FBI says cyber incident is “contained” after apparent child sexual abuse systems breach
Did malware-riddled digital evidence evade scans before upload?
The Federal Bureau of Investigation (FBI) has confirmed that part of its network has suffered a malicious cyber incident – news first broken by CNN – describing it tersely as “an isolated incident that has been contained.”
Citing two sources on the FBI breach, but offering few details on its extent, CNN said officials understood that it involved FBI computer systems used in investigations of images of child sexual exploitation.
The bureau told its reporters that it is “aware of the incident and is working to gain additional information… As this is an ongoing investigation the FBI does not have further comment to provide at this time.”
It is possible that rather than a targeted and intentional active attack on the FBI in particular, instead, malware-laden evidence file made it through pre-upload scans before it was entered into FBI systems.
FBI breach: Forensic systems are air-gapped…
Austin Berglas, Global Head of Professional Services, BlueVoyant and Former Assistant Special Agent in charge of the FBI’s New York Office Cyber Branch said in an emailed comment: “Crimes Against Children Investigations frequently involve the forensic collection, processing, and analysis of digital evidence.
“Once evidence is obtained or seized through consent or legal process, the digital media (mobile phones, computers, and external storage devices) is provided to a member of the FBI's Computer Analysis Response Team (CART) - certified special agents and forensic examiners" said Berglas, who previously served as an FBI Crimes against Children Coordinator, responsible for the coordination and investigation of crimes including international and domestic kidnapping, sex tourism, and the sexual exploitation of children over the Internet."
"All digital evidence is scanned for malware or malicious files prior to processing on computers with specialised forensic software used to extract information contained on the devices. These forensic computers are stand alone and are not connected to any internal, classified system," he added.
"New variants of malware and malicious files find their way on to the Internet everyday, so there are instances where scans fail to identify a dangerous file prior to the CART examiner uploading to a forensic computer, but any infection would be contained to the examination network."
More to follow when we have it.