Inside the Ring

FBI hacked by China

A recent computer intrusion that forced the FBI to shut down its computer network and disrupted FBI operations was traced to an e-mail containing malicious code that originated in China, according to FBI officials.

The forced shutdown of the network affected one significant FBI operation — the May 20 arrest of homegrown terrorism suspects in New York, said officials who spoke on condition of anonymity because they were not authorized to discuss the matter.

“The Chinese shut down our network,” said one FBI official familiar with assessments of the attack.

The FBI network disruptions followed a similar penetration of the Defense Department e-mail system used by Defense Secretary Robert M. Gates in 2007, which defense officials have said was traced to computer servers in China.

FBI spokesman Mike Kortan declined to address the suspected Chinese origin of the computer strike or its likely penetration through an e-mail attachment.

Chinese Embassy press spokeswoman Wei Xin said China has a “resolute policy of opposing and cracking down on cyber crimes including hacking, according to law.”

“Relevant authorities of the Chinese government attach great importance to cracking down on cyber crimes, and have strengthened cooperation with other countries and international organizations, including the Interpol on jointly fighting against crimes such as cross-border cyber attacks through bilateral consultation and cooperation,” she said.

Mr. Kortan referred Inside the Ring to an FBI statement issued May 29 in response to a New York Post report on the network disruption. The FBI stated that their network was shut down as a precaution and that e-mail traffic was “largely restored within 48 hours” after the detection of the malicious code.

“The external, unclassified network is generally used for routine communications and messages,” the statement said. “It is important to note that the FBI’s internal, classified network is where communications and e-mail about sensitive and investigative matters take place and was never affected.”

However, a senior FBI official said the shutdown disrupted communications used during the May 20 raid in New York that netted a group of homegrown terrorists.

A second FBI official said that computer access by the entire agency and its thousands of officials was restricted for at least two weeks and was only restored to normal levels last week.

“Out of an abundance of caution, the FBI has temporarily self-imposed a limit on sending and receiving attachments on our external, unclassified network to give our technicians time to scan all the attachments that came into the e-mail system to make sure we have identified and mitigated all threats to the network,” the FBI statement said.

According to the officials, the computer network penetration occurred in early May after an FBI employee opened an attachment to an e-mail marked H1N1 in the subject line. The H1N1 virus is also known as the swine flu. It then permitted hackers some access to the FBI network that was not discovered until at least a week after the e-mail electronic infection.

The intrusion also affected the U.S. Marshals Service.

Story Continues →