The Federal Bureau of Investigation has formally classified a China-linked breach of one of its internal surveillance systems as a “major incident” under federal law, a designation that signals the intrusion carries significant risks to US national security.
The news, first reported by Politico, lands as yet another embarrassing blow to America’s cybersecurity posture, and a potential windfall for Beijing.
On Feb. 17, the FBI opened an inquiry into unusual activity on one of its internal networks, the kind used to manage wiretaps and other sensitive surveillance operations, according to a Justice Department notice to Congress reviewed by Bloomberg News. By March 4, the bureau had formally told lawmakers it was investigating “suspicious activity” on a system holding what it described as “law enforcement sensitive information.”
It didn’t name a suspect at the time.
Fast-forward to March 23: senior Justice Department officials concluded that the breach qualified as a “major incident” under the Federal Information Security Modernization Act (FISMA), a 2014 law that sets the bar for how seriously the government treats digital intrusions. Congress was formally notified of that determination shortly after, according to congressional aides and officials familiar with the matter who spoke to Politico on condition of anonymity.
The breach didn’t hit the main headquarters but was instead localized to FBI systems in the Virgin Islands, according to Fox News. However, the data inside was still incredibly sensitive.
What the hackers got into
The compromised system wasn’t just any server. According to the March notice to Congress — viewed by both Politico and Bloomberg — it held returns from pen register and trap-and-trace surveillance operations, as well as personally identifiable information on subjects of active FBI investigations.
Pen registers and trap-and-trace devices are legal tools that allow law enforcement to track call patterns, phone numbers, and websites visited by a target, without recording the actual content of communications. While that distinction might sound reassuring, the metadata they capture is enormously valuable to a foreign spy service: it essentially maps out who the FBI is watching, and how.
The breach notice told Congress that the attackers got in by “leveraging a commercial Internet Service Provider’s vendor infrastructure,” a method the bureau characterized as reflecting the group’s “sophisticated tactics,” according to Politico.
The response and the embarrassment
The White House convened a meeting in early March, bringing together officials from the FBI, the National Security Agency, and the Cybersecurity and Infrastructure Security Agency (CISA) to discuss the breach, according to Politico. Spokespeople for the White House and CISA referred questions back to the FBI.
The FBI’s own public statement has been terse. In a comment issued in early March and referenced again this week, the bureau said: “FBI identified and addressed suspicious activities on FBI networks, and we have leveraged all technical capabilities to respond.”
In response to the breach, Bloomberg reports, the Justice Department announced the creation of a working group focused on strengthening cyber resilience and improving its incident response procedures.
Behind the scenes, the mood is less composed. One US official told Politico the FBI had moved quickly once the breach was discovered, but acknowledged the optics were rough: it is, the official said, “embarrassing” for the bureau to be compromised by the very adversary it is charged with tracking.
“This is just a reminder that any unpatched vulnerability or any architectural weakness is going to be exploited by an adversary of this caliber,” the official told Politico.
The FBI surveillance breach is also said to be separate from a recent Iran-linked compromise of FBI Director Kash Patel’s personal email account, according to Politico, suggesting the bureau is grappling with multiple active cyber threats simultaneously.
Read the full article here
