The FBI warns agents that their call and text logs were potentially exposed in a data breach.
The FBI has raised the alarm that hackers who breached AT&T’s system last year may have stolen months of agents’ call and text logs, which could potentially lead to the identities of anonymous informants connected to the investigation, according to a document reviewed by Bloomberg.
While the hackers did not have access to the content of the conversations, the stolen call log data—records of who called whom, when, and for how long—poses significant risks, particularly the potential exposure of confidential informants and ongoing investigations.
The breach, which occurred through unauthorized access to AT&T’s workspace on the Snowflake cloud platform, compromised data from May 1 to October 31, 2022, with additional exposure extending into early 2023. The breach reportedly targeted services used of AT&T public safety, which include communications from government agencies such as the FBI.
An FBI spokesman told Reuters the agency “has a solemn responsibility to protect the identity and safety of confidential human resources who provide information every day that keeps the American people safe, often at great risk to themselves.” In a message below, the spokesman said the FBI has a responsibility to protect the identity of “any individual who contacts the FBI and provides information.”
How is call log metadata used in investigations?
Call log metadata may seem harmless at first glance, but in reality, it can reveal a wealth of sensitive information. In forensic analysis, call logs are a cornerstone for reconstructing communication networks, mapping relationships, and identifying key players in criminal activities. These records may also contain location information. Misuse of this data by adversaries can have serious consequences.
Call logs have long been a critical tool in criminal investigations, helping law enforcement trace connections between suspects, accomplices and victims. These logs provide a detailed timeline of communications, allowing investigators to piece together who was talking to whom and when. In the wrong hands, that same data can become a powerful tool for adversaries. By analyzing call patterns, adversaries can potentially identify contacts of FBI agents, some of whom may be confidential informants.
For example, frequent phone calls between an agent and a certain number could indicate a central informant in an investigation. Cross-referencing stolen call logs with other publicly available data, such as social media or location records, can further expose the identities and locations of informants.
Call log metadata is often more valuable than the content of conversations in an investigation. It creates a timeline, makes connections, and provides context that can be critical to understanding the extent of criminal activity. Digital forensics experts use call log metadata to build cases, identify patterns, and uncover hidden relationships.
In a criminal context, this knowledge is used by law enforcement in dismantling criminal networks and identifying key actors. For the defense, call log evidence can help establish alibis and identify other persons of interest.
However, when metadata is exposed, the same tools that aid investigations can be used against law enforcement—with adversaries using stolen call logs to map investigative networks, identify key informants, or attempt to predict the movements of future of the FBI. This breach highlights how seemingly small data — like who called who — can represent a major threat.
The FBI has been contacted for comment. When they respond, this article will be updated accordingly.