The FBI said it has isolated and contained a malicious cyber incident apparently involving its New York field office, Cybernews gets insight from a former NY agent about the case.
The Federal Bureau of Investigations said they have now contained and are continuing to investigate the source of a malicious cyber incident found on part of its computer networks over the past few days, CNN first reported Friday.
“The FBI is aware of the incident and is working to gain additional information,” the bureau said in an statement emailed to news agencies.
“This is an isolated incident that has been contained,” stated the FBI.
FBI officials told CNN sources, they believed the malicious activity involved one of their computer systems used in investigations of images of child sexual exploitation.
That computer system is believed to be located at the bureau’s New York field office, one of the largest and highest profile offices in the FBI.
“Crimes Against Children Investigations frequently involve the forensic collection, processing, and analysis of digital evidence,” said Austin Berglas, former FBI New York Cyber Crimes Squad Supervisor and now Global Head of Professional Services at the cyber defense firm BlueVoyant.
Berglas, who was with the NY bureau for over fifteen years and also served as the NY Office’s Crimes Against Children Coordinator, described how the FBI computer networks operate.
“Once evidence is obtained or seized through consent or legal process, the digital media (cell phones, computers, and external storage devices) are provided to a member of the FBI’s Computer Analysis Response Team (CART),” Berglas said.
Berglas said after any digital evidence is collected by an FBI certified special agent and/or forensic examiner, it is then scanned into the CART network to catch any “malware or malicious files prior to processing on computers with specialized forensic software used to extract information contained on the devices.”
“These forensic computers are stand-alone and are not connected to any internal, classified system,” said Berglas.
Even if the scan failed to identify malicious content prior to uploading the evidence to a forensic computer, “any infection would be contained to the examination network,” Berglas said.
Although the potential always exists for malware to infect and spread through the CART network, Berglas said forensic examiners will create and only use a working copy of the original evidence for analysis and review, providing another layer of security.
In this instance, it is still unknown where the malicious activity originated from.
The FBI has declined to make any further statements about the incident at this time.