The FBI is investigating a massive breach of its own systems

Mary Dada

Mary Dada

2 min read
The FBI is investigating a massive breach of its own systems
Even the FBI’s own network isn’t immune to cyber threats ©Image Credit: Unsplash / Azamat E

When people say “no system is truly safe,” this is what they mean. The FBI is investigating a breach inside its own network and the affected systems reportedly include tools connected to wiretapping and surveillance warrants.

While the bureau isn’t saying much yet, here is what we know about the situation.

What exactly got breached?

According to reports, the intrusion may involve a network used to manage foreign intelligence surveillance and wiretap warrants. That system processes data linked to things like:

  • Pen register surveillance tools
  • Trap-and-trace monitoring
  • Investigative records
  • Personal information tied to FBI cases

In short: It’s not classified intelligence, but it is definitely sensitive law enforcement material. 

The FBI said it detected suspicious activity on its network and quickly began responding. For now, officials are keeping details extremely limited.

This kind of breach has happened before

If the idea of hackers targeting surveillance systems sounds familiar, there’s a reason. A group known as Salt Typhoon, believed to be backed by China, previously breached major U.S. telecommunications companies and accessed systems used for lawful wiretapping. That attack exposed information tied to millions of Americans.

There’s no confirmation that the same group is involved here, but it shows why systems tied to surveillance are such valuable targets.

Meanwhile, cybercrime isn’t slowing down

The FBI investigation is unfolding during a busy stretch in global cybercrime enforcement. Just last week, Europol announced it had dismantled two major cybercrime platforms: Tycoon2FA, a phishing-as-a-service operation that helped criminals bypass two-factor authentication, and LeakBase, a marketplace packed with stolen data.

Tycoon2FA alone was responsible for a huge share of phishing attempts targeting platforms like Microsoft 365 and Google Workspace. It was responsible for 62% of phishing attempts blocked by Microsoft. At its peak, it was sending tens of millions of phishing emails every month, allowing criminals to bypass multi-factor authentication and hijack accounts.

And phishing scams are still evolving

Security company LastPass also warned users about a new phishing campaign that mimicked internal company email threads. The trick relied on display name spoofing.

Basically, attackers made emails look like they came from LastPass employees, hoping users wouldn’t check the actual email address behind the message. Click the link, enter your login, and the attacker walks away with your credentials.

It's an old-school trick. But it still works.

Source: The Register

Read more