FBI Detects Major Cyber Incident Linked to China

The FBI has recently categorized a cyber effort associated with China to breach one of its surveillance systems as a “major cyber incident.” This classification indicates a significant threat to national security, according to various sources.

To clarify, a “serious incident,” as defined under the Federal Information Security Modernization Act of 2014 (FISMA), sets the bar for what constitutes major security breaches. This law, an update to 2002 legislation, established universal security standards for federal agencies, including guidelines for investigating and documenting potential cyberattacks.

In early March, the FBI informed Congress that it was looking into “suspicious activity” on an internal network that contained sensitive surveillance information like wiretap data. The breach was initially spotted on February 17th, and thankfully, the cybersecurity team managed to respond quickly.

The FBI reported that the affected systems were unclassified but held sensitive law enforcement data. This includes information from legal processes such as pen registers and trap-and-trace surveillance, as well as personally identifying details about individuals of interest.

These “pen register” and “trap-and-trace” technologies let law enforcement access specific metadata from the phones of suspects without intercepting actual conversations. Such information would be extremely valuable to foreign intelligence agencies, as it can reveal who the FBI is investigating, potentially exposing homegrown operatives in the U.S.

According to Congressional sources, the attackers gained access by “exploiting the infrastructure of a commercial Internet service provider.” This method is increasingly common among cybercriminals looking to penetrate high-security systems.

The FBI has chosen not to disclose further details about the breach or speculate on the attackers’ identities, but the complexity of the hack has led some to believe it was orchestrated by a state adversary.

This suspicion heightened as the White House, National Security Agency (NSA), and Cybersecurity and Infrastructure Security Agency (CISA) joined the investigation. Observers noted similarities between this intrusion and prior large-scale hacks attributed to a Chinese state cyber espionage group known as Salt Typhoon.

Some anonymous sources indicated there were reasons to suspect “hackers with ties to the Chinese government” played a role in the FBI breach, although specifics were limited.

Cynthia Kiser, a former deputy director in the FBI’s Cyber Division, remarked that to her knowledge, the FBI had not officially reported a major cyber incident since 2020. She pointed out that the standards for FISMA incidents are quite stringent, with only a handful of institutions declaring significant breaches each year.

Senator Mark Warner (D-Va.), the lead Democrat on the Senate Intelligence Committee, warned that this incident underscores the persistent threat from advanced cyber adversaries, particularly China, which seems to be ramping up its aggressive tactics.

Moreover, an anonymous U.S. official commented that these events remind us how unaddressed vulnerabilities can easily be exploited by formidable enemies.

On a somewhat positive note, the ongoing investigation into the FBI breach may yield critical insights into China’s cyber espionage strategies. Such information could help U.S. security experts better understand and combat threats like Salt Typhoon, which remains an active concern for the FBI Cyber Division.