U.S. Marshals computer network down 10 weeks after ransomware hack
The computer network was operated by the Marshals’ Technical Operations Group (TOG), a secretive arm within the agency that uses technically sophisticated law enforcement methods to track criminal suspects through their cellphones, emails and web usage. Its techniques are kept secret to prolong their usefulness, and exactly what members of the unit do and how they do it is a mystery even to some of their fellow Marshals personnel.
The problem began in early February, when the TOG’s computer system was breached. A system that handles a vast amount of court-approved tracking of cellphone data, including location data, had been compromised. The incident was the latest example of the scourge of ransomware — a criminal scam in which the computer systems of hospitals, schools and companies are penetrated and the data is stolen or made inaccessible unless a ransom is paid.
The attack on the Marshals system showed that even high-level federal law enforcement agencies are not immune to ransomware. In the case of the TOG system, the network has existed outside regular Justice Department computer systems for years, unnoticed in the open, crowded internet.
Marshals officials refused to pay any ransom and instead moved to shut down the entire system. But in the course of doing so — according to people familiar with the matter who spoke on the condition of anonymity to discuss the inner workings of law enforcement surveillance, security and fugitive hunting — they took steps that had significant consequences.
To limit the potential spread of infected devices and systems, officials decided to wipe the cellphones of those who…