Breach, Americas, Content

U.S. Marshals Struggle to Return Secret Network to Fully Operational After Cyberattack

United States Marshals Service Flag, American Flag

Nearly three months after getting hit by a potent ransomware attack, a secret network used by U.S. Marshals to track suspected criminals by using cellphone records, emails and the internet remains compromised, a news report said.

The hackers, whose identity remains unknown, infiltrated a network used by a special group of the Marshals called the Technical Operations Group (TOG), who command surveillance capabilities to track fugitives, according to a Washington Post source. The precise activities of the service are kept secret.

Marshals Shut Down Entire System

The Post first reported that the Marshals continue to try to shake off the effects of the network attack. In an immediate response to the February data hijack, the Marshals opted to shut the entire system down but in doing so wiped some vital material on Marshals’ cell phones, the Post reported.

As a result, agency personnel lost data critical to some ongoing investigations, the report said. Stolen data on the addled computer system included sensitive law enforcement information, including the personal information of crime suspects and Marshals’ investigators.

A Marshal’s spokesperson explained the breach:

“The data breach has not impacted the agency’s overall ability to apprehend fugitives and conduct its investigative and other missions. Most critical tools were restored within 30 days of the breach discovery.”

Nonetheless, the spokesperson said the agency will be replacing the TOG system with an upgrade featuring improved security.

The TOG operates 29 field offices in the U.S. and Mexico and uses technology to track fugitives and other criminal figures. At this point, the Marshals, even if they do know, aren’t saying who is behind the attack or how much in ransom the crooks demanded to return the systems to fully operational. It’s also unclear what data has been stolen other than an admission by the Marshals that some information had been exfiltrated, the Post reported.

Hackers Hit the FBI

The TOG event is not the first cyberattack on a federal agency. Separately, and also in February, the FBI was hit by a cyberattack in an incident involving an agency computer system used in investigations of images of child sexual exploitation, CNN reported.

In the immediate wake of the attack, the FBI classified it as an isolated incident that had been contained. CNN sources told the news outlet that the break-in was confined to a New York field office.

And in November 2021, hackers used a legitimate email address belonging to the FBI to send thousands of spam emails to thousands of organizations about a purported cyber threat. The FBI said at the time that it fixed a software vulnerability related to the incident, but the bureau did not publicly name a suspect.

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.