FBI "Contains" Cyber-Incident on its Network

Written by

The FBI has released a brief statement about a recent cyber-incident that occurred at one of its highest profile field offices, claiming it is now under control.

Sources briefed on the matter told CNN that a malicious incident impacted part of its network used in investigations of images of child sexual exploitation.

“The FBI is aware of the incident and is working to gain additional information,” the Feds said in a statement sent to the news network. “This is an isolated incident that has been contained. As this is an ongoing investigation the FBI does not have further comment to provide at this time.”

It remains to be seen what type of attack this was and where it came from.

However, it’s not the first time the bureau has been targeted. In 2021, an official email address was reportedly compromised and used to spam at least 100,000 recipients. One intercepted message apparently cited the DHS Cybersecurity and Infrastructure Security Agency (CISA) and claimed the recipients were on the receiving end of a major cyber-attack.

Later, the FBI confirmed that hackers had taken advantage of a misconfiguration in an IT system it used to communicate with state and local law enforcement partners: the Law Enforcement Enterprise Portal (LEEP).

Austin Berglas, global head of professional services at BlueVoyant is a former assistant special agent in charge of the FBI’s New York Office Cyber Branch.

He explained that investigations into crimes against children frequently involve the collection and analysis of digital evidence.

“Once evidence is obtained or seized through consent or legal process, the digital media (mobile phones, computers, and external storage devices) is provided to a member of the FBI's Computer Analysis Response Team (CART) – certified special agents and forensic examiners,” he continued.

“All digital evidence is scanned for malware or malicious files prior to processing on computers with specialized forensic software used to extract information contained on the devices. These forensic computers are stand-alone and are not connected to any internal, classified system.”

This means that, even if a new malware variant made its way from a seized device onto a forensic computer, it would be contained to the examination network, Berglas said.

“The potential for that malware to spread and infect other investigative matters on the CART network is real, but, in order to preserve the original evidence, forensic examiners produce working copies for analysis and review,” he concluded.

What’s hot on Infosecurity Magazine?