The FBI is using artificial intelligence in what it describes as “remote access operations,” FBI parlance for hacking, according to an FBI official.
The comments, given at a national security and AI conference 404 Media was attending, give an unusually candid admission of the FBI’s use of hacking tools, which are often shrouded in secrecy.
“My team, one of the parts of our capabilities mission is our computer network operations program, where we’re doing on-network or remote access operations,” Todd Hemmen, the deputy assistant director of the FBI’s Cyber Division, said on Tuesday. Remote access operations is a turn of phrase for when the FBI remotely enters a computer network; in other words, when the agency hacks into a target.
Specifically for those sorts of operations “AI has tremendous benefits, not entirely different than the benefits that are being enjoyed by some of our adversarial nationstate actors,” he continued. He pointed to “the speed at which we are able to conduct—autonomous isn’t the right word—but AI enabled attacks.”
Hemmen was speaking on a panel about how criminals and nationstates are using AI to power scams and fraud. When 404 Media asked a follow-up question for more details on how the FBI is using AI for its remote access operations, Hemmen said he wouldn’t give any case specific examples, but spoke more broadly about the benefits.
He pointed to reconnaissance, when a hacker scopes out a target network to in turn find potential ways to break into it. “You have very large attack surfaces; AI can scan those surfaces very, very efficiently. So it’s that initial scanning in terms of where are the vulnerabilities, how can I exploit and gain access,” he said. He added AI then can be used for moving laterally through the network, which is when a hacker moves from one position to another to access more data or capabilities. While a threat actor—a cybercriminal or an adversary nationstate—may then steal data, “we have a different mission obviously, but I see AI as having applicability across, again, every single tactic that would be relevant to those on-network operations, So it’s a game changer in that sense.”
In his role, Hemmen oversees the division’s technical tools. The FBI did not respond to a request for additional comment.
Relatively little is known about what hacking tools the FBI deploys, what sort of cases it decides to deploy them in, and for what exact purpose. Over the years journalists have pieced together parts, though. Previously, the FBI used a “non-public” vulnerability to hack suspected visitors of a dark web child abuse site. The FBI’s Remote Operations Unit (ROU) used classified hacking tools—which are typically reserved for intelligence gathering operations—in ordinary criminal investigations, potentially complicating criminal defendants’ opportunity to scrutinize the evidence collected against them. The FBI has also used hacking tools, euphemistically called network investigative techniques, to investigate bomb threats and the users of a privacy-focused email service. The FBI also purchased hacking tools from the notorious spyware vendor NSO Group and explored using them against phones in the U.S., The New York Times previously reported.