FBI investigates suspicious cyber activity on system holding surveillance data

The incident, which the bureau discovered Feb. 17, involved an unknown actor using sophisticated techniques—including leveraging infrastructure belonging to a commercial internet service provider vendor—to exploit FBI network security controls, raising questions about the security of systems holding domestic surveillance data.

The FBI said it is investigating suspicious cyber activity on an internal, unclassified system that stores sensitive law enforcement information, including returns from court-authorized surveillance operations and personally identifiable information on subjects of FBI investigations, according to a congressional notification obtained by the Associated Press.

The bureau said it discovered the problem on Feb. 17, when it detected abnormal log activity on the affected system. The notification, sent to members of Congress and reviewed by the AP on Thursday, described the unnamed actor as using “sophisticated” techniques to compromise FBI network security controls.

“The affected system is unclassified and contains law enforcement sensitive information, including returns from legal process, such as pen register and trap and trace surveillance returns, and personally identifiable information pertaining to subjects of FBI investigations,” the notification said, according to the AP.

A pen register is a surveillance tool that allows law enforcement to record phone numbers dialed from a specific line; a trap and trace device captures incoming call data. Both require a court order to deploy.

The FBI confirmed the incident in a statement Thursday but declined to elaborate. “The FBI identified and addressed suspicious activities on FBI networks, and we have leveraged all technical capabilities to respond,” the bureau said. “We have nothing additional to respond.”

Neither the bureau’s statement nor the congressional notification identified a suspect or attributed responsibility to any foreign government or other actor. According to the notification, the intruder reportedly leveraged a commercial internet service provider vendor’s infrastructure to exploit FBI network security controls—a technique the bureau described as “sophisticated.”

The FBI and other federal agencies have been recurring targets of foreign hackers seeking to monitor sensitive operations and government decision-making, according to the AP. The bureau said it is continuing to work to determine the full scope and impact of the incident.