officials also say they are on high alert for violent extremist groups on the domestic front as well.
Then there are the state-sponsored actors – authoritarian regimes including China, Iran, Russia, and North Korea — which have taken to targeting the U.S. and its allies via traditional espionage, influence operations, and the illicit acquisition of sensitive technologies from the West. And in the home stretch of this fraught U.S. election campaign, America’s adversaries are also working to interfere and influence U.S. domestic politics, stoking divisions and sowing discord by spreading misinformation and propaganda. These operations are increasingly bolstered by the use of artificial intelligence and traditional malign cyber activity.
It’s a formidable set of issues, and many of them land in the proverbial inbox of Matthew Olsen, Assistant Attorney General for National Security. Olsen, a former Cipher Brief Expert and a former Director of the National Counterterrorism Center (NCTC), was a speaker at The Cyber Initiatives Group Fall 2024 Summit this week, a gathering of top cybersecurity and national security leaders that covers the latest threats and opportunities in the world of cyber and tech. In a wide-ranging interview with Cipher Brief CEO and Publisher Suzanne Kelly, Olsen shared his own perspectives on these threats, how the U.S. is facing the various challenges, and why he believes some of them represent a fundamental threat to American democracy.
This conversation has been edited for length and clarity.
The Cipher Brief: I want to start out by asking you, from your perspective at the National Security Division of the Department of Justice, to walk us through what the overall threat landscape looks like today.
Olsen: It is as busy a time as it’s ever been, and the threats we face are as complex and dynamic as ever. If you just look at the counterterrorism landscape, whether we're talking about the implications of the Hamas attack from October 7th to domestic terrorism, there are multiple vectors that we're concerned about when it comes to counterterrorism, even actors within the United States inspired by ISIS. So that remains particularly challenging and dynamic.
The range of threats we face from nation states has become increasingly a focus of our work at the Justice Department. And that ranges from traditional espionage to sending our sensitive technologies to authoritarian countries like Russia and Iran, and to acts of transnational oppression inside the United States carried out by China, as well as Iran targeting dissidents and former officials inside the United States.
I sit with the Attorney General and the FBI Director every morning and we get the President's Daily Brief and we talk about these threats, and it has been just an extraordinarily busy period.
The Cipher Brief: Let's dig into a couple of these. You've made some announcements recently regarding China and Russia. There was a 32-page indictment filed two weeks ago in which you focused on Russian disinformation and propaganda efforts.
Olsen: What we're really focused right now on is foreign election interference. The threats that we're facing from Iran, Russia, and China in particular when it comes to our election are as significant as ever. They are determined and persistent in those efforts to influence our elections. And that can mean a range of things, from sowing discord and trying to accelerate divisions within our society, to actually supporting one candidate or one party over the other. Those efforts are really challenging, and they're turbocharged by the use of artificial intelligence to increase the scale and reach and resonance of the messaging, as well as traditional spear-phishing attacks and the like.
At the Justice Department and the FBI, we've been very aggressive in calling this activity out. And the way we do that is through our charging documents. We've brought a couple of cases involving Russia, really significant cases. One involved RT, formerly Russia today. This is an arm of the Kremlin and it had set up basically a $10 million scheme – that’s what we're charging – to use an American company based in Tennessee to send its propaganda to influencers on the internet. And these influencers, not necessarily aware of what was happening, were effectively acting as the mouthpiece of Putin and interfering in our elections by issuing propaganda from Russia, and misinformation or disinformation.
In another case, related but separate, we call it the “doppelganger effort” by Russia, they basically used internet domains largely as fake news sites, that looked just like the Washington Post and Fox News, except it's totally fake and was used to send out Russian propaganda to American audiences.
We've recently also called out Iran for its efforts to interfere in the elections through a targeted spear-phishing campaign against the former president's campaign.
One question I get asked pretty regularly is, Why do we care or why should people care about this? From my vantage point, why people should care and why we really are trying to sound the alarm here is that elections form the foundation of our democracy. What makes us different from Russia and China and Iran and authoritarian countries is that we have free and fair elections and we have to defend those elections and the right to vote. Those are the choices for American citizens and American citizens alone. And when foreign countries try to influence those choices, and they do so covertly or secretly, that violates our laws and we need to enforce those laws in order to defend our elections.
The Cipher Brief: The threat from China is very different from the threat from Russia, or the threat from Iran. Can you talk a little bit more about what China is doing, in cyber and elsewhere, and what's changed recently?
Olsen: We see it across a range of threat vectors. The intelligence community has been pretty clear that Iran imposes the broadest and most active and persistent cyber espionage threat of any country. We've identified agents of the Chinese government over the past few years involved in a number of malign activities. One is stealing our sensitive information and stealing trade secrets. That includes everything from cutting edge cyber to research and development into pharmaceuticals. In addition, I would identify high up on that range their efforts to put our critical infrastructure at risk. We know that China is capable of launching cyberattacks that could disrupt critical infrastructure, and that includes oil and gas pipelines, rail systems. And so that capacity is something of real concern.
Another area is China's ability to manipulate and use large quantities of data, particularly personal data about Americans, in a way that would allow them to more effectively target us, particularly our security apparatus. In 2020 we charged that four members of the Chinese PLA were hacking into Equifax’s computer systems, stealing sensitive information, personal information about 145 million Americans. So that data in the hands of the Chinese, and the way they use it, is very concerning.
The other thing I would mention as a final area of risk or threat from China is transnational repression. We see China using cyber to carry out acts of transnational oppression inside the United States, where they've looked at silencing dissidents and going after dissidents.
There's no country like China in terms of having built a surveillance state, and they are pushing that out into other countries, including into the United States, through cyber means. So this is an emerging threat that we see. China's not the only actor in the transnational oppression space, but it's an area of real concern because not only does it interfere with the ability of these individuals to exercise their rights of free speech, but it's also an affront to our own sovereignty, when China, for example, sets up a police station in New York to carry out these attacks.
The Cipher Brief: So China's gathering all this information on Americans — but how do they use it?
Olsen: One of the ways that we're most concerned with their ability to use that data is in the context of the counterintelligence battle. They can use that information to build profiles of people in the United States who they might want to target for recruitment. In the U.S., we've seen China be very active in targeting U.S. military members who have access to sensitive information because they are clearance holders. So that data helps them understand how to best target those individuals. They can also build profiles of our members of the intelligence community, to understand their travel or other patterns of life. And, probably more of a threat in the future, but I think it’s real, is to manipulate messaging that they can use to reach into the United States. Our personal data — that could be health data, financial data — this is information that is personal and sensitive to us, and in the hands of an adversarial nation, it can be used in a range of ways that really are potentially not only undermining privacy but also undermining our national security.
The Cipher Brief:The Wall Street Journal recently ran a headline, “China-Linked Attackers Breach U.S. Internet Providers in New Volt Typhoon Cyberattack.” According to the paper, it’s the latest intrusion into core U.S. infrastructure by entities that are tied to Beijing. Is this a trend that is not getting any better?
Olsen: It’s not getting any better. Stepping back a bit on the China threat, but looking across the board with Russia and Iran and North Korea when it comes to cyber, we've been really committed to trying to be more proactive and going after the threats that we see.
Just last week, we announced a court-authorized law action against Flax Typhoon. This was a botnet that consisted of over 200,000 consumer devices that were worldwide, but largely in the United States. The botnet was infected by a group of hackers called the Integrity Technology Group, based in Beijing, that is known to the private sector as Flax Typhoon. So we used a court-authorized operation, we used the same rules that allow us to go into a house or a business to conduct a search warrant. We used that same authority to take control of the hackers’ computer infrastructure and were able to take control of the infrastructure. And by taking control, issuing disabling commands through that infrastructure to the malware, it was actually during that operation that the FBI's infrastructure that was carrying that out encountered a denial-of-service attack. So there was a little bit of hand-to-hand combat there. The FBI was very effective and very successful in beating that back, and ultimately that was unsuccessful in disrupting the FBI's ability to take out this botnet.
So this is pretty innovative. It is using traditional tools, FBI prosecutors, but being proactive and being able to disable a PRC-run botnet and then putting out information about it, not only to tell our adversaries that we did this, but also to be better at helping the private sector be protected from a cybersecurity perspective.
The Cipher Brief: What would you say is a ballpark number, in percentage terms, to rank these three – China, Russia, Iran – in terms of their activity and maybe threat level. How would you prioritize these three, in terms of threat via cyber or otherwise to national security?
Olsen: It really depends on what type of threat we're talking about. And sometimes it depends on how we are evaluating the threat. Is the threat because of their capability? Are we measuring intent? Are we measuring impact?
Just as one example, what's clear in the election interference space is that Russia is the most active. That doesn't mean that Iran doesn't show a high degree of sophistication. And also, if you look at Iran relative to past election cycles, Iran is more aggressive now than they have been in the past.
I think the intelligence community has been clear that China is the most capable and persistent when it comes to cyber espionage. If you talk about lethal plotting inside the United States, it’s Iran, full stop. What Iran is doing inside the United States in terms of targeting dissidents and former government officials, it's absolutely brazen and completely unacceptable. No country has really approached Iran’s level of activity when it comes to plotting against dissidents and former officials inside the United States.
So you have to dig in another level down to answer a question like that. It's the nature of the threat.
We do have to prioritize our efforts at times, so we do have to understand where our efforts can have the most impact. I had a talk a couple weeks ago with the Director of National Intelligence, Avril Haines, and she used a term that I've never heard before in terms of how she thinks about that kind of question. She used the term “ruthless, iterative prioritization.” So, constantly and ruthlessly and iteratively having to prioritize how we are dedicating our resources to the extraordinarily complex range of threats we face.
The Cipher Brief: How is AI being used or incorporated in some of these threats that you're talking about, and that you're bringing cases for?
Olsen: We've definitely seen it on the threat side. The most recent bulletin from the intelligence community really highlighted the use of generative AI as a way that we're seeing adversaries increase the scalability and resonance of the messaging. So it's definitely being used by our adversaries. Obviously it's a bit of an arms race, as our adversaries are developing tools and capabilities, and we're also working to figure out how we're best able to develop the same types of tools and technologies that can help discern when we're seeing artificial intelligence. That's a huge challenge right now.
The Cipher Brief: It seems that the elections are really front and center for you. Is that the case? What are you most concerned about at the moment?
Olsen: Right now, because we are fewer than 45 days away from the election, we are seeing persistent efforts to interfere with the election. I do truly believe that these efforts strike at the heart of our democracy. And so I am very concerned about how much we can do to shine a light on this activity and hold perpetrators accountable. I also said at the beginning, though, that we have to keep our eye on a range of threats, whether that's in the terrorism context or in other ways in which we're having to confront real threats from Russia and Iran. And I mentioned the legal plotting from Iran continues to be a real concern. So it's a lot right now, but it always is. The election interference from foreign adversaries is really top of mind, and I think that presents a real clear danger to our country right now.
The Cipher Brief: You've also made some comments on the terrorism front – that this is not a threat that has gotten any less dynamic from the time a decade ago when you sat in the director's chair of the National Counterterrorism Center. If you were to try to sum up the terrorism landscape today for someone who isn't paying close attention, how would you do it?
Olsen: I think about it in three different tiers. One is we remain really concerned about foreign terrorist organizations, particularly ISIS and their ability to potentially plan attacks inside the United States or in Europe, or to recruit and inspire people inside the United States. So the foreign terrorist organization, the foreign international threat, remains significant.
Second is state sponsors of terrorism, but really we're talking about Iran and lethal plotting by Iran inside the United States. Iran is a malign force in the region, but it is carrying out activities of a terrorism nature inside the United States.
And then the third is the rising threat from domestic terrorism, some of it targeting government officials and election workers. We just brought a case a couple of weeks ago against a network called Terrorgram, against two individuals who are the leaders of Terrorgram. Terrorgram is a white supremacist dedicated network. The ideology is white supremacist and accelerationist, meaning they want to push the government, the United States into a civil war to bring about a white nationalist state. The content on Terrorgram is absolutely abhorrent, but from a criminal law perspective, they are charged with inciting hate crimes. They list names of targets, they provide sainthood to people who carry out school shootings. It is just despicable. And most importantly for us in the Justice Department, we've alleged it violates a series of statutes, including material support to terrorism.
That makes for a complicated picture – international terrorism, state sponsors of terrorism and domestic terrorism. And that's how I think about the nature of the terrorism threat today.
Read more expert-driven national security insights, perspective and analysis in The Cipher Brief.
It’s not just for the President anymore. Cipher Brief Subscriber+Members have access to their own Open Source Daily Brief, keeping you up to date on global events impacting national security. It pays to be a Subscriber+Member.
