FBI says it identified and addressed suspicious activity on surveillance networks

The FBI confirmed it “identified and addressed suspicious activities on FBI networks, and we have leveraged all technical capabilities to respond,” acknowledging an internal probe into abnormal activity tied to a system used in surveillance operations. The bureau added, “We have nothing additional to provide.”

A congressional notification obtained by The Associated Press shows the bureau opened the investigation on Feb. 17 after detecting abnormal log information related to an unclassified system that nevertheless holds law enforcement sensitive material. The notification said the system contains returns from legal process, including pen register and trap and trace surveillance returns, and personally identifiable information pertaining to subjects of FBI investigations. A pen register logs the phone numbers dialed by a specific line.

NBC Washington reported investigators described the techniques used as “sophisticated” and said the activity included leveraging a commercial internet service provider vendor’s infrastructure to exploit FBI network security controls. The FBI has not publicly identified a culprit, confirmed whether any data were accessed or removed, or named the specific system involved.

The bureau’s terse public confirmation, reported March 5, follows a string of cyber incidents against U.S. law enforcement and intelligence systems in recent years. CyberScoop noted earlier reporting that a Chinese hacking group known as Salt Typhoon exploited components of the U.S. wiretapping system in 2024; it remains unclear whether there is any link to the current matter. The FBI has faced other intrusions, including an isolated 2023 breach in its New York field office and a 2021 incident involving a misconfigured server that sent hoax emails.

Officials told Congress the actor used sophisticated techniques to exploit FBI network security controls and that the bureau was working to determine the scope and impact of the problem. Beyond the law enforcement and national security stakes, the potential exposure of surveillance returns and personally identifiable information raises immediate privacy and civil liberties concerns for people who may be subjects of investigations. Community advocates and civil rights lawyers say systems that collect detailed surveillance returns tend to affect low-income and marginalized communities disproportionately, increasing the stakes when security lapses occur.

The FBI has not detailed what “leveraged all technical capabilities” entailed or whether it coordinated response work with the Cybersecurity and Infrastructure Security Agency, the National Security Agency, or private vendors. The AP-obtained notification was sent to congressional offices, but lawmakers and committee staff have not released further findings.

The public record also includes a separate FBI cybersecurity advisory about the BADBOX 2.0 botnet that warns consumers to check Internet of Things devices for compromise. That bulletin, which discusses threats to home devices and supply chain risks, is not tied in the available reporting to the surveillance-system incident.

Investigators face a narrow window to establish whether sensitive operational information or personally identifiable data were exposed and to measure downstream harms. For communities whose communications or movements are documented in returns from legal process, ambiguity about what was accessed can erode trust in law enforcement and the privacy protections that are supposed to govern investigative powers. Congress and oversight bodies will likely press the bureau for specifics about the system, the vendor infrastructure reportedly involved, and any changes to security controls meant to prevent recurrence.