WASHINGTON – An international cybercriminal successfully penetrated FBI computer systems in 2023, gaining access to materials connected to the bureau’s Jeffrey Epstein investigation, according to a knowledgeable source and Justice Department records obtained by Reuters.
This marks the first public disclosure of specific details about who infiltrated servers at the FBI’s New York Field Office, including confirmation that an overseas hacker was responsible for the security breach.
The FBI characterized what they called a “cyber incident” as “an isolated one” in their official response.
“The FBI restricted access to the malicious actor and rectified the network. The investigation remains ongoing, so we do not have further comments to provide at this time,” the bureau stated.
While the source indicated the attack appeared to be conducted by a cybercriminal rather than a state-sponsored actor, the incident highlights the potential intelligence significance of these files, according to one expert. Court-ordered releases of Justice Department materials have revealed the deceased financier’s connections to influential figures across politics, finance, academia and business sectors, sparking investigations worldwide.
“Who wouldn’t be going after the Epstein files if you’re the Russians or somebody interested in kompromat?” said Jon Lindsay, who researches the role of emerging technology in global security at the Georgia Institute of Technology. “If foreign intelligence agencies are not thinking seriously about the Epstein files as a target, then I would be shocked.”
News outlets CNN and Reuters initially reported the breach on February 17, while French publication Marianne first identified the Epstein connection.
Epstein, who had longstanding ties to President Donald Trump, entered a guilty plea in 2008 to prostitution-related charges, including soliciting a minor. He died by hanging in his jail cell during 2019, officially ruled a suicide, following his re-arrest on federal sex trafficking charges involving minors.
February 2023 Security Incident
The cyberattack succeeded after Special Agent Aaron Spivack accidentally left a server at the Child Exploitation Forensic Lab vulnerable while attempting to work through the bureau’s complicated digital evidence protocols, according to the source and documentation.
Spivack’s written timeline, part of the extensive Epstein document release earlier this year, indicates the infiltration occurred on February 12, 2023. He discovered the breach the next day upon starting his computer and finding a text file alerting him to the network compromise.
Additional investigation revealed evidence of suspicious server activity, with the document noting the activity “included combing through certain files pertaining to the Epstein investigation.”
The timeline doesn’t specify which particular files were viewed, whether the hacker downloaded information, or the intruder’s identity. Reuters couldn’t determine any connection between the compromised data and either the Epstein documents released publicly or those still classified.
Spivack, whose name appears throughout the documents related to the Epstein investigation, hasn’t responded to multiple contact attempts. Reuters couldn’t reach Richard J. Roberson, Jr., identified as Spivack’s attorney in the documents. Seven FBI agents named in the documents as participants in the breach investigation also didn’t return messages.
Video Communication Between Hacker and FBI
In his statement to FBI investigators examining his potential responsibility for the breach, Spivack claimed he was being made “a scapegoat for the intrusion” and blamed contradictory bureau policies and inadequate IT guidance. Reuters couldn’t confirm the outcome of the internal FBI investigation.
The knowledgeable source revealed the intrusion was executed by an international hacker who seemed unaware they had accessed a law enforcement server. The cybercriminal reportedly expressed revulsion at finding child abuse imagery on the system and left a message threatening to report the owner to federal authorities.
Bureau officials reportedly resolved the situation by proving to the hacker they actually were the FBI, partly through a video conference where agents displayed their law enforcement badges to a webcam.
Reuters couldn’t establish – and the source claimed not to know – the hacker’s identity, operating location, what they did with accessed materials, or whether authorities attempted to identify or prosecute them for the FBI server intrusion.
Numerous Justice Department documents remain heavily censored while others stay completely classified despite legal requirements for full disclosure last year. The Trump administration cites protection of victim identities and ongoing investigations as reasons for withholding material.
