The U.S. Federal Bureau of Investigation (FBI) has recently been affected by a cyber incident that occurred at one of its most prominent field offices, although it was brought under control in a short period of time.

According to some investigators, this malicious incident affected part of its network used in investigations of child sexual exploitation images.

The FBI sent a brief statement to the media in which it admitted this malicious situation in its network and that it was working to obtain additional information on the origin of the problem. It also stressed that, being an ongoing investigation, the US agency did not offer more details about the circumstances and the origin of the cyber-attack. Eventually, it was understood that information about what kind of attack it was and where it came from would be sought.

Journalist Phil Muncaster told it through the website Infosecurity Magazine, among other platforms. He described the attack on the network and explained that it is not the first time that the US office has been attacked. In 2021, an official email address was compromised and used to spam at least 100,000 recipients. Apparently, an intercepted message cited DHS Cybersecurity and Infrastructure Security Agency (CISA) and claimed that recipients were on the receiving end of a major cyber-attack.

The FBI later confirmed that the hackers had taken advantage of an incorrect configuration on a computer system that it used to communicate with state and local law enforcement collaborators: the Law Enforcement Enterprise Portal (LEEP).

Austin Berglas, global head of professional services at BlueVoyant, is a former assistant special agent in charge of the cyber branch of the FBI’s New York office. Berglas explained that investigations into crimes against minors often involve the collection and analysis of digital evidence. Thus, once evidence is obtained or seized by consent or legal process, digital media (mobile phones, computers, and external storage devices) is provided to a member of the FBI’s Computer Analysis Response team (CART): certified special agents and forensic examiners.

All digital evidence is scanned for malware or malicious files before being processed on computers with specialised forensic software used to extract the information contained in the devices. These forensic computers are stand-alone and are not connected to any classified internal system.

This means that even if a new malware variant moves from a seized device to a forensic computer, it would be contained in the examination network.

The potential for this malware to spread and infect other investigative media on the CART network is real, but to preserve the original evidence, forensic examiners produce working copies for analysis and review.

_____

Aquest apunt en català / Esta entrada en español / Post en français