Declassified FBI Cyber Threat Assessment Illuminates 2008 Digital Dangers

After a seven-year effort to obtain information from the Federal Bureau of Investigation (FBI) through a Mandatory Declassification Review (MDR), The Black Vault has finally succeeded in acquiring a previously unreleased document, albeit heavily redacted. Before this release, only brief citations were found in other files, also released to The Black Vault by the FBI.

This request (case number 1363960-000), filed on December 16, 2016, asked for a review of the FBI’s Cyber National Threat Assessment for the year 2008, as found in the reference citation above. The document, dated June 22, 2009, is an intelligence assessment by the FBI.

Continue scrolling for more...

The document provides an in-depth analysis of the cyber threats to the United States, focusing on remote system intrusions or unauthorized access against the nation and its critical infrastructure. It covers the period from June 30, 2007, to July 1, 2008, while also incorporating earlier material for context. The assessment addresses various aspects of cyber threats, including tactics, techniques, and procedures used against process control systems, financial institutions, government networks, and the supply chain. It also explores the potential use of tools and technologies such as IPv6 and virtual worlds by malicious actors.

One of the key highlights of the document is the emphasis on the persistent threat posed by botnets. The assessment states, “Botnets continue to pose a threat to US critical infrastructures. These networks of compromised computers can be used to wage denial of service attacks against targeted online entities, conduct phishing and spamming campaigns, and steal passwords and other login credentials”.

The document also sheds light on the evolving nature of cyber threats, noting that attackers continuously develop new methods to exploit vulnerabilities. It mentions that “Attackers typically collect passwords, login credentials, keystrokes, credit card numbers, and personally identifying information from botnet victims”, highlighting the diverse objectives of cyber attackers.

In parts of the file, it remains heavily redacted

The document remains heavily redacted, citing exemptions such as (b)(1), (b)(3), (b)(6), (b)(7)(C), and (b)(7)(E). These exemptions under the Freedom of Information Act (FOIA) and the Privacy Act, which justify the withholding of information from public disclosure, are defined as the following:

(b)(1): Information that is classified to protect national security.
(b)(3): Information exempted from disclosure by other statutes.
(b)(6): Information that would constitute a clearly unwarranted invasion of personal privacy.
(b)(7)(C): Information that could reasonably be expected to constitute an unwarranted invasion of personal privacy.
(b)(7)(E): Information that would disclose techniques and procedures for law enforcement investigations or prosecutions.

As noted in the release letter, the redactions were made by the United States Air Force – Office of Special Investigations (AFOSI), National Security Agency (NSA), Office of the Director of National Intelligence (ODNI), and United States Cyber Command (USCYBERCOM).

The heavy redactions in the document indicate the sensitivity of the information related to national security and law enforcement techniques, even after 15 years since it was originally written.