Is there any way that the cyber experts can be a little more expert?
The FBI had to report a cyberattack on itself to Congress because the hack counts as a “major incident.” “Under federal laws, a cyber breach is declared a ‘major incident’ only if it involves the compromise of personally identifiable information that could cause ‘demonstrable harm’ ” (NBC News, April 2, 2026).
The culprits are probably a group of hackers who have hacked for the People’s Republic of China before.
The hack compromised sensitive information related to domestic law enforcement….
The cyber intrusion appeared to use similar tactics and techniques employed by a Chinese hacking effort known as Salt Typhoon, which penetrated major telecommunications providers in an unprecedented breach, according to the source with knowledge of the matter.
The hackers in Salt Typhoon, which was uncovered in 2024, were able to obtain phone call records from millions of Americans and steal FBI wiretap data.
The Salt Typhoon hacking campaign was one of the largest intelligence compromises in American history. It breached eight domestic telecom and internet service providers and dozens of others around the world. U.S. officials said in 2024 that victims included people in both major parties’ presidential campaigns….
The breach of law enforcement data showed that Chinese-backed hackers were continuing to target the U.S. despite the global attention Salt Typhoon generated and attempts by the Trump administration to lower tensions ahead of President Donald Trump’s scheduled visit to Beijing next month, a former senior cybersecurity official said….
[Cynthia Kaiser, former senior official in the FBI’s cyber division:] “China is consistently targeting any information that can help them identify and track their own targets, communication and movements around the world. And intelligence community, FBI and law enforcement intercepts would absolutely help them meet these goals.”
The wording ”appeared to use” in the second quoted paragraph above is pointless hedging. It’s accurate to say that “The cyber intrusion used” techniques like those employed in Salt Typhoon. The reporting is based on the conclusions of persons familiar with the Salt Typhoon breach and with the current breach. The techniques could be similar even if Chinese hackers were not involved, but the fact that they’re similar suggests that Chinese hackers were involved.
More important than fixing the report is fixing the security of FBI and other agencies which oversee systems that it would be disastrous to compromise and that keep getting compromised.
A time for change
Earlier in the year, the FBI launched Operation Winter SHIELD “to Help Organizations Strengthen Cyber Resilience” (February 2, 2026). The ten tips sound fine: “Adopt phish-resistant authentication,” “Reduce administrator privileges,” etc. Perhaps these should be supplemented with ten more. If you are the FBI, isn’t there any way to invariably head off hackers at the pass? If cybersecurity is one of your areas of expertise, cannot this expertise be applied with greater effect to your own computers and reservoirs of confidential information—safeguarding these from attack not just 999 times out of 1,000 attempted intrusions but every single time?
Meanwhile, the federal government is urging telecommunications companies to toughen up their networks and cybersecurity yet still insisting on back doors to telecom networks that can permit lawful intercepts by U.S. agencies like FBI and DEA. These back doors are a vulnerability useful to hackers.
Also see:
StoptheCCP.org: “How to Thwart China’s Cyberattacks”
