The FBI and other agencies in the federal government, including reportedly CISA and the National Security Agency (NSA), are investigating a hack of a surveillance system that holds sensitive information related to targets of law enforcement investigations.

According to the Associated Press, the FBI notified Congress earlier this week that it first noticed unusual activity on the network – known as the Digital Collection System Network – February 17 and that the agency was continuing its investigation of the breach.

In the notification obtained by the AP, the FBI said the targeted system is “unclassified and contains law enforcement sensitive information, including returns from legal process, such as pen register and trap and trace surveillance returns, and personally identifiable information pertaining to subjects of FBI investigations.”

The FBI and other law enforcement agencies use pen registers to log phone number dialed on a specific line, and the notification referred to FBI last month finding unusual log information related to the system.

The agency has confirmed the investigation to news outlets, but hasn’t given much more information. However, in the notification to Congress, FBI officials said the unnamed hacker was using sophisticated techniques to slip past the agency’s security controls on the network, including using the infrastructure of a commercial internet service provider (ISP).

The Threat of Nation-State Hackers

Nation-state threat groups from both China and Russia have shown the ability to compromise both governmental and commercial networks by breaching the infrastructure of commercial ISPs and then wend their way into those of federal agencies. China in particular has had several groups attack the infrastructure of the federal government, including Salt Typhoon, a China-nexus group that in 2024 was discovered to have hacked into the networks of such telecom players as Verizon, AT&T, and Lumen Technologies.

According to a Politico report, other agencies are joining the FBI in investigating the hack. That includes not only CISA and the NSA but the White House itself, though none of the other organizations are commenting.

An unnamed source told CNN that the FBI sought the help of senior officials within the agency and the Justice Department responsible for civil liberties and national security.

Cyber Concerns

The investigation comes as concerns ramp up of cyberattacks by Iran-backed threat groups in the wake of the bombing that the U.S. and Israeli forces launched against the Middle Eastern country February 28. That said, according to researchers with Radware, the bulk of the cyber activity from Iranian groups were against targets across the Middle East and Europe rather than the United States.

The hack also comes amid concerns that the Trump Administration since taking office 14 months ago has hollowed out much of the government’s cybersecurity apparatus at agencies such as CISA and the NSA, significantly shrinking the workforces there. Just days before the launch of the bombing campaign against Iran, FBI Director Kash Patel fired almost two dozen agency employees, many of whom worked on cyber and counterintelligence cases.

‘Catastrophic’ Brain Drain

According to Damon Small, a member of the board of directors for Xcape, the attack on the FBI network is a “textbook example of how a ‘brain drain’ creates a catastrophic vulnerability window by trading institutional knowledge for organizational churn. It is the height of operational irony to witness a surveillance network being compromised precisely as its most experienced defenders were being shown the door.”

Xcape offers managed IT, penetration testing, incident response, and security solutions for the Internet of Things. Small said that the FBI “has effectively traded its high-level human firewalls for a political revolving door, and the adversaries are the only ones holding the key.”

Agencies and organizations need to ensure that technical roles that are essential to strong security are protected against political actions, he said, adding that “true security cannot be sustained by an agency that is internally paralyzed by fear and lacking the senior architects who understand the complexity of its own backdoors.”