The FBI has issued a brief statement claiming it is now under control over a recent cyber incident at one of its most high-profile field offices.
A source briefed on the matter told CNN that the malicious incident affected some of the networks used to investigate child sexual exploitation images.
“The FBI is aware of the incident and is working to obtain additional information,” the Fed said in a statement sent to the news network. Due to the ongoing investigation, the FBI will not be providing further comment at this time.”
I still don’t know what kind of attack this is and where it came from.
But this isn’t the first time the agency has been targeted. In 2021, it was reported that official email addresses were compromised and used to send spam to at least 100,000 recipients. One of the intercepted messages apparently cited the DHS Cyber security and Infrastructure Security Agency (CISA), claiming the recipient was on the receiving end of a large-scale cyberattack.
The FBI later confirmed that the hackers took advantage of misconfigurations in IT systems used to communicate with state and local law enforcement partners. This is the Law Enforcement Enterprise Portal (LEEP).
BlueVoyant’s Global Head of Professional Services, Austin Berglas, is a former Special Agent in charge of the FBI’s New York office cyber branch.
He explained that investigations into crimes against children frequently involve the collection and analysis of digital evidence.
“Once evidence is obtained or seized through consent or legal process, digital media (mobile phones, computers, and external storage devices) may be transferred to authorized special agents who are members of the FBI’s Computer Analysis Response Team (CART). It will be provided to officers and forensic inspectors,” he continued.
“All digital evidence is scanned for malware and malicious files before being processed by a computer using special forensic software used to extract the information contained on the device. The forensic computer is standalone and not connected to any sensitive internal systems.”
This means that even if a new malware variant makes it into a forensic computer from a confiscated device, it will be contained in the inspection network, Berglas said.
“While the malware could spread and infect other investigations on the CART network, to preserve the original evidence, forensic investigators created working copies for analysis and review. ‘he concluded.
