BREAKING - The FBI Was Hacked on Super Bowl Sunday. 100 Terabytes of Epstein Evidence Vanished.

Before we get into today's episode,

“I need to tell you about my brand new podcast, "War Desk".”

If you value how we fact-check the narrative and follow the raw data on this show, "War Desk" is built for you. It's a massive ongoing investigation into the rapidly escalating developments

happening in the Middle East right now. It is completely postpartisan and follows the facts. Instead of cable news talking points, we go straight to the source to explain the reality of global conflict.

Search for "War Desk" on Apple podcasts or Spotify right now, or check this episode's description for the links and hit follow. All right, let's get into the episode. (upbeat music)

Three million pages of evidence, thousands of unsealed flight logs, millions of data points, names, themes, and timelines connected. You are listening to the Epstein files.

The world's first AI native investigation into the case that traditional journalism simply could not handle. - Welcome back to the Epstein files. Last time we covered our last breaking news update

and today, breaking news has emerged about the FBI was hacked on Super Bowl Sunday. 100 terabytes of Epstein evidence vanished.

As always, every document we reference

is at EpsteinFiles.fm. - So the place to start is the EFTA documents, because the DOJ release contains hundreds of emails that show exactly how this relationship function.

“- The primary document you need to look at”

is the sworn declaration of Special Agent Erin E. Spivak. - Right. - That is cataloged as EFTA 00173569.pdf. - We have that in front of us. - To understand the sheer scale of this data loss,

you have to understand the architecture of the FBI C20 computer lab. The declaration outlines this clearly. It's not a standard office environment. - Exactly, it's a dedicated forensic space.

Built to process massive volumes of highly sensitive digital evidence. You are looking at isolated systems. - Air gap. - Air gap, yes.

Network attached storage, or NAS, and sprawling raid tower storage arrays. The documented function of this lab was processing child sexual abuse material. CSAM related to ongoing exploitation investigations.

The legal and psychological weight of this material requires it to be completely isolated from external networks. - Standard operating procedure. - It prevents accidental dissemination

and targeted external compromise. - But the sworn statement provides

“a minute by minute forensic accounting of an intrusion.”

- On Super Bowl Sunday. - February 12, 2023. - Spivak provided a physical outline to the interviewing supervisory special agents. We have the chronological baseline right now.

- It's starting the morning after. - Monday, February 13th. At 730 AM, Agent Spivak arrives at the C20 lab.

The first indicator is documented

as a seemingly mundane anomaly. Spivak's Tolino forensic computer had restarted overnight. - For those reviewing the files with us, a Tolino system is not a desktop computer.

- It's a heavy duty workstation. Build specifically for digital forensics. They have massive amounts of RAM, specialized hardware right blockers. - Their function is ingesting terabytes of data.

- From seized hard drives, mobile devices. The hardware right blockers ensure the system reads the data without altering a single bite of the original evidence. - Because altering a bite breaks the chain of custody. - Exactly.

And processes like hashing or indexing these drives run continuously, often for weeks. - So a spontaneous overnight restart. - Is a critical anomaly. It indicates an interruption of the operating system

that the user did not initiate. - 10 minutes later, the severity of the restart is documented. 7.4 AM. - He logs into the Tolino system.

- And a text file automatically executes from the window startup folder. - The text file explicitly states the network has been compromised. It provides an email address for contact.

- Concurrently, the anti-virus software identifies a potential threat. - The documents show the classic digital footprint of ransomware executable. - The threat actor drops the payload.

- Designed to execute upon system boot. - Putting it in the startup folder guarantees

is the first thing the user sees upon logging in.

- The anti-virus was active. - It was up to date. It flagged the anomalous activity. - But the documents show flagging a threat and neutralizing it are different things.

- Especially when the system hierarchy is compromised. - Which brings us to the next documented failure point. - Agent Spiveck attempts to quarantine the threat. - He discovers his administrative privileges have been revoked.

- Completely removed. He has locked out of the forensic machines root controls. - Root access is foundational. - It gives you authority to install software,

modify security configurations, delete system files. - So the loss of those privileges. - Confirms the system is compromised at the highest possible level. The intruder didn't just drop a text file.

They rewrote the local user permissions.

- And elevated themselves to the administrator.

- The threat actor holds root access. - Which means they have the authority

“to override the anti-virus software entirely.”

The quarantine protocols are useless. - The timeline shows the internal response initiating by 830 AM. Spiveck reaches out to Christian Idzulah. - At the computer analysis response team,

card. - Asking for immediate assistance. - By 9.0 AM, they reach out to external Tolino support. - The documents show Tolino support advised, running the anti-virus,

directly against the operating system hard drive. - To bypass the user interface lockouts. - Yes. - And this process identifies the specific vector of the attack. - The threat is attributed to a program called Axium.

- Magnet Axium. - A premier digital investigation platform.

- Used globally by law enforcement.

- Standard tool for recovering evidence from smartphones and cloud services. It is ubiquitous in a lab like C20. - The document show the intrusion was a highly specific booby trap.

- Left by the hacker. The malware was dormant.

“- Designed to execute only when the Axium forensic program was launched.”

- Which indicates the intruder possessed advanced knowledge of the specific software environment utilized by federal forensic examiners. - They tailored the attack to the exact tools the FBI uses. - To analyze digital evidence, yes.

- Looking at the sworn statement, there is a specific technical root cause identified for this breach. - The document show the hack resulted from an improperly configured remote desktop protocol board. - RDP is a proprietary protocol developed by Microsoft.

It lets a user take over a computer from miles away. - Viewing the screen, controlling the mouse. - It's convenient for a mode administration, but standard network security dictates RDP ports, specifically port 3389,

must never be exposed directly to the public internet.

- In a secure environment, RDP is shielded. - Behind virtual private networks, strict firewalls, multi-factor authentication. - Exposing it directly to the internet is a massive vulnerability.

- Automated scanners constantly crawling internet looking for open RDP ports. - And once found.

“- They brute force the logging credentials”

until they gain entry. - Agent Spivac explicitly notes the circumstances surrounding this configuration in his declaration. - He was attempting to set up remote access. - To increase efficiency during the COVID-19 pandemic lockdowns.

- The documented intention was allowing agents to monitor long running forensic processing on the Tolina machines without physically traveling into the New York City field office. - We have to measure this against the institutional guidance

documented in the file. - Spivac states he operated under guidance from his direct supervisor. - Supervisory special agent Heath Graves. - SSA Graves advised him to follow instructions

available on the public Microsoft website. - For setting up the RDP. - Yes. The declaration explicitly notes Spivac lacked formal training in network architecture.

- He was not a credentialed system administrator. - He attempted to configure the port based on public web tutorials. He documented his belief that the FBI buildings overarching security protocols

would automatically prevent unauthorized access. - He had no idea he had opened the C20 labs local area network directly to the outside internet. - This is inconsistent with the baseline security protocols required at a premier law enforcement agency.

- The document show the C20 lab completely lacked dedicated network administrators. - You are looking at digital forensic examiners. - Experts in analyzing seized hard drives. - Task with designing and securing their own local area

network from scratch. Without the requisite training or institutional oversight. - The documented data loss resulting from this is severe. - The sworn declaration states 500 terabytes of data vanished

as a direct result of the intrusion. - 500 terabytes. - A single terabyte holds roughly 250,000 high-resolution photographs or 500 hours of high-definition video. - 500 terabytes is an astronomical volume of digital evidence.

- In a lab processing CSAM and exploitation networks, this represents millions of individual evidentiary files. - Spivec documented the subsequent recovery efforts in detail. - The squad was eventually able to recover approximately 400 terabytes of the compromised data.

- The document show this recovery relied entirely on the forensic practice of hashing. - A hash is a unique digital fingerprint for a file. - Generated by an algorithm. - Yes, like an MD5 or SHA-256 hash.

A fixed length string of text and numbers. - If a single pixel and an image is altered, the entire hash value changes. - The law enforcement agencies maintain massive, centralized databases of known hash values

corresponding to illegal images. - So by running known hash values against the compromised storage arrays. - The Tolino system identifies and reconstitutes the files based on their mathematical fingerprint.

- Avoiding the need for agents to visually review 400 terabytes of exploitation material. - Exactly, but the forensic math here is unforgiving. - The document show exactly 100 terabytes of data remain permanently lost.

- A permanent loss of 100 terabytes of evidence

“introduced in catastrophic legal implications”

for any ongoing investigations tied to that data. - Chain of custody is paramount in federal prosecutions. Defense attorneys meticulously scrutinized beta handling to ensure it hasn't been altered or accessed by unauthorized individuals.

- When an unknown threat actor infiltrates a federal lab, gains root access. - Booby traps forensic software. And permanently deletes or encrypts 100 terabytes of data. - That chain of custody is irrevocably broken.

- Any prosecution relying on that compromised hardware faces severe admissibility challenges in court. - The documented institutional response to this data loss reveals a severe breakdown in operational support. - When Spizzac realized the extent of the intrusion,

he recognized the urgent need to network the standalone computer securely.

- He escalated the issue.

- The declaration states networking is explicitly not a digital extraction technician function. - Not a DixT function correct. - He followed standard bureaucratic procedures. - He formally asked the computer analysis response team,

the operational technology division, OTD, and the Office of the Chief Information Officer. - OCIO. - Asking for assistance in securing the lab. - The documents show the exact verbatim response

from OTD. - Agent Spizzac was told to Google it. - The file states plainly, no one else tried to help us. - This is a squad inside the premier federal law enforcement agency, dealing with a catastrophic breach of exploitation evidence.

- And the official directive from the operational technology division was to use a commercial search engine to solve the problem. - The desperation within the squad is documented clearly. - The standard IT units handling FBI networks

refused to assist with misattributed networks. - So the squad was forced to operate outside a standard channels. The documents show they put out a canvas for a confidential human source. A CHS is typically an informant recruited for intelligence on criminal organizations.

- But in this instance, the squad was explicitly searching for an informant with a background in networking. - Or system administration. Simply to assist them in routing a local area network within their secure facility.

- That doesn't add up. - The documented reality shows highly trained agents utilizing off the shelf commercial switch boxes. - Relying on public Google searches for enterprise network security protocols. - And canvassing for human informants simply to cable a forensic lab.

- It reveals severe systemic siloing within federal agencies. - Specialized units handling compartmentalized data are isolated from the broader institutional infrastructure.

- When a crisis occurs, that isolation is a critical vulnerability.

- Leading agents to function is amateur tech support while handling terabytes of volatile evidence. - The correlation between this network vulnerability and the specific investigation files targeted is documented in the timeline.

- Agent Spivex log from 4.30 PM on the day of discovering. - The squad analyzed the strange IP activity interacting with their network. - The log explicitly documents that the external activity included combing through certain files pertaining

to the Epstein investigation. - The documents show a direct intersection of events. - The improperly configured RDP port, the axiom booby trap, the permanent loss of 100 terabytes of data. - And the specific unauthorized accessing

of the Epstein investigation files.

“- You must measure this physical compromise of evidence”

against the authorized, administrative withholding of files currently documented in the congressional record. - This brings us to the February 25, 2026, letter from House Oversight Chairman James Comer

to Attorney General Pamela Bondi. - We are strictly conveying the contents of this primary source material. - And partially. - Without endorsing any of its viewpoints.

The letter documents specific allegations that the Department of Justice is withholding Epstein-related materials. - Per sewant to the Epstein files transparency act, EFTA. - And a previously issued congressional subpoena.

- The document details allegations that the DOJ is suppressing files relating to the alleged sexual abuse of a minor by Donald Trump. - The letter references a documented response from the DOJ regarding these withheld materials.

- The DOJ stated it is legally withholding materials that fall into three specific categories. - Do placates. - Privilege information. - Yeah.

- Or files that are part of an ongoing federal investigation.

“- You have to analyze those legal justifications.”

With holding duplicates is a standard administrative procedure to prevent volume redundancy. - Cleaning privilege typically refers to executive privilege or attorney client protections. - Siting an ongoing federal investigation

is the most substantial justification. - It implies active law enforcement operations that could be compromised by public disclosure. - Chairman Comer's letter site specific independent reporting in its footnotes.

- Referencing is sub-sac article by Roger Salonberger. - And detailed reporting from NPR. dated February 23 and 24, 2026. - These citations document allegations

after she reportedly refused to cooperate against him.

“- The letter demands the immediate production”

of all withheld files. - And a full accounting of the precise legal bases for withholding these documents from congressional oversight. - We cross-reference these documented institutional decisions with the public opinion data provided

in the CNN and Ipsos polling source. - The data shows 65% of surveyed adults believe the statement that the federal government is hiding information about the death of accused sex trafficker, Jeffrey Epstein, is true.

- This belief crosses political affiliations uniformly. - 57% of Republicans, 76% of Democrats, 64% of independence, all marking the statement is true. - The polling data also addresses the public perception of institutional accountability.

- When asked how well the statement,

the F.C. files show the powerful people in the US

are rarely held accountable for their actions. Describes their views, significant majorities aligned with the statement. - The documents show a clear statistical consensus regarding a perception of institutional concealment.

- When you put these realities side by side, the contrast is strictly documented in the source material. - On one hand, you have the unauthorized access and permanent loss of 100 terabytes of evidence, via the Super Bowl Sunday hack.

- Facilitated by systemic negligence in the C20 lab. - On the other hand, you have the authorized concealment of specific investigation files by the DOJ. - Siting privilege and active investigations. - Both vectors result in a documented lack

of public transparency regarding the totality of the Epstein files. - To understand the scope of the specific files being targeted by the hackers and withheld by the DOJ,

“you must audit the recovered EFTA email correspondence.”

- This establishes the documented day-to-day footprint of the network. - The source material contains a series of communications linked to the primary email address. - [email protected].

- The email ledger provides precise dates, subjects, and specific individuals. - Mapping exactly how mundane social planning operated parallel to the criminal enterprise. - August 9, 2010.

An email from David Grossoff is sent to the GVocation account. The communication references a Sloan MBA graduate named Jason Sulphin. The email notes Sulphin is moving to enterprise software project management. Focusing on the mansion renovation of ultra high net worth individuals at Banacker construction. The document notes the company's specific focus is on $3,000,000,000 to $100,000.

In the San Francisco Bay Area and Napa Valley. The email specifically infers, a Pritzker son, has been one of the customers taken care of by this firm. This email demonstrates the strategic targeting of real estate and development networks. Catering strictly to the ultra wealthy.

“It documents the continuous monitoring of high net worth ecosystems in California.”

Entirely separate from the Florida and New York operations primarily associated with the investigation. The networking extends to the highest levels of media and society. August 24, 2010. The documents show an internal forward from Leslie Graff to the Geification account. The subject line is simply F.W. lists from Peggy.

The email contains the finalized guest list for what is described as William Aster's dinner. Imparcially reading the documented list, it includes Dan Abrams. William Aquavella. Christiane Avon 4, Lord and Lady Aster. Andre Belaz, Martin Machier, Sid Bass.

Reviewing that list, you're looking at a precise cross section of global influence. Gathered at a single dinner. High profile broadcasterism represented by Amon Poor and Machier. Legal and media analysis represented by Abrams. Luxury hospitality represented by Belaz.

Legacy wealth represented by the Aster's and Bass. The documents show how these highly curated social engagements function as operational camouflage. The network relied on proximity to legitimate global influence, to normalize its operations, and insulate itself from scrutiny.

This brings us to a critical piece of newly released viral evidence,

directing how the operator viewed his own profile within this network. The documents show an email exchange dated December 28th, 2018. Sent from the [email protected] account to Machia Dracova. To contextualize this communication, Machia Dracova had introduced several female contacts to the network. The email documents introduction to Katia described as a corporate lawyer.

Elizia described as a film director working on a human rights virtual reality project. In Alexandria described as an actress. The introduction of these young women fits the documented pattern of continuous recruitment and networking. The reply from the GVacation account to this introduction is highly specific. Writing in response, the operator states,

"She almost fainted when I told her that person is me and referenced to someone researching a bad guy who gets children for sex sent to his island." This language requires meticulous forensic analysis. You are looking at documentation from December 2018. A period long after the initial 2008 Florida conviction.

"Openly discussing an individual researching a bad guy who gets children for sex sent to his island."

“"And explicitly confirming that person is me."”

The psychology documented here is profound.

He is putting in writing to a third-party a direct acknowledgement of the exact

criminal behavior under investigation. Using it almost as a conversational anecdote. While simultaneously continuing to network with new female contacts like Katia, Elizia, and Elizandra. It demonstrates a documented belief and complete impunity.

The operator is not attempting to conceal his reputation from these new contacts. He is openly weaponizing that notoriety within routine social correspondence. "This is the caliber of primary source evidence contained within the EFTA releases." Which contextualizes why these specific files were targeted during the Super Bowl Sunday intrusion. "Moving forward in the chronology of the ledger on February 8, 2013,

correspondence with Bill Seagull is documented." The subject-line references of front-page magazine interview titled "The Control Factor." Within this exchange, the G-vocation account writes, "I became friendly with Shirley McLean last year and went to her ranch in Santa Fe.

“I may go back and remember, you own half the ranch land here or something.”

Do you still like it there?" The location is further specified and a previous reply within the thread as Zoro Ranch. This correspondence documents the continuous expansion of geographic and social access. "The networking was not limited to New York or Florida. It extended into private ranch lands into Mexico."

Leveraging connections with established entertainment figures like Shirley McLean. "To secure access and further normalize the operations footprint in the American West." Beyond individual communications and private dinners, the documents show the expansive digital architecture required to manage the enterprise's public face. Document EFT 01534118 provides a sprawling ledger titled "Other Internet Account Information."

This is not a list of covert servers. It is a spreadsheet listing everyday Internet Accounts, websites, blog sites, and public profiles. It administered by third-party reputation management service providers engaged by the network.

“The list is exhaustive. It documents managed business directory listings on platforms like”

4118 coupons, chamber of commerce.com, city search, and crunch base. It outlines social network directories on flicker and cloud. Managed public profiles on gather and LinkedIn. "Foundation directories on grant watch." Maintaining a reputation management profile on a site like 8 coupons

seems entirely disjointed from the profile of an international finance year. "But it illustrates the mechanics of search engine optimization in SEO." Utilized to flood search results. By paying third-party providers to generate and manage hundreds of mundane profiles across business directories and coupon sites,

the enterprise ensured that any public internet search of the name would return pages of benign corporate results.

Effectively barrying critical news coverage were victim testimonies

under an avalanche of generated noise. The documents show how this mundane digital networking operated continuously to sanitize the public record. The EFTA Communications mapped the true breadth of the network. The primary source evidence demonstrates high-profile dinner lists with global media figures.

"Targeted real estate networking in the San Francisco Bay Area." "Brazen admissions of criminal profiles in routine emails." "And a sprawling digital management strategy occurring parallel to the criminal enterprise." The targeting of these specific investigation files by strange IP addresses during the C20 lab

intrusion highlights the extraordinary value of this data to external actors. "Somerizing the documented facts versus what remains definitively unknown requires strict adherence to the primary sources provided." The documents prove via a sworn declaration that a severe breach of the FBI C20 forensic lab occurred on February 12, 2023.

"This breach was facilitated via a misconfigured RDP port."

This critical error was made by an agent lacking formal networking training.

"Who is attempting to establish remote access during the operational strain of the COVID-19 pandemic?" "Acting on supervisor advice to consult public websites." "The documents prove that during this intrusion, the deployed axiom booby trap allowed strange IP activity to comb directly through the Epstein investigation files." "The hack resulted in the total compromise of 500 terabytes of evidence."

"Despite hashing recovery efforts, 100 terabytes of this data are permanently lost." "Effectively destroying the chain of custody for that specific material." "For other more, the source material proves a current congressional standoff exists over the remaining secured DOJ documents." "The House Oversight Committee has documented formal allegations that files relating to

Donald Trump are being actively suppressed." "While the DOJ has documented its legal stance, that though withheld files are duplicates, protected by privilege, or part of an ongoing federal investigation." "What remains completely unknown is the exact file-by-file contents of the hundred terabytes

"We simply do not have documentation detailing which specific Epstein files vanished into the

ether."

“"Additionally, the scope and outcome of the ongoing federal investigations cited by the DOJ as the primary”

justification for withholding the remaining FT files remains entirely unknown to the public and to congressional oversight committees." "There is a final analytical question raised directly by the source text regarding broader institutional security."

"Barried within the pages of the speedback declaration is a brief reference to the use of

an external program called Apostle X."

“"The DOJ states this specific program was installed on a completely standalone computer."”

"Connected to a mis-attributed, essentially covert internet line originating from within the secure FBI facility." "Agent speedback documents the operational protocols for this machine." "He states he used his personal cellular telephone to conduct FaceTime and video chats with the external Apostle X engineers."

"While physically standing inside the restricted FBI space."

“"The declaration notes the squad would meticulously sanitize the physical room so the outside”

engineers could not see any sensitive material or CSAM over the video calls." "Spid-back notes, he did not have a background in computer coding. So he would manually type in the coding instructions verbally given to him by the outside engineers over his personal phone to update the standalone machine." "The declaration plainly states there was no formalized process set up for updating the

standalone computer." "This is entirely inconsistent with the baseline requirements of secured forensic environments." "You have federal agents using personal iPhones to facilitate manual code injections into a specialized law enforcement network." "By uncleared external engineers."

"If a simple documented RDP mis-configuration on a local network resulted in the permanent loss of 100 terabytes of high-profile evidence, how many other unmonitored, mis-attributed networks like the Apostle X setup are currently operating outside standard security protocols,

quietly exposing other critical investigations to similar vulnerabilities."

"We don't have documentation for that." "We'll be watching this closely if more documents surface will be back with an update." "You have just heard an analysis of the official record. Every claim, name and date mentioned in this episode, is backed by primary source documents. You can view the original files for yourself at EpsteinFiles.fm. If you value this data first approach to journalism, please leave a five-star

review wherever you're listening right now. It helps keep this investigation visible. We'll see you in the next file."