Epstein files were allegedly compromised by foreign hacker in 2023; FBI admits 'cyber incident'



The FBI Field Office in New York produced myriad documents pertaining to its criminal probe into child sex offender Jeffrey Epstein. Attorney General Pam Bondi suggested in a Feb. 17, 2025, letter to FBI Director Kash Patel that "thousands of pages of documents related to the investigation and indictment of Epstein" were stored on site there.

Some of these documents were allegedly compromised in a hack years before the Department of Justice began publishing the heavily redacted Epstein files.

Reuters' source suggested that the hack appears to have been executed by a 'cybercriminal' rather than a foreign government.

The bureau revealed in 2023 that it was investigating a hack of its computer network, which it characterized as an "isolated incident that has been contained."

Multiple sources briefed on the matter told CNN at the time that FBI officials suspected the incident involved a bureau computer system used in the investigations of images of child sexual exploitation.

Reuters, citing a source familiar with the matter and recently published DOJ documents, reported on Wednesday that the hack entailed a foreign actor's targeting of files related to the FBI's investigation of Epstein.

The hack reportedly took place after a server at the New York FBI office's Child Exploitation Forensic Lab was allegedly left exposed by Special Agent Aaron Spivack, who did not return Reuters' numerous requests for comment but has previously issued a voluminous statement on the matter.

RELATED: 'The mistake I made': Bill Gates reportedly admits to affairs with Russians, apologizes for Epstein fallout

Photo by Joe Schildhorn/Patrick McMullan via Getty Images

Among the Epstein files released by the Department of Justice in recent months is a 2024 statement from Spivack in which he addresses the allegations that he "improperly stored digital evidence at his residence"; "improperly handled, documented, and stored digital evidence and failed to secure [child sexual abuse material] within policy, resulting in a cyber intrusion"; and "exceeded the limits of his authority by contracting an outside company to develop computer software on behalf of the FBI."

Spivack — who apparently participated in the Epstein investigation — stated that the cyber "intrusion" happened on Feb. 12, 2023.

After logging into his computer to find a .txt file indicating that his network had been compromised, Spivack claimed that he ran an anti-virus sweep, which identified a potential threat. He said that he was unable, however, to remove the threat, as his "administrative privileges had been removed."

Spivack notified some of his colleagues, attempting to rectify the issue, then noticed that the main server was down, that other servers were malfunctioning, and that "the folders that contain our data was missing."

According to Spivack's timeline, he and others later noticed "strange IP activity that took place [on Feb. 12] from two IP addresses."

"The activity included combing through certain files pertaining to the Epstein investigation," stated Spivack.

It's unclear what particular files were accessed and whether they were downloaded, reported Reuters.

By 5 p.m. on Feb. 13, 2023, Spivack said, "we realized we were hacked."

The FBI reiterated that the "cyber incident" was an "isolated one" and said in a statement obtained by Reuters that "the FBI restricted access to the malicious actor and rectified the network. The investigation remains ongoing, so we do not have further comments to provide at this time."

The FBI did not immediately respond to a request for comment from Blaze News.

Reuters' source suggested:

  • that the hack appears to have been executed by a "cybercriminal" rather than a foreign government;
  • that the hacker did not appear to realize he or she had hacked a law enforcement server; and
  • that the hacker expressed revulsion at the presence of child sexual abuse images on the device and threatened to turn its owner over to the FBI.

The hacker — whom the FBI allegedly spoke to on video chat but was unable to identify or locate — may have acted alone, but Jon Lindsay, an associate professor at the Georgia Institute of Technology's School of Cybersecurity and Privacy, suggested that the hack demonstrates the files' potential intelligence value.

"Who wouldn’t be going after the Epstein files if you’re the Russians or somebody interested in kompromat?" Lindsay told Reuters. "If foreign intelligence agencies are not thinking seriously about the Epstein files as a target, then I would be shocked."

Reuters indicated it was unable to "establish the result of the bureau's internal investigation" regarding Spivack or connect with FBI agents identified in the documents as being involved in the investigation.

Spivack stressed in his 2024 statement, "I have rescued more exploited children than anyone in the NYFO and in most of the Bureau. All I wanted to do was to better the Bureau. I did not know how to do everything right, but I always did the right thing and everything I did was with good intentions. I love this job. I was not reckless."

Like Blaze News? Bypass the censors, sign up for our newsletters, and get stories like this direct to your inbox. Sign up here!

Convicted hacker twins who landed jobs as federal contractors nabbed for allegedly deleting government databases



Muneeb and Sohaib Akhter, a pair of convicted hackers based in Alexandria, Virginia, were arrested on Wednesday over an alleged conspiracy to destroy government databases and other crimes.

After doing prison time for wire fraud and conspiring to hack into the U.S. State Department, the Akhter twins, one of whom previously served as a cybersecurity contractor with the State Department, managed to secure jobs as federal contractors — working as engineers for Opexus.

'Their actions jeopardized the security of government systems.'

Opexus, a company that handles sensitive data for most federal agencies and has received over $50 million in contracts from various agencies over the past decade, determined earlier this year that it had been compromised in February by two employees.

A Bloomberg investigation revealed in May that after one of the agencies with which Opexus was working, the Federal Deposit Insurance Corporation, flagged the twins as possible threats on account of their criminal records, the duo were fired on Feb. 18.

The company later discovered that while being fired and immediately afterward, the twins allegedly accessed sensitive documents and compromised or scrubbed dozens of databases, including those containing data from the General Services Administration and the Internal Revenue Service.

The FBI, FDIC Office of Inspector General, Department of Homeland Security Office of Inspector General, and Homeland Security Investigations investigated the case.

The brothers were indicted on Nov. 13 for allegedly working to harm Opexus and its U.S. government clients "by accessing computers without authorization, issuing commands to prevent others from modifying the databases before deletion, deleting databases, stealing information, and destroying evidence of their unlawful activities," the DOJ said in a release.

RELATED: Could hackers target your car's tires?

Muneeb Akhter. Photo by Evelyn Hockstein/Washington Post via Getty Images

According to the indictment, Muneeb Akhter allegedly deleted approximately 96 databases storing U.S. government information — including databases containing records and documents related to Freedom of Information Act matters as well as sensitive federal investigative files.

Muneeb Akhter is also accused of asking an artificial intelligence tool how they could cover their tracks after deleting a DHS database.

After he got fired from Opexus, Muneeb Akhter allegedly obtained data from the U.S. Equal Employment Opportunity Commission and is accused further of stealing copies of IRS information including federal tax information and other identifying information for at least 450 individuals.

Opexus did not respond to a request for comment from Blaze News.

"These defendants abused their positions as federal contractors to attack government databases and steal sensitive government information," said Matthew Galeotti, acting assistant attorney general at the Department of Justice's Criminal Division, in a statement. "Their actions jeopardized the security of government systems and disrupted agencies’ ability to serve the American people."

Muneeb Akhter has been charged with conspiracy to commit computer fraud and to destroy records, two counts of computer fraud, theft of federal records, and two counts of aggravated identity theft. His twin, Sohaib Akhter, was charged with conspiracy to commit computer fraud and to destroy records and computer fraud.

While Sohaib Akhter faces a maximum penalty of six years in prison, Muneeb Akhter faces a mandatory minimum penalty of two years of prison time for each aggravated identity theft count and a maximum penalty of 45 years for the other charges.

The duo pleaded guilty in 2015 to a different set of crimes.

Muneeb Akhter hacked into the website of a cosmetics company and stole thousands of customers' credit card and personal information. He and his brother used the stolen data to pay for flights, hotel stays, various goods, and attendance at professional conferences. Muneeb Akhter proceeded to hand off the stolen data to a "dark net" operator who cut him in on the profits from the sales.

The other brother, meanwhile, used his contract position at the State Department in 2015 to steal personally identifiable data belonging to various people including co-workers and a federal law enforcement agent who was investigating him.

According to the Justice Department, Sohaib Akhter later hatched a scheme to ensure perpetual access to various State Department systems and, with the help of his twin, attempted to install an electronic collection device inside a State Department office, which would have enabled the hackers to remotely steal federal data.

Years earlier, Muneeb Akhter hacked into a Maryland-based private data aggregation company that he was performing contract work for, giving his brother access to a database of federal contract information to give their technology company an upper hand when bidding for contracts and clients.

Like Blaze News? Bypass the censors, sign up for our newsletters, and get stories like this direct to your inbox. Sign up here!

Ivy League University Hit With Cyberattack Affecting Thousands Of Personal Records

'At this point, we don’t know'

Trump's DOJ nabs Chinese agent accused of global CCP plot to steal COVID research



Amid the Trump administration's efforts to curb the Chinese Communist Party's influence in the U.S., the Department of Justice announced the arrest of a CCP agent accused of worldwide computer intrusions related to COVID-19 research.

Xu Zewei, 33, and Zhang Yu, 44, are facing a nine-count indictment for allegedly "hacking and stealing crucial COVID-19 research at the behest of the Chinese government while that same government was simultaneously withholding information about the virus and its origins," stated Nicholas Ganjei, U.S. Attorney for the Southern District of Texas.

'Through HAFNIUM, the CCP targeted over 60,000 U.S. entities, successfully victimizing more than 12,700 in order to steal sensitive information.'

Federal authorities alleged that the Ministry of State Security's Shanghai State Security Bureau directed Xu to perform computer intrusions between February 2020 and June 2021.

Xu allegedly targeted American universities, immunologists, and virologists to obtain information on COVID-19 research related to vaccines, treatment, and testing.

In February 2020, Xu informed the SSSB that he had breached the "network of a research university located in the Southern District of Texas," the DOJ reported. An SSSB officer then reportedly instructed him to target email accounts belonging to certain virologists and immunologists.

Brett Leatherman, the assistant director of the FBI's Cyber Division, explained that Xu and his co-conspirators later operated as a group known as HAFNIUM, which "exploited zero-day vulnerabilities in U.S. systems to steal additional research."

"Through HAFNIUM, the CCP targeted over 60,000 U.S. entities, successfully victimizing more than 12,700 in order to steal sensitive information," Leatherman said.

RELATED: Chinese official avows Beijing is behind cyberattacks on US, identifies motive: Report

Photo Illustration by Budrul Chukrut/SOPA Images/LightRocket via Getty Images

In late 2020, HAFNIUM allegedly breached the Microsoft Exchange Server, impacting computers worldwide, including a law firm and another university in the Southern District of Texas.

Microsoft announced the breach in March 2021, describing HAFNIUM as a "state-sponsored" group "operating out of China." It noted that the hackers had targeted "infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks, and NGOs."

RELATED: Agriculture secretary unveils plan to stop China’s farmland grab, bio-material smuggling threats

Feature China/Future Publishing via Getty Images

Xu was arrested in Milan, Italy, on July 3 at the request of the U.S. government and now awaits extradition proceedings. He was charged with wire fraud, conspiracy to commit wire fraud, conspiracy to cause damage to and obtain information by unauthorized access to protected computers to commit wire fraud and to commit identity theft, obtaining information by unauthorized access to protected computers, intentional damage to a protected computer, and aggravated identity theft.

Ganjei stated, "The Southern District of Texas has been waiting years to bring Xu to justice and that day is nearly at hand. As this case shows, even if it takes years, we will track hackers down and make them answer for their crimes. The United States does not forget."

The DOJ reported that Zhang remains at large.

Like Blaze News? Bypass the censors, sign up for our newsletters, and get stories like this direct to your inbox. Sign up here!

Signal Clone Used By Trump Officials Reportedly Breached — Hacker Says It Took 20 Minutes

'Whole process took about 15-20 minutes'