The FBI Cyber Division is an operational arm of the U.S. Federal Bureau of Investigation, established in 2002 to consolidate the Bureau's response to computer-based threats. It investigates a wide range of cyber offenses, including computer intrusions, ransomware attacks, theft of intellectual property and personally identifiable information, online fraud schemes, and cyber operations conducted by foreign intelligence services or terrorist organizations.
The Division operates Cyber Task Forces in each of the FBI's 56 field offices, partnering with state, local, and federal agencies. It also coordinates closely with the Cybersecurity and Infrastructure Security Agency (CISA) at DHS, the National Security Agency (NSA), and U.S. Cyber Command. Internationally, it works with foreign law enforcement counterparts and embeds Cyber Assistant Legal Attachés (Cyber ALATs) in select U.S. embassies.
Key components and programs associated with the Division include:
- The Internet Crime Complaint Center (IC3), which collects public reports of cyber-enabled crime and publishes an annual report on losses and trends.
- The National Cyber Investigative Joint Task Force (NCIJTF), an interagency body the FBI leads to coordinate cyber threat investigations across the U.S. government.
- The CyWatch 24/7 operations center, which serves as the FBI's cyber command post for incident triage and notification.
The Division regularly issues joint cybersecurity advisories with CISA and allied agencies attributing intrusions to threat actors, and it has unsealed indictments against hackers linked to Russia, China, Iran, and North Korea. High-profile actions have included disruptions of botnets, ransomware infrastructure takedowns, and the recovery of a portion of the cryptocurrency ransom paid in the 2021 Colonial Pipeline incident.
For researchers, the Cyber Division is a primary U.S. source of attribution statements, indictments, and threat advisories, making its public releases useful citations for policy analysis on cybercrime, critical infrastructure protection, and state-sponsored cyber activity.
Example
In June 2021, the FBI Cyber Division announced it had recovered roughly $2.3 million in bitcoin paid by Colonial Pipeline to the DarkSide ransomware group.
Frequently asked questions
It was established in 2002 to centralize the FBI's response to cyber threats following a post-9/11 reorganization of Bureau priorities.
Keep learning