BREAKING - The FBI Was Hacked on Super Bowl Sunday. 100 Terabytes of Epstein Evidence Vanished. - The Epstein Files

THE EPSTEIN FILES – Episode Summary
Episode: BREAKING – The FBI Was Hacked on Super Bowl Sunday. 100 Terabytes of Epstein Evidence Vanished.
Date: February 28, 2026
Host: Island Investigation

Episode Overview

This episode of The Epstein Files delivers a meticulous, document-driven analysis of a catastrophic loss of digital evidence: on Super Bowl Sunday, the FBI’s dedicated C20 forensic lab was hacked, resulting in the permanent disappearance of 100 terabytes of evidence related to the Jeffrey Epstein investigation. The hosts reconstruct the story using sworn declarations, forensic logs, and congressional correspondence, examining not only the technical specifics of the breach but also its wider legal, investigative, and public trust implications. The episode culminates in a forensic juxtaposition of unauthorized data loss via cyber-intrusion and the formal, legal withholding of information by the Department of Justice (DOJ), contextualized with newly released primary source material.

Key Discussion Points and Insights

1. Technical Anatomy of the Hack

[01:36 – 06:20]

Primary Source: Sworn declaration of FBI Special Agent Aaron E. Spivak (EFTA0001-73569 PDF).
FBI C20 Lab: Outlined as a highly isolated, air-gapped environment for processing massive, sensitive digital evidence, especially child sexual abuse material (CSAM).
Discovery: On February 13, 2023, Agent Spivak finds his forensic Tolino workstation had rebooted overnight—an anomaly for a system designed for continuous, uninterrupted operation ([02:55]).
Ransomware Indicators: Upon login, a ransom note appears; antivirus detects but does not neutralize the breach. The threat actor had already revoked Spivak’s admin privileges, seizing root access ([04:00 – 05:14]).
- Quote: "The loss of those privileges confirms the system is compromised at the highest possible level. The intruder didn’t just drop a text file. They rewrote the local user permissions." – C [04:52]
Breach Vector: Attack exploited Remote Desktop Protocol (RDP) exposed to the internet due to pandemic-triggered remote work; Spivak, following public Microsoft documentation and without formal networking training, opened the lab to external intrusion ([06:25 – 07:55]).
- Quote: "He attempted to configure the port based on public web tutorials. He documented his belief that the FBI building’s overarching security protocols would automatically prevent unauthorized access." – C [07:58]

2. Organizational Failures and Data Loss

[08:15 – 12:14]

No Professional IT Support: The C20 lab lacked dedicated network administrators—digital forensic examiners were tasked with network design and security, a clear breach of procedure ([08:20 – 08:37]).
- Quote: "You are looking at digital forensic examiners, experts in analyzing seized hard drives, tasked with designing and securing their own local area network from scratch. Without the requisite training or institutional oversight." – C [08:25]
Scope of Loss: 500 TB compromised, 400 TB recovered via forensic hashing; 100 TB permanently lost ([09:06 – 10:04]).
- Quote: "500 terabytes is an astronomical volume...this represents millions of individual evidentiary files." – C [08:59]
Legal Consequences: The chain of custody irrevocably broken for compromised material—prosecutions threatened with severe admissibility issues ([10:04 – 10:37]).
- Quote: "Any prosecution relying on that compromised hardware faces severe admissibility challenges in court." – C [10:37]
Institutional Response: Multiple requests for secure networking support met with a directive to “Google it” from Operational Technology Division ([11:19 – 11:26]).

3. Targeting & Value of Compromised Evidence

[12:49 – 13:27]

Direct Epstein File Targeting: Forensic logs reveal external IP activity focused on Epstein investigation files; the breach and the targeting coincide in the timeline ([13:04 – 13:27]).

4. DOJ’s Withholding of Epstein Files

[13:36 – 16:37]

Congressional Oversight: February 25, 2026, letter from House Oversight Chairman James Comer demands withheld materials, referencing allegations DOJ is suppressing files related to alleged sexual abuse of a minor by Donald Trump ([13:43 – 14:14]).
DOJ’s Justifications: Withholding under three categories—duplicates, privileged information (executive/client privilege), and files in ongoing investigations ([14:14 – 14:43]).
Public Perception: Citing CNN/Ipsos polling, 65% of Americans across party lines believe the federal government is hiding Epstein-related information ([15:27 – 16:07]).
- Quote: "Significant majorities align with the statement—the documents show a clear statistical consensus regarding a perception of institutional concealment." – C [16:03]

5. Forensic Detail – Newly Released EFTA Files

[16:37 – 23:12]

Granular Email Evidence:
- Real estate networking targeting ultra-wealthy Californian estates far from usual NY/FL operations ([17:06 – 17:54]).
- High-profile guest lists (e.g., William Astor’s dinner) included major journalists, socialites, and industry elites ([18:00 – 18:46]).
- Quote: "Reviewing that list, you are looking at a precise cross section of global influence gathered at a single dinner." – C [18:26]
Profile of the Operator:
- Self-incriminating correspondence (Dec 28, 2018) from “gvacationmail.com” stating:
  
  “She almost fainted when I told her that person is me.” ([19:42 – 19:53]) In reference to someone researching “a bad guy who gets children for sex sent to his island.”
- Quote & Analysis: "The psychology documented here is profound. He is putting in writing to a third party a direct acknowledgment of the exact criminal behavior under investigation..." – C [20:17]
Reputation Management:
- The network hired firms to generate hundreds of benign web profiles to bury negative news in search results ([21:56 – 23:00]).
- Quote: "It illustrates the mechanics of search engine optimization utilized to flood search results...burying critical news coverage or victim testimonies under an avalanche of generated noise." – C [22:42]

6. Systemic Security Weaknesses – The Apostle X Example

[25:32 – 27:13]

Improvised Operations: Inconsistent security practices documented, notably with the use of outsider-supplied code (from Apostle X) injected into FBI systems via agents' personal phones and video instructions ([25:44 – 26:48]).
- Quote: "You have federal agents using personal iPhones to facilitate manual code injections into a specialized law enforcement network by uncleared external engineers." – B [26:43]

Notable Quotes & Memorable Moments

On Root Access Loss (05:00): "They demoted the federal agent to a standard user and elevated themselves to the administrator." – C [05:02]
On Catastrophic Data Loss (10:04): "A permanent loss of 100 terabytes of evidence introduces catastrophic legal implications for any ongoing investigations tied to that data." – B [10:04]
On Institutional Neglect (11:19): "The documents show the exact verbatim response from OTD... Agent Spizak was told to Google it." – B & C [11:24 – 11:26]
On Strategic Impunity (20:34): "The operator is not attempting to conceal his reputation from these new contacts. He is openly weaponizing that notoriety within routine social correspondence." – C [20:38]
On Broader Failures (26:43): "You have federal agents using personal iPhones to facilitate manual code injections into a specialized law enforcement network by uncleared external engineers." – B [26:43]

Important Segment Timestamps

Sworn Declaration and Lab Setup – [01:36 – 02:56]
Discovery of the Hack – [02:55 – 04:20]
Malware and Loss of Privileges – [04:20 – 05:14]
Breach Vector: RDP Configuration – [06:25 – 07:55]
Legal and Institutional Fallout – [09:06 – 11:26]
Forensic Details: Email Evidence – [16:37 – 23:12]
Apostle X Security Lapse – [25:32 – 27:13]

Synthesis: Facts vs. Unknowns

Documented Facts:
- The FBI’s C20 lab was breached (Feb 12, 2023) via a misconfigured RDP port.
- 500 TB of evidence was compromised; 400 TB recovered; 100 TB permanently lost.
- Specific Epstein-related files were targeted in the breach.
- Congressional committee demands—and DOJ refuses to produce—remaining files, citing privilege and ongoing investigations.
- Brazen operational carelessness and inadequate support exposed systemic vulnerabilities.
Unknowns:
- The precise content/file-by-file breakdown of the 100 TB lost.
- The future scope and outcome of DOJ’s cited ongoing investigations.
- How many similar security backdoors may exist in comparable federal evidence labs.

Concluding Analysis

The episode meticulously documents a dual crisis: unauthorized, catastrophic loss of investigation material via technical negligence, and ongoing, legally sanctioned opacity by federal authorities. Primary source evidence reveals both the systemic gaps that enabled the hack and the expansive, deliberate nature of Epstein’s network and its digital self-defense mechanisms. The synthesis is stark: data vanished into the ether, institutional trust continues to erode, and the public remains in the dark on the true scope of both the case and the underlying failures that allowed this breach.

All referenced documents are accessible at epsteinfiles.fm.

THE EPSTEIN FILES – Episode Summary
Episode: BREAKING – The FBI Was Hacked on Super Bowl Sunday. 100 Terabytes of Epstein Evidence Vanished.
Date: February 28, 2026
Host: Island Investigation

Episode Overview

Key Discussion Points and Insights

1. Technical Anatomy of the Hack

[01:36 – 06:20]

Primary Source: Sworn declaration of FBI Special Agent Aaron E. Spivak (EFTA0001-73569 PDF).
FBI C20 Lab: Outlined as a highly isolated, air-gapped environment for processing massive, sensitive digital evidence, especially child sexual abuse material (CSAM).
Discovery: On February 13, 2023, Agent Spivak finds his forensic Tolino workstation had rebooted overnight—an anomaly for a system designed for continuous, uninterrupted operation ([02:55]).
Ransomware Indicators: Upon login, a ransom note appears; antivirus detects but does not neutralize the breach. The threat actor had already revoked Spivak’s admin privileges, seizing root access ([04:00 – 05:14]).
- Quote: "The loss of those privileges confirms the system is compromised at the highest possible level. The intruder didn’t just drop a text file. They rewrote the local user permissions." – C [04:52]
Breach Vector: Attack exploited Remote Desktop Protocol (RDP) exposed to the internet due to pandemic-triggered remote work; Spivak, following public Microsoft documentation and without formal networking training, opened the lab to external intrusion ([06:25 – 07:55]).
- Quote: "He attempted to configure the port based on public web tutorials. He documented his belief that the FBI building’s overarching security protocols would automatically prevent unauthorized access." – C [07:58]

2. Organizational Failures and Data Loss

[08:15 – 12:14]

No Professional IT Support: The C20 lab lacked dedicated network administrators—digital forensic examiners were tasked with network design and security, a clear breach of procedure ([08:20 – 08:37]).
- Quote: "You are looking at digital forensic examiners, experts in analyzing seized hard drives, tasked with designing and securing their own local area network from scratch. Without the requisite training or institutional oversight." – C [08:25]
Scope of Loss: 500 TB compromised, 400 TB recovered via forensic hashing; 100 TB permanently lost ([09:06 – 10:04]).
- Quote: "500 terabytes is an astronomical volume...this represents millions of individual evidentiary files." – C [08:59]
Legal Consequences: The chain of custody irrevocably broken for compromised material—prosecutions threatened with severe admissibility issues ([10:04 – 10:37]).
- Quote: "Any prosecution relying on that compromised hardware faces severe admissibility challenges in court." – C [10:37]
Institutional Response: Multiple requests for secure networking support met with a directive to “Google it” from Operational Technology Division ([11:19 – 11:26]).

3. Targeting & Value of Compromised Evidence

[12:49 – 13:27]

Direct Epstein File Targeting: Forensic logs reveal external IP activity focused on Epstein investigation files; the breach and the targeting coincide in the timeline ([13:04 – 13:27]).

4. DOJ’s Withholding of Epstein Files

[13:36 – 16:37]

Congressional Oversight: February 25, 2026, letter from House Oversight Chairman James Comer demands withheld materials, referencing allegations DOJ is suppressing files related to alleged sexual abuse of a minor by Donald Trump ([13:43 – 14:14]).
DOJ’s Justifications: Withholding under three categories—duplicates, privileged information (executive/client privilege), and files in ongoing investigations ([14:14 – 14:43]).
Public Perception: Citing CNN/Ipsos polling, 65% of Americans across party lines believe the federal government is hiding Epstein-related information ([15:27 – 16:07]).
- Quote: "Significant majorities align with the statement—the documents show a clear statistical consensus regarding a perception of institutional concealment." – C [16:03]

5. Forensic Detail – Newly Released EFTA Files

[16:37 – 23:12]

Granular Email Evidence:
- Real estate networking targeting ultra-wealthy Californian estates far from usual NY/FL operations ([17:06 – 17:54]).
- High-profile guest lists (e.g., William Astor’s dinner) included major journalists, socialites, and industry elites ([18:00 – 18:46]).
- Quote: "Reviewing that list, you are looking at a precise cross section of global influence gathered at a single dinner." – C [18:26]
Profile of the Operator:
- Self-incriminating correspondence (Dec 28, 2018) from “gvacationmail.com” stating:
  
  “She almost fainted when I told her that person is me.” ([19:42 – 19:53]) In reference to someone researching “a bad guy who gets children for sex sent to his island.”
- Quote & Analysis: "The psychology documented here is profound. He is putting in writing to a third party a direct acknowledgment of the exact criminal behavior under investigation..." – C [20:17]
Reputation Management:
- The network hired firms to generate hundreds of benign web profiles to bury negative news in search results ([21:56 – 23:00]).
- Quote: "It illustrates the mechanics of search engine optimization utilized to flood search results...burying critical news coverage or victim testimonies under an avalanche of generated noise." – C [22:42]

6. Systemic Security Weaknesses – The Apostle X Example

[25:32 – 27:13]

Improvised Operations: Inconsistent security practices documented, notably with the use of outsider-supplied code (from Apostle X) injected into FBI systems via agents' personal phones and video instructions ([25:44 – 26:48]).
- Quote: "You have federal agents using personal iPhones to facilitate manual code injections into a specialized law enforcement network by uncleared external engineers." – B [26:43]

Notable Quotes & Memorable Moments

On Root Access Loss (05:00): "They demoted the federal agent to a standard user and elevated themselves to the administrator." – C [05:02]
On Catastrophic Data Loss (10:04): "A permanent loss of 100 terabytes of evidence introduces catastrophic legal implications for any ongoing investigations tied to that data." – B [10:04]
On Institutional Neglect (11:19): "The documents show the exact verbatim response from OTD... Agent Spizak was told to Google it." – B & C [11:24 – 11:26]
On Strategic Impunity (20:34): "The operator is not attempting to conceal his reputation from these new contacts. He is openly weaponizing that notoriety within routine social correspondence." – C [20:38]
On Broader Failures (26:43): "You have federal agents using personal iPhones to facilitate manual code injections into a specialized law enforcement network by uncleared external engineers." – B [26:43]

Important Segment Timestamps

Sworn Declaration and Lab Setup – [01:36 – 02:56]
Discovery of the Hack – [02:55 – 04:20]
Malware and Loss of Privileges – [04:20 – 05:14]
Breach Vector: RDP Configuration – [06:25 – 07:55]
Legal and Institutional Fallout – [09:06 – 11:26]
Forensic Details: Email Evidence – [16:37 – 23:12]
Apostle X Security Lapse – [25:32 – 27:13]

Synthesis: Facts vs. Unknowns

Documented Facts:
- The FBI’s C20 lab was breached (Feb 12, 2023) via a misconfigured RDP port.
- 500 TB of evidence was compromised; 400 TB recovered; 100 TB permanently lost.
- Specific Epstein-related files were targeted in the breach.
- Congressional committee demands—and DOJ refuses to produce—remaining files, citing privilege and ongoing investigations.
- Brazen operational carelessness and inadequate support exposed systemic vulnerabilities.
Unknowns:
- The precise content/file-by-file breakdown of the 100 TB lost.
- The future scope and outcome of DOJ’s cited ongoing investigations.
- How many similar security backdoors may exist in comparable federal evidence labs.

Concluding Analysis

All referenced documents are accessible at epsteinfiles.fm.

BREAKING - The FBI Was Hacked on Super Bowl Sunday. 100 Terabytes of Epstein Evidence Vanished.

Get Free Podcast Summaries in Your Inbox

Pick Your Shows

Subscribe Free

Get Instant Summaries

Summary

Episode Overview

Key Discussion Points and Insights

1. Technical Anatomy of the Hack

[01:36 – 06:20]

2. Organizational Failures and Data Loss

[08:15 – 12:14]

3. Targeting & Value of Compromised Evidence

[12:49 – 13:27]

4. DOJ’s Withholding of Epstein Files

[13:36 – 16:37]

5. Forensic Detail – Newly Released EFTA Files

[16:37 – 23:12]

6. Systemic Security Weaknesses – The Apostle X Example

[25:32 – 27:13]

Notable Quotes & Memorable Moments

Important Segment Timestamps

Synthesis: Facts vs. Unknowns

Concluding Analysis

Summary

Episode Overview

Key Discussion Points and Insights

1. Technical Anatomy of the Hack

[01:36 – 06:20]

2. Organizational Failures and Data Loss

[08:15 – 12:14]

3. Targeting & Value of Compromised Evidence

[12:49 – 13:27]

4. DOJ’s Withholding of Epstein Files

[13:36 – 16:37]

5. Forensic Detail – Newly Released EFTA Files

[16:37 – 23:12]

6. Systemic Security Weaknesses – The Apostle X Example

[25:32 – 27:13]

Notable Quotes & Memorable Moments

Important Segment Timestamps

Synthesis: Facts vs. Unknowns

Concluding Analysis