NetworkTigers reports on FBI cybersecurity wins and losses.
While government agencies and organizations are responsible for handling and protecting some of the most sensitive data available and pursuing those who intend to use it for nefarious purposes, federal cybersecurity is not immune to attack.
In coordination with international authorities, the FBI has recently taken down several high-profile dark web marketplaces and criminals. However, our government has revealed that it too can fall victim to hacks, breaches and ransomware.
In this constant game of tug-of-war with a side of whack-a-mole, here are some of the highest-profile file battles fought between cybercriminals and the federal government.
Federal cybersecurity failures
US agencies breached by CozyBear.
In late 2020, it was revealed that the Russian hacker gang CozyBear had breached the Treasury and Commerce departments and other federal agencies in a global espionage campaign.
Researchers determined that the campaign, sponsored by Russia’s intelligence service, had been in place for months and affected “consulting, technology, telecom, and oil and gas companies in North America, Europe, Asia and the Middle East.” The breaches were all a consequence of Russia’s compromise of SolarWinds, an IT management company with a huge list of high-profile clients across both public and private sectors.
CozyBear has proven adept at finding and exploiting gaps in federal cybersecurity. The gang is also responsible for hacking into the State Department and White House email servers in 2015, the Democratic National Committee in the lead-up to the 2016 presidential election and the Republican National Committee in 2021.
2021 FBI email hack
In November of 2021, the FBI’s external email system was hacked and used to send spam messages to thousands of recipients from the agency’s Law Enforcement Enterprise Portal system used to communicate with state and local authorities. The fraudulent emails had the subject line “Urgent: Threat actor in systems” and purported to include a Department of Homeland Security warning about an impending cyberattack.
The message also claimed that the supposed attack was perpetuated by Vinny Troia, a noted security expert who has investigated and exposed enough cybercriminals to find himself in the crosshairs of what he called a smear campaign.
Because the emails originated from the FBI’s system and included the appropriate headers and return addresses, they caused widespread disruption and confusion. However, the system attack was unclassified and no further breaches into the agency occurred. The breach is believed to have been undertaken to troll Troia, undermine the FBI’s credibility, and attain street cred.
Well-known hacker and alleged BreachForums administrator Conor Brian Fitzpatrick, better known as “Pompompurin,” was arrested in March of 2023 for his supposed involvement in the hack, among other crimes.
2023 FBI email hack
In another isolated hacking incident, a computer system used by the FBI’s New York Field Offsed in child exploitation investigations was breached in February 2023. The agency has revealed little about the compromise aside from that it was successfully contained. Because of this silence, it can be assumed that the investigation into this particular federal cybersecurity beach is still under investigation at the time of this article’s writing.
Congress healthcare breach
A March 2023 attack on DC Health Link, a health insurance marketplace used by members of the US Congress, affected the personal data of lawmakers, their employees and their family members.
DC Health Link said that 56,415 customers had data exposed in the attack, including “Social Security numbers, birth dates, gender, health plan and employer information, citizenship status, race and contact information.”
While DC Health Link is not a government agency, its breach and the data exposed are still an acute embarrassment to federal cybersecurity. It calls into question the government’s ability to protect personal information, even when it belongs to its most elite members.
Federal cybersecurity successes
The FBI takes down Hive.
Hive was a ransomware gang with a despicable reputation for selecting critical targets in the healthcare industry. Launching attacks against hospitals during the peak of the COVID-19 pandemic’s stresses was a strategy Hive used to cripple care providers and almost guarantee that their demands would be met. The gang extorted more than $100 million since its 2021 inception.
A covert FBI operation saw agents infiltrate Hive’s networks, provide victims with decryption keys, dismantle their infrastructure and cripple their operations in what federal officials called a “21st-century cyber stakeout.”
The Justice Department shuts down Hydra Market.
In Al of 2022, the US Justice Department collaborated with German authorities to shut down Hydra Market, the dark web’s largest and most popular exchange for everything from illegal drugs to money laundering services.
Frequenchieflystly by Russian users, Hydra’s purchases were facilitated by cryptocurrency and contributed to around 80% of all dark web crypto-based transactions.
According to FBI director Christoper Way, “The successful seizure of Hydra, the world’s largest darknet marketplace, dismantled digital infrastructures which had enabled a wide range of criminals — including Russian cybercriminals, the cryptocurrency tumblers, and money launderers that support them and others, and drug traffickers.”
“Operation Cookie Monster” dismantles Genesis Market
In April of 2023, the FBI seized financial fraud marketplace Genesis Market in a campaign codenamed “Operation Cookie Monster.”
Genesis Market was an invitation-only cybercrime marketplace that focused mostly on the buying and selling of stolen login credentials related to social media and banking accounts. The US Justice Department reported that Genesis Market stole data from over 1.5 million computers globally and exchanged credentials belonging to more than 80 million people.
The massive operation involved 45 of the US’s 56 FBI field offices, the cooperation of more than a dozen other countries and led to over 100 arrests worldwide, making it a major federal cybersecurity victory for several nations globally.
The FBI dismantles BreachForums.
After the arrest of its administrator, the aforementioned Pompompur, the popular hacking site BreachForum was dismantled by the FBI.
BreachForum was widely used to purchase and share stolen data, including the information stolen in the breach of DC Health Link. Following Fitzpatrick’s arrest, the site’s then-administrator elected to abandon the forum after concluding, probably correctly, that it had been compromised by federal agents using Pompompurin’s devices to take a look behind the scenes.
The future of federal cybersecurity
The FBI’s recent uptick in victories against international cybercriminals goes hand in hand with the Biden administration’s prioritization of cybersecurity law enforcement and legislation. While new dark web marketplaces and forums predictably rise to fill the vacuums left behind by then gutted, the federal government’s current rate of success will hopefully make such enterprises an increasingly risky venture and make future cybercriminals think twice about engaging in illegal activity.
