Cyber incident at New York FBI office contained, source unknown


The FBI says it has isolated and contained a malicious cyber incident apparently involving its New York field office. Cybernews gets insight from a former agent about the case.

The Federal Bureau of Investigation says it is continuing to investigate the source of the intrusion of its computer networks over the past few days.

“The FBI is aware of the incident and is working to gain additional information,” the bureau said.

ADVERTISEMENT

“This is an isolated incident that has been contained,” said the FBI.

FBI officials told CNN sources they believed the malicious activity involved a computer system used in investigations of child pornography.

That computer system is believed to be located at the bureau’s New York field office, one of the largest and most high-profile in the FBI.

“Crimes against children investigations frequently involve the forensic collection, processing, and analysis of digital evidence,” said Austin Berglas, a former FBI special agent in New York and now head of professional services at cyber defense firm BlueVoyant.

Berglas, who was with the bureau for over 15 years and investigated crimes against children from its New York office, described how FBI computer networks operate.

“Once evidence is obtained or seized through consent or legal process, the digital media (cellphones, computers, and external storage devices) are provided to a member of the FBI’s Computer Analysis Response Team (CART),” Berglas said.

After any digital evidence is collected by an FBI certified special agent or forensic examiner, it is then scanned into the CART network to catch any “malware or malicious files prior to processing on computers with specialized forensic software used to extract information contained on the devices", he added.

“These forensic computers are standalone and are not connected to any internal, classified system,” said Berglas.

ADVERTISEMENT

Even if the scan failed to identify malicious content prior to uploading the evidence to a forensic computer, “any infection would be contained to the examination network”, he added.

Although the potential always exists for malware to infect and spread through the CART network, Berglas said forensic examiners will create and only use a working copy of the original evidence for analysis and review, providing another layer of security.

In this instance, it is still unknown where the malicious activity originated from.

The FBI has declined to make any further statements about the incident at this