FOIA Requests From Former CIA, FBI agents
iAcross the United States, cybersecurity teams at federal agencies, defense contractors, telecom firms, and critical infrastructure operators are being warned to prepare for the next Russian cyberattack.
In March, the Federal Bureau of Investigation and the federal government’s Cybersecurity and Infrastructure Security Agency, known as CISA, warned that Russian intelligence-linked hackers were targeting users of supposedly secure consumer messaging applications such as the encrypted messaging app Signal. The joint announcement said Russian state-sponsored hackers had successfully broken into thousands of accounts, targeting “individuals of high intelligence value, such as current and former U.S. government officials, military personnel, political figures, and journalists.”
That warning was just the latest among many that have underscored continuing concern inside the U.S. intelligence and cybersecurity community over Russian cyber capabilities against U.S. targets. In September 2024, the National Security Agency, FBI, and CISA issued a joint advisory warning that Russian military cyber actors had been targeting critical infrastructure and internet-connected systems used by governments and private organizations worldwide “for the purposes of espionage, sabotage, and reputational harm since at least 2020.”
The five best-known Russian cyber groups are often known by their colorful “Bear” nicknames, though U.S. intelligence agencies typically track them by the Russian government organizations behind them.
“Fancy Bear” is best known for aggressive political and military hacking operations, including the 2016 Democratic National Committee intrusions and other election-related attacks. (The DNC’s subsequent federal lawsuit against the Russian Federation was thrown out. More about that later.)
“Cozy Bear” is associated more with long-term espionage and stealth infiltration, including the SolarWinds supply-chain compromise that penetrated multiple U.S. government agencies.
You can take a deeper dive into the Five Bears here. Docket Alarm counts 215 lawsuits against the Russian Federation.
“Sandworm,” another notorious Russian group, has been linked to some of the most destructive cyberattacks ever recorded, including the 2017 NotPetya malware outbreak and cyberattacks on Ukraine’s power grid. Together, the groups represent different arms of Russia’s broader cyber apparatus – political disruption, intelligence gathering, and outright digital sabotage.
Against this backdrop, a quieter inquiry was unfolding not long ago inside the Freedom of Information Office at the National Aeronautics and Space Administration – one driven not by public watchdogs or journalists, but by a group of former FBI agents, CIA analysts, and federal prosecutors specializing in intelligence collection and analysis, cyber forensics, crisis management, and physical security for private clients and law firms.
The New York-based investigative company, called SI Global Partners, filed numerous FOIA requests with NASA in 2024 probing the operational ties that still bind the U.S. space program to Russia.
SI Global says its clients are law firms, corporations, financial institutions, sports entities and associations, universities, high net worth individuals, resorts, casinos, and entertainment venues and arenas. On its website, the firm quotes testimonials from law firms Baker McKenzie and Seiden Law. The Seiden testimonial, from managing partner Robert W. Seiden, praises SI Global for its work on “a very complex and multi-national investigation on behalf of our global client.”
After the most recent federal government warnings about the Russian cyberhackers, we began digging into FOIAengine to see who else might be asking questions. When we saw the numerous requests from SI Global targeting U.S.-Russia space cooperation, we wondered who SI Global’s clients were, and why they were asking such detailed questions of NASA.
SI Global didn’t respond to our questions. But it doesn’t take a NASA rocket scientist to know that SI Global was probing for a key potential cyber-vulnerability within NASA. Modern cyber operations often exploit trusted relationships. The danger is not necessarily “Russian hackers sitting inside NASA.” Instead, SI Global’s multiple FOIA requests concentrated on the more likely, if subtle, threats: Russian equipment on American soil; Russian personnel movements; Russian-American contractor interactions; and future joint activities. Those are precisely the kinds of coordinates a security analyst would map if trying to understand where latent exposure or leverage might exist.
SI Global’s requests sought detailed information concerning operational cooperation between NASA and Russia, including planned joint activities, spacecraft launches, personnel and equipment movements, training exercises, intelligence exchanges, negotiations involving international space agreements, and attendee rosters tied to cooperative activities.
A second cluster of requests sought records concerning Russian-origin hardware, software, equipment, and materials located at NASA or NASA-contracted facilities in the United States, including inspection procedures, maintenance protocols, approval chains, and records concerning movement of Russian property into and out of the country.
The FOIA requests stood out to us not only because of their specificity, but also because of their tone. They were, in essence, operational mapping exercises – attempts to identify where Russian personnel, infrastructure, technology, and institutional relationships still intersect with American systems despite years of sanctions, cyber conflict, and geopolitical confrontation following Russia’s invasion of Ukraine.
That shift may represent a broader evolution in how the federal FOIA system itself is being used.
For years, Russia-related FOIA requests often centered on election interference, the Mueller investigation, or intelligence assessments surrounding the 2016 Democratic National Committee hack attributed to Russian military intelligence actors linked to groups such as Fancy Bear.
The civil lawsuit brought by the DNC against the Russian Federation became one of the most visible legal efforts to formalize allegations of Russian cyber operations targeting American political institutions. Filed in 2018, the lawsuit accused the Russian Federation, its intelligence operatives, WikiLeaks, the 2016 Trump campaign, and others of participating in or benefiting from the theft and dissemination of Democratic Party emails during the 2016 election cycle.
But the newer FOIA patterns emerging from federal request logs suggest that sophisticated requesters now are asking a different set of questions, focused on existing Russian operational relationships with the United States and dependencies that have survived the collapse in U.S.–Russia relations.
For decades, the International Space Station relied on a dense framework of shared engineering, logistics, launch coordination, personnel integration, and operational planning involving both nations. Even after the invasion of Ukraine triggered sweeping sanctions and diplomatic fallout, Russian-origin systems, personnel, and technologies remained embedded inside American aerospace infrastructure.
The SI Global requests appeared designed to explore exactly those kinds of questions.
Illustratively, one of SI Global’s 13 FOIA requests to NASA sought “a list of all Russian Federation-origin and Russian Federation-owned equipment, materials, supplies, Intellectual Property, and computer hardware and software (hereafter, property) that has been or is currently located at the Jet Propulsion Laboratory and used to support U.S.-Russia Space Agreements including, but not limited to, the International Space Station, the High Energy Neutron Detector, the Dynamic Albedo of Neutrons Investigation for the Mars Science Laboratory, the Lunar Exploration Neutron Detector, and the Konus-Wind Satellite. For property currently located at the Jet Propulsion Laboratory, please include whether the items listed are owned and/or controlled by the government of the Russian Federation or any associated entity.”
Public discussion surrounding Russian cyberthreats generally gravitates toward the FBI, election security, ransomware, or military intelligence. But the FOIA requests by SI Global instead point to where U.S.–Russian interdependence has persisted long after political relations deteriorated: space cooperation.
And in the case of Russia, the questions now being asked are less focused on Cold War-style espionage than on something more practical — and perhaps more unsettling.
Not whether Russia once infiltrated American systems, but how many operational connections still remain.
To see all the requests mentioned in this article, log in or sign up to become a FOIAengine user.
Next: The latest FOIA requests to the Food and Drug Administration.
FOIAengine is the only source for the most comprehensive, fully searchable archive of FOIA requests across over 40 federal departments and agencies. FOIAengine has more robust functionality and searching capabilities and standardizes data from different agencies to make it easier to work with. Learn more about FOIAengine here. Sign up here to become a trial user of FOIAengine.
PoliScio now offers everyone free daily FOIAengine Email Alerts when a new FOIA request matches one of your personal keywords. Sign up here to create your account and identify your keywords.
FOIAengine access now is available for all professional members of Investigative Reporters and Editors, a non-profit organization dedicated to improving the quality of journalism. IRE is the world’s oldest and largest association of investigative journalists. PoliScio Analytics is proud to be partnering with IRE to provide this valuable content to investigative reporters worldwide.
John A. Jenkins, co-creator of FOIAengine, is a Washington journalist and publisher whose work has appeared in The New York Times Magazine, GQ, and elsewhere. He is a four-time recipient of the American Bar Association’s Gavel Award Certificate of Merit for his legal reporting and analysis. His most recent book is The Partisan: The Life of William Rehnquist. His next book, Summer of ’71: Five Months That Changed America, about the fateful year before Watergate, will be out in June. Click here to watch the official book trailer. Jenkins founded Law Street Media in 2013. Prior to that, he was President of CQ Press, the textbook and reference publishing enterprise of Congressional Quarterly. FOIAengine is a product of PoliScio Analytics (PoliScio.com), a new venture specializing in U.S. political and governmental research, co-founded by Jenkins and Washington lawyer Randy Miller. Learn more about FOIAengine here. To review FOIA requests mentioned in this article, subscribe to FOIAengine.
Write to John A. Jenkins at JAJ@PoliScio.com.