Intruder alert: FBI tackles 'isolated' IT security breach
Move along, totally nothing to see here
The FBI claims it has dealt with a cybersecurity "incident" that reportedly involved computer systems being used to investigate child sexual exploitation.
"The FBI is aware of the incident and is working to gain additional information," a spokesperson said in a statement to The Register. "This is an isolated incident that has been contained. As this is an ongoing investigation the FBI does not have further comment to provide at this time."
The spokesperson declined to answer questions about the IT security breach, including how intruders gained access to the network and what information they accessed.
CNN first reported the intrusion or infiltration on Friday morning, and said it involved something untoward happening with computers in the FBI's New York field office.
Austin Berglas, a former FBI agent in the Crimes Against Children unit in New York, told The Register the infected or infiltrated devices are likely contained to a forensic analysis network. In other words, it's doubtful that the network intruders accessed any classified information: they may have only got as far as the systems for studying and sorting files.
These child exploitation investigations usually involve digital evidence: cell phones, computers, external storage and the like. After the FBI seizes suspects' devices, they are scanned for malware or other malicious files prior to processing data with specialized forensic software which is used to extract information hidden on the devices, Berglas explained.
"Most likely, an infected device (not intentionally by the owner) was seized/collected and then infected the FBI forensic computer after evading malware scans," Berglas, who is now at security shop BlueVoyant, told The Register. "These devices would never be processed on classified networks."
New malware appears daily, so sometimes scans fail to identify dangerous files before the FBI's Computer Analysis Response Team uploads the device's contents to the examination network, he added.
- FBI spams thousands with fake infosec advice after 'software misconfiguration'
- Embarrassment as US cyber ambassador's Twitter account is hacked
- FBI smokes ransomware Hive after secretly buzzing around gang's network for months
- Among the thousands of ESXiArgs ransomware victims? FBI and CISA to the rescue
"It's just the nature of the business and the Wild West of the internet," Berglas said. "Connected devices are going to be exposed to dangerous software."
And while the FBI undoubtedly prefers to make headlines when it's hacking the crims, as opposed to the other way around, this isn't its first publicly admitted security snafu.
In November 2021, miscreants exploited a software misconfiguration in the FBI's email servers to send thousands of fake messages. The emails, sent from legit FBI servers, warned recipients that they were victims of a "sophisticated chain attack" in which crooks had stolen "several of your virtualized clusters." ®