Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Government Security The Military United States

FBI Failed To Notify 70+ US Officials Targeted By Russian Hackers (apnews.com) 94

An anonymous reader quotes the AP: The FBI failed to notify scores of U.S. officials that Russian hackers were trying to break into their personal Gmail accounts despite having evidence for at least a year that the targets were in the Kremlin's crosshairs, The Associated Press has found. Nearly 80 interviews with Americans targeted by Fancy Bear, a Russian government-aligned cyberespionage group, turned up only two cases in which the FBI had provided a heads-up. Even senior policymakers discovered they were targets only when the AP told them, a situation some described as bizarre and dispiriting.

"It's utterly confounding," said Philip Reiner, a former senior director at the National Security Council, who was notified by the AP that he was targeted in 2015. "You've got to tell your people. You've got to protect your people." The FBI declined to answer most questions from AP about how it had responded to the spying campaign... A senior FBI official, who was not authorized to publicly discuss the hacking operation because of its sensitivity, declined to comment on timing but said that the bureau was overwhelmed by the sheer number of attempted hacks... A few more were contacted by the FBI after their emails were published in the torrent of leaks that coursed through last year's electoral contest. But to this day, some leak victims have not heard from the bureau at all.

Here's an interesting statistic from the AP's analysis. "Out of 312 U.S. military and government figures targeted by Fancy Bear, 131 clicked the links sent to them."
This discussion has been archived. No new comments can be posted.

FBI Failed To Notify 70+ US Officials Targeted By Russian Hackers

Comments Filter:
  • Just a guess (Score:5, Insightful)

    by Anonymous Coward on Sunday November 26, 2017 @04:24PM (#55626101)

    The FBI didn't want to compromise their ongoing operation. If they had notified the victims, even without disclosing that the hackers were thought to be from Russia, that would've probably caused some of the victims to tip off the fact that there was an FBI investigation into the mail hack.

    • by Anonymous Coward
      Yeah. Much better to just let them break in. I like the way you think.
      • Depends on what information was there, vs compromising what the intel world knows about the Russian/Chinese crackers.
        Snowden was a traitor and gave both a lot of information. Now, we need to make sure that neither of these nations (along with a few other nations/groups) discover how we track them.
    • No text
    • Close, but you miss the obvious. See, the FBI can't directly infiltrate these lawmaker's email accounts. Sure it's against the law, but you and I both know (ala Snowden and others) that something being against the law doesn't stop three letter agencies from doing it, especially when it comes to unlawfully acquiring information on Americans.

      In this case it's different, though. The information the FBI wants, in this case, is held by people who actually matter, not the people of the US, but the leaders of t

  • They keep calling them hackers, but the mention of clicking on links seems to suggest that this was a phishing campaign, which tend to make things more embarrassing than scary.
    • Spear phishing has compromised thousands of major organizations. You don't know what you're talking about if you think hacker groups won't use every means available. Stop running smokescreens thanks.
      • The point is that spear phishing attack is basically the least common denominator in all black hat hacking. Even a high school drop out could execute this from his mom's basement, yet the media and the government present this as a highly sophisticated government operation.

        Likewise, the DNC hack. To this day we haven't been presented even once piece of credible evidence that it was Russians.

    • by Anonymous Coward

      "more embarrassing than scary"
      that's just the first round.
      it's nice that you have some pointy words, but hacking you know not about.

    • Comment removed based on user account deletion
      • It's just a conveniently catchy Hollywood buzzword now. Try not to think about it. Hell, North Korea calls itself a "democratic republic". Words mean what people want them to.

      • Re: (Score:2, Interesting)

        Yes. Technically, they are hackers, as all phishing would be. What I'm saying is that they are projecting the sophistication of someone like Mitnick onto attacks that are, at least as this stage, closer to Nigerian prince scammers. We've seen one of these emails thanks to the Podesta leaks, and it's only a little more sophisticated.

        The reason I'm concerned is because it's furthering the repeating narrative of "RUSSIAN HACKERZ OMG" to shut down discussion about anything else, inflate the threat, and tur

      • In fact social engineering was Mitnick's primary tool. He had skills ... Don't get me wrong, but he also knew it is a he'll of a lot easier to call and ask for a password than it is to use technical means to get it. Indeed every person versed in security knows the weakest link is the human element.
    • According to Merriam Webster, one of the definitions of "hacker" is " a person who illegally gains access to and sometimes tampers with information in a computer system". I'm afraid that "spearfishing" would count as "hacking", especially with such a clear context.

  • "Three people familiar with the matter — including a current and a former government official — said the FBI has known for more than a year the details of Fancy Bear’s attempts to break into Gmail inboxes." By my calculations that would be the Obama Justice Department, James Comey, and Robert Mueller. AMIRIGHT?

    What could possibly be their motivation for not notifying the targets?

    “IT’S CURIOUS”
  • by WindBourne ( 631190 ) on Sunday November 26, 2017 @05:11PM (#55626269) Journal
    The real issue is that they are mixing personal life with military. That absolutely should NOT happen.
    The west continues to drop our guard on classified information which is foolish, esp. since most of personal computers are running Windows. This makes it trivial to crack.
    What is needed is to require that personal stuff either not be ran on military laptops, OR that it be over a VPN/remote display, OR that it simply be on a virtual system, with the personal being the client, not the other way around.

    The west is not taking Russia and China serious in their work to undermine and destroy us. We need to stop that.
    • Re: (Score:3, Insightful)

      by RazorSharp ( 1418697 )

      The west is not taking Russia and China serious in their work to undermine and destroy us.

      Undermine, yes. Destroy? Hyperbole at its worst. Especially concerning the Chinese, who benefit so much from our relationship. I agree that we need to take foreign intelligence threats more seriously, but that doesn't mean we should return to Cold War mentalities where we dehumanize others, assuming that they want to see us reduced to a heap of rubble.

      • I have no desire to return to the 70s/80s. I worked on biological and chemical weapon and shielding development back then. I will say that in the 80s, I opposed these because we KNEW that USSR was going away. In general, reagan kept it going, though to be fair, it is possible that he kept us out of a hot war by doing that.
        China's gov, like Russia's, is already in a cold war with the west, esp. with America. That does not mean that the citizens are. In fact, you will see that I regularly write against some
    • by Anonymous Coward

      A guy once told me that all he does at his civil service job (Port of San Diego) is sit and watch porn all day on his computer. You can't take the stupid out of gov't workers.

    • by AHuxley ( 892839 )
      The US has a lot of US mil/navy contractors, ex, former mil workers under some type of investigation at this time.
      Both as FBI interviews in the form of two people making "offers" to past US contractors/gov/mil workers and constant key logging of many "secure" computers all over the US gov/mil.
      If a person is a US contractor and gets an interview with or is approached by two interesting people, its the FBI with an amazing offer of cash for US mil secrets/information..
      The first part of such investigations w
  • Why the halt on protecting the US from another nation if it was really another nation?
    Every day wasted is another day the another skilled nation could copy out all the plain text data... again.
    US investigators tried to wait and see with a real extraction effort and allowed a lot of US secrets to walk out in real time while under investigation...
    Methods would have changed by now so who is looking after US domestic collection and who wants easy to find malware code to stay in place?
    Some US investigatio
    • So did we reach the same conclusion. The FBI made it look like the Russians in order to spy on Americans with plausible deniability?

      • by AHuxley ( 892839 )
        Yes US version of Operation Socialist set up by the FBI to hunt all the US mil/gov/contractors/ex/former mil/gov/police people walking out/selling/giving away US secrets.
        If they find complex malware never seen before, the FBI has its malware talked about by experts globally. Investigations that needed to stay in place on gov/mil computers stop.

        Someone finds very average malware that everyone is talking about in the US media? Its reported as been the same as what has everyone found before. The only sli
  • Need an excuse (Score:2, Insightful)

    by sjames ( 1099 )

    How would they get a high profile hack in the news to justify new sweeping spy powers if they stop the hackers too soon?

  • First day on the job for *ANY* governement official should include a briefing telling them that no matter how low-level or high-level they are, there *WILL* be third parties (governments/corporations/whatever) aiming to collect juicy stuff from any and all email accounts they and their families have. This includes personal and work accounts.

    And there should be training on how to recognize and avoid such compromises. Security 101, folks.

Been Transferred Lately?

Working...