Tag: hackers

Foreign Hacker Cracked Into FBI’s Epstein Files In 2023, Was ‘Disgusted’ At Child Sexual Abuse

A foreign hacker broke into a server at the FBI’s New York Field Office and ‘compromised files relating to the FBI’s investigation of the late sex offender Jeffrey Epstein’ in 2023, Reuters reports. 

According to the FBI, the intrusion was an “isolated” cyber incident – though not to be confused with a different cybersecurity oncident involving a sensitive internal network used to manage wiretaps and FISA warrants. 

The FBI restricted access to the malicious actor and rectified the network. The investigation remains ongoing, so we do not have further comments to provide at this time,” the agency said in a statement. 

Reuters‘ source claimed that the intrusion ‘appeared’ to be carried out by an individual cybercriminal as opposed to a foreign government (source: trust us bro, we’re here to help). 

The New Hack

The official story: The hack occurred after a server at the Child Exploitation Forensic Lab in the FBI’s NY Field Office was inadvertently left vulnerable by Special Agent Aaron Spivack – who was attempting to figure out how to handle digital evidence within the bureau’s system. 

A timeline written by Spivack and included in the large cache of Epstein documents released earlier this year said the break-in happened ​on February 12, 2023. It was discovered the following day when Spivack turned on his computer and discovered a text file warning him that his network had been compromised, according to that document.

Further investigation turned up traces ‌of unusual activity ⁠on the server, the document said, adding that the activity “included combing through certain files pertaining to the Epstein investigation.” –Reuters

The report does not say which specific files were accessed, whether the hacker actually downloaded anything, or who the hacker was, nor could Reuters determine what overlap, if any, the affected files had with the recent DOJ Epstein file drops.

The hacker expressed ‘disgust at the presence of child abuse images on the device and left a message threatening to turn its owner over to the FBI,’ not realizing that they had accessed the actual FBI. They eventually convinced the hacker, who joined a video chat where they flashed their law enforcement credentials in front of a web camera. 

Spivak says he’s being made “a scapegoat for the intrusion,” and that conflicting FBI policies and poor guidance around informational technology were to blame.  

Interestingly, Spivak was mentioned in an Epstein files email from after the financier’s death, which was sent to multiple recipients. In, someone says:

Hi team,

Aaron Spivak from the FBI (cc’d) has a new file for the Maxwell case that he needs to send to us. Would one of you please coordinate with him to get it via USAfx, then let me know when we have it?

Thanks so much,

EFTA00154980

The FBI breach was first reported by CNN and Reuters on February 17, however the Epstein connection was made by the French magazine Marianne. 

Keep reading

Epstein files were allegedly compromised by foreign hacker in 2023; FBI admits ‘cyber incident’

The FBI Field Office in New York produced myriad documents pertaining to its criminal probe into child sex offender Jeffrey Epstein. Attorney General Pam Bondi suggested in a Feb. 17, 2025, letter to FBI Director Kash Patel that “thousands of pages of documents related to the investigation and indictment of Epstein” were stored on site there.

Some of these documents were allegedly compromised in a hack years before the Department of Justice began publishing the heavily redacted Epstein files.

The bureau revealed in 2023 that it was investigating a hack of its computer network, which it characterized as an “isolated incident that has been contained.”

Multiple sources briefed on the matter told CNN at the time that FBI officials suspected the incident involved a bureau computer system used in the investigations of images of child sexual exploitation.

Keep reading

FBI is probing ‘suspicious’ breach into bureau networks

The FBI is investigating a possible cyber breach into bureau networks, the agency confirmed to Nextgov/FCW.

“The FBI identified and addressed suspicious activities on FBI networks, and we have leveraged all technical capabilities to respond,” the bureau said Thursday. The statement did not elaborate further.

CNN first reported the incident and said the breach concerned a network used to facilitate and manage court-ordered wiretapping requests, citing a person familiar with an investigation into the matter. Nextgov/FCW could not independently confirm the matter was linked to wiretap systems.

Wiretaps are a common law enforcement technique used to lawfully intercept communications data on domestic targets. To obtain data, FBI analysts are typically required to obtain a warrant from a judge, allowing them to compel communications providers to hand over call, text or email data tied to a target. Specialized court orders can also allow for real-time surveillance of phone calls.

The FBI is also a heavy user of a communications intercept law housed in Section 702 of the Foreign Intelligence Surveillance Act, which lets certain agencies target overseas foreigners’ communications without a warrant. 

Telecom providers’ “lawful intercept” wiretapping systems were ensnared in a sweeping Chinese hack uncovered in 2024. The hackers, tied to a group called Salt Typhoon, leveraged the intrusions to target communications of high profile political officials including President Donald Trump and Vice President JD Vance.

Foreign adversaries may, at any point in time, be targeting U.S. government systems. Wiretap contents are especially high-value intelligence targets because they could reveal sensitive information about what officials are thinking or planning.

It’s not clear if Salt Typhoon or another collective tied to foreign hackers was involved in the incident. Salt Typhoon is likely holding onto pilfered data “in perpetuity” for future theft and cyber exploitation, a top FBI official said last month.

The FBI has lost many of its staff in the last year amid a mix of firings and other mechanisms used by the second Trump administration to curtail the size of the federal workforce. That turnover has threatened the bureau’s national security resources, experts argue.

Keep reading

Hacked Tehran Traffic Cameras Fed Israeli Intelligence Before Strike On Khamenei 

Years before the air strike that killed Ayatollah Ali Khamenei, Israeli intelligence had been quietly mapping the daily rhythms of Tehran. According to reporting by the Financial Times (paywalled), nearly all of the Iranian capital’s traffic cameras had been hacked years earlier, their footage encrypted and transmitted to Israeli servers. One camera angle near Pasteur Street, close to Khamenei’s compound, allowed analysts to observe the routines of bodyguards and drivers: where they parked, when they arrived and whom they escorted. That data was fed into complex algorithms that built what intelligence officials call a “pattern of life,” detailed profiles including addresses, work schedules and, crucially, which senior officials were being protected and transported. The surveillance stream was one of hundreds feeding Israel’s intelligence system, which combines signals interception from Unit 8200, human assets recruited by the Mossad and large-scale data analysis by military intelligence.

When US and Israeli intelligence determined that Khamenei would attend a Saturday morning meeting at his compound, the opportunity was judged unusually favorable. Two people familiar with the operation told the FT that US intelligence provided confirmation from a human source that the meeting was proceeding as planned, a level of certainty required for a target of such magnitude. Israeli aircraft, reportedly airborne for hours, fired as many as 30 precision munitions. The strike was carried out in daylight, which the Israeli military said created tactical surprise despite heightened Iranian alertness. The Financial Times reports that the assassination was a political decision as much as a technological feat. Even during last year’s 12-day war, when Israeli strikes killed more than a dozen Iranian nuclear scientists and senior military officials and disabled air defences through cyber operations and drones, Israel did not attempt to kill Khamenei.

The capability to do so, however, had been built over decades. Former Mossad official Sima Shine told the FT that Israel’s strategic focus on Iran dates back to a 2001 directive from then-prime minister Ariel Sharon instructing intelligence chief Meir Dagan to make the Islamic Republic the priority target. What distinguishes the latest operation, according to the FT, is the scale of automation. Target tracking that once required painstaking visual confirmation has increasingly been handled by algorithm-driven systems parsing billions of data points. One person familiar with the process described it as an “assembly line with a single product: targets.”

Keep reading

AI overlords of the world hacked: Fallout from the massive Palantir breach

Palantir Technologies has been hacked, according to well-known blogger Kim Dotcom. The company develops software for intelligence and big data analysis. 

Palantir (named after the magical ‘seeing stones’ from ‘The Lord of the Rings’) doesn’t engage in surveillance in the conventional sense using spies, cameras, or bugs. Instead, it develops software that is sold to government agencies, military organizations, and large corporations.

Clients (like the CIA or the German police) upload all their data, and Palantir (its primary platforms are Gotham for military purposes and Foundry for business) then utilizes AI to transform this chaotic information into a coherent picture.

Essentially, it creates a ‘digital twin’ of reality, revealing connections that analysts could have never recognized on their own: for example, that a terrorist had called the cousin of someone who recently transferred money to a suspicious account.

The claims about wiretapping Trump and Musk are likely untrue or highly exaggerated. However, there’s no doubt that Palantir serves as a massive surveillance mechanism for monitoring America’s adversaries (and not only). It is an “operating system for war and intelligence,” providing agencies with a supercomputer that can see everything. But it’s the agencies themselves that feed this computer with data.

Keep reading

Hackers Just Took Down This Massive ICE Doxxing Website

Images uploaded to social media show that hackers have taken down one of the largest websites leftist agitators have used to doxx ICE agents conducting immigration operations in the wake of the two fatal self-defense shootings in Minneapolis.

“We were not kidding,” a message to administrators and users of the website read. “We sent your names, logins, passwords, and locations to a bunch of government agencies.”

The hackers responsible also mocked the website’s abysmal security.

“Sherman Austin is a terrible coder, so are ‘RC’ Concepcion and Matt Beran,” the message continued.

StopICE is a website designed to allow users to designate and track license plates radicals believe belong to ICE agents, making it one of the largest of its kind. The hackers had a second surprise for the site’s users. Whenever they would search for a plate in the database, they would be greeted with a Tom Homan meme.

Keep reading

Open-Source AI Models Vulnerable to Criminal Misuse, Researchers Warn

Hackers and other criminals can easily commandeer computers operating open-source large language models outside the guardrails and constraints of the major artificial-intelligence platforms, creating security risks and vulnerabilities, researchers said on Thursday.

Hackers could target the computers running the LLMs and direct them to carry out spam operations, phishing content creation or disinformation campaigns, evading platform security protocols, the researchers said.

The research, carried out jointly by cybersecurity companies SentinelOne and Censys over the course of 293 days and shared exclusively with Reuters, offers a new window into the scale of potentially illicit use cases for thousands of open-source LLM deployments.

These include hacking, hate speech and harassment, violent or gore content, personal data theft, scams or fraud, and in some cases child sexual abuse material, the researchers said.

While thousands of open-source LLM variants exist, a significant portion of the LLMs on the internet-accessible hosts are variants of Meta’s Llama, Google DeepMind’s Gemma, and others, according to the researchers. While some of the open-source models include guardrails, the researchers identified hundreds of instances where guardrails were explicitly removed.

AI industry conversations about security controls are “ignoring this kind of surplus capacity that is clearly being utilized for all kinds of different stuff, some of it legitimate, some obviously criminal,” said Juan Andres Guerrero-Saade, executive director for intelligence and security research at SentinelOne.

Guerrero-Saade likened the situation to an “iceberg” that is not being properly accounted for across the industry and open-source community.

The research analyzed publicly accessible deployments of open-source LLMs deployed through Ollama, a tool that allows people and organizations to run their own versions of various large-language models.

The researchers were able to see system prompts, which are the instructions that dictate how the model behaves, in roughly a quarter of the LLMs they observed. Of those, they determined that 7.5% could potentially enable harmful activity.

Roughly 30% of the hosts observed by the researchers are operating out of China, and about 20% in the U.S.

Rachel Adams, the CEO and founder of the Global Center on AI Governance, said in an email that once open models are released, responsibility for what happens next becomes shared across the ecosystem, including the originating labs.

“Labs are not responsible for every downstream misuse (which are hard to anticipate), but they retain an important duty of care to anticipate foreseeable harms, document risks, and provide mitigation tooling and guidance, particularly given uneven global enforcement capacity,” Adams said.

A spokesperson for Meta declined to respond to questions about developers’ responsibilities for addressing concerns around downstream abuse of open-source models and how concerns might be reported, but noted the company’s Llama Protection tools for Llama developers, and the company’s Meta Llama Responsible Use Guide.

Microsoft AI Red Team Lead Ram Shankar Siva Kumar said in an email that Microsoft believes open-source models “play an important role” in a variety of areas, but, “at the same time, we are clear-eyed that open models, like all transformative technologies, can be misused by adversaries if released without appropriate safeguards.”

Keep reading

Shocking study linking covid jabs and cancer ‘censored’ by mysterious cyberattack

A global review examining reported cases of cancer following Covid vaccination was published earlier this month, just as the medical journal hosting it was hit by a cyberattack that has since taken the site offline.

The study appeared in the peer-reviewed journal Oncotarget on January 3 and was authored by cancer researchers from Tufts University in Boston and Brown University in Rhode Island.

In the review, researchers analyzed 69 previously published studies and case reports from around the world, identifying 333 instances in which cancer was newly diagnosed or rapidly worsened within a few weeks following Covid vaccination.

The review covered studies from 2020 to 2025 and included reports from 27 countries, including the US, JapanChinaItalySpain, and South Korea. No single country dominated, suggesting the observed patterns were reported globally. 

The authors emphasized that the review highlights patterns observed in existing reports, but does not establish a direct causal link between vaccination and cancer. 

Days after publication, Oncotarget’s website became inaccessible, displaying a ‘bad gateway’ error that the journal attributed to an ongoing cyberattack.

The journal reported the incident to the FBI, noting disruptions to its online operations. 

In social media posts, one of the paper’s authors, Dr Wafik El-Deiry of Brown University, expressed concern that the attack disrupted access to newly published research. 

‘Censorship is alive and well in the US, and it has come into medicine in a big, awful way,’ El-Deiry wrote in a post on X.

The FBI told Daily Mail that it ‘neither confirms nor denies the existence of any specific investigation’ into a cyberattack on Oncotarget. 

The Daily Mail has reached out to Oncotarget for comment on the cyberattack investigation. 

In a post that can no longer be accessed because of the website hacking, Oncotarget noted disruptions to the availability of new studies online. Although they did not accuse a specific group of wrongdoing, the journal alleged without evidence that the hackers may be connected to the anonymous research review group PubPeer.

The researchers alleged that the cyberattack targeted Oncotarget’s servers to disrupt the journal’s operations and prevent new papers from being properly added to the site’s index. 

The message was shared on social media by El-Deiry before the website crashed, with the doctor adding, ‘Censorship of the scientific press is keeping important published information about Covid infection, Covid vaccines and cancer signals from reaching the scientific community and beyond.’

In a statement to the Daily Mail, PubPeer declared: ‘No officer, employee or volunteer at PubPeer has any involvement whatsoever with whatever is going on at that journal.’

PubPeer is an online platform where researchers can anonymously comment on peer-reviewed scientific papers after they’ve already appeared in journals.

Its stated goal has been post-publication peer review, meaning people discuss, critique, or point out potential issues in studies that have already passed the usual pre-publication checks.

Keep reading

Australia’s weapons programs exposed in defence industry cyber attacks

A series of cyber attacks on defence industry supply chain contractors has exposed threats to Australia’s weapons programs, security analysts say.

Over the past week, it was revealed that a hacker group shared material about Australia’s $7 billion Land 400 military program after allegedly breaching several Israeli defence companies.

The Cyber Toufan group posted images and details on Telegram about the Australian Defence Force’s (ADF) next-generation Redback infantry fighting vehicle.

Israeli weapons manufacturer Elbit Systems is involved in the project, supplying the vehicle’s high-tech turrets.

Another group claimed responsibility for a cyber attack on IKAD Engineering, a key player in the Australian defence industry.

The J Group ransomware gang alleges it infiltrated the company’s systems for five months in what it described as a “staycation in the defence supply chain”.

The hackers claimed they obtained information relating to Australian naval contracts, including the Hunter Class frigate and Collins Class submarine programs.

IKAD Engineering chief executive Gerard Dyson confirmed the incident, saying an “external third party” had gained unauthorised access to a portion of its internal IT systems

He said so far only “non-sensitive project information” had been impacted, along with employee files, adding that IKAD did not have direct connections into ADF systems. 

Cybersecurity experts warned even non-sensitive data could have strategic value, and the attacks should be a “wake-up call”.

Keep reading

Congressional Budget Office Plagued by ‘Ongoing’ Cybersecurity Breach

When the agency that crunches Washington’s numbers can’t even secure its own, it’s hard not to see a metaphor in the math.

The Congressional Budget Office confirmed this week that it’s battling an “ongoing” cybersecurity incident — one that, by all accounts, has stretched on for days and remains unresolved.

Politico first reported the breach, noting that CBO officials are still assessing the full scope of the intrusion and what data, if any, may have been compromised.

The nonpartisan agency, which provides cost estimates and fiscal analyses to Congress, said it has added new monitoring systems and security controls while a full investigation continues.

The CBO has not said whether sensitive information was stolen or who might be behind the attack, the Associated Press reported. Officials also declined to specify how long the agency’s systems have been affected.

Reuters added that Senate offices were warned by the chamber’s Sergeant at Arms that email communications with the CBO might have been exposed, potentially giving hackers a chance to spoof messages or launch phishing attempts.

That advisory urged congressional staff to treat any CBO-related email traffic with extra caution until the incident is fully contained.

While the agency insists its work for lawmakers continues uninterrupted, the breach’s duration has sparked questions about whether the CBO’s analytical models and data pipelines could have been tampered with.

Experts told the Associated Press that a breach described as “ongoing” suggests investigators are still chasing active threats within the network rather than cleaning up a finished intrusion.

The incident comes at a sensitive time for Congress, with fiscal debates, spending fights, and shutdown negotiations all relying on the CBO’s projections to guide votes and policy.

Reuters noted that the longer such breaches persist, the greater the risk that attackers can map internal systems, gather intelligence, or establish backdoors for later use.

The Washington Post reported that early assessments point to a possible foreign actor, though officials have not publicly attributed the breach to any specific nation or group.

In a statement, the CBO said it “continually monitors” for cyber threats and had taken “immediate action” to safeguard its systems once the incident was detected.

Still, the episode has renewed scrutiny of cybersecurity readiness across federal agencies — particularly those, like the CBO, that don’t handle classified data but remain critical to day-to-day government operations.

Keep reading