FBI Failed To Notify 70+ US Officials Targeted By Russian Hackers

An anonymous reader quotes the AP: The FBI failed to notify scores of U.S. officials that Russian hackers were trying to break into their personal Gmail accounts despite having evidence for at least a year that the targets were in the Kremlin's crosshairs, The Associated Press has found. Nearly 80 interviews with Americans targeted by Fancy Bear, a Russian government-aligned cyberespionage group, turned up only two cases in which the FBI had provided a heads-up. Even senior policymakers discovered they were targets only when the AP told them, a situation some described as bizarre and dispiriting.

"It's utterly confounding," said Philip Reiner, a former senior director at the National Security Council, who was notified by the AP that he was targeted in 2015. "You've got to tell your people. You've got to protect your people." The FBI declined to answer most questions from AP about how it had responded to the spying campaign... A senior FBI official, who was not authorized to publicly discuss the hacking operation because of its sensitivity, declined to comment on timing but said that the bureau was overwhelmed by the sheer number of attempted hacks... A few more were contacted by the FBI after their emails were published in the torrent of leaks that coursed through last year's electoral contest. But to this day, some leak victims have not heard from the bureau at all.
Here's an interesting statistic from the AP's analysis. "Out of 312 U.S. military and government figures targeted by Fancy Bear, 131 clicked the links sent to them."

Re:

[WindBourne]

So, which are you? Russian or Chinese?

Re:

[Anonymous Coward]

I don't know, I'm neither Democrat nor Republican nor US citizen nor would I care too much, but at least from the outside Republicans surely look more repulsive and retarded than Democrats right now. At least on Slashdot.

Re:

[guacamole]

If you have nothing intelligent to say, it's usually far better to stay quiet than expose yourself to be an ignorant moron who has nothing of value to say. You make your judgement of US politics based on Slashdot? Great!

Re:

[WindBourne]

And I am not Dem. Up until recently, I have been Libertarian. Now, I am GDI.
As to the issue, I am spot on. Far too many Russians/Chinese are working to destroy America and these days, the GOP is helping them.

Re:

[ganjadude]

how exactly are they doing so? please explain in detail. because so far all we have seen is some posts online by trolls....trolling!

how does spreading FUD = trying to destroy america???

Re:

[WindBourne]

From China or From Russia?
China is engaging America in an Economic war. Russia is currently back to fighting us elsewhere. And both are attacking us over the net (and yes, we are going after them, but they are smarter and are doing more to protect themselves).
China continues to dump on the west, manipulate their money and basically block real trade with the west, other than S. Korea and Japan (in this case, they want them nervous and willing to give up all rights to the various waters around them and more

Re:

[CrimsonAvenger]

(and yes, we are going after them, but they are smarter and are doing more to protect themselves)

And you know this how, exactly? I'm assuming you are compromising an investigation that you are privy to, in order to prove your importance in the grand scheme of things, correct?

Or are you just assuming that because our security agencies don't brag about such things online, they're not capable of doing much online?

Re: Any Else Tired of the Brady Bunch?

[WindBourne]

Lol. I worked on Patriot act. In addition, I'm only speaking if what the intelligence world has said as well Snowden has released. I have said nothing that has in any way, or shape, compromised Nat sex or would get me into trouble. Now you, otoh, continue to back a traitor in office.

Re: Any Else Tired of the Brady Bunch?

[WindBourne]

Patriot act was just fine. The problem is that ppl abused access to the data. Normally, NSA/cia/nro/etc have secured access to powerful tools. For whatever reason, they did not do so with Pat act. Sad.

Tip of the iceberg of stupidity.

[thesupraman]

Oh, its even more stupid than that.
What the media/etc appear to be most worked up about is 'Russians' (with zero actual evidence of course) spreading INFORMATION.
You know, leaking actual information, pointing at actual social problems, etc.

Damn those pesky Russians for waving truths around in front of people.

Of course, America would NEVER do anything like that, it prefers to actively arm 'terrorists' (other names used to be used, but I guess things have moved on) inside other countries to try and destabiliz

Re: Any Else Tired of the Brady Bunch?

[Brockmire]

How is that not a self answering question?

Re:

[Dutch Gun]

Up until recently, I have been Libertarian. Now, I am GDI.

I'm glad to hear you didn't fall in with that Brotherhood of Nod crowd.

Re:

[Evangelical_Molester]

Anonymous Coward can't threaten to be a cowardly traitor for politics and put his name on it, I guess?

Re:

[sysrammer]

Outstanding reply, Ivan! Kudos.

Just a guess

[Anonymous Coward]

The FBI didn't want to compromise their ongoing operation. If they had notified the victims, even without disclosing that the hackers were thought to be from Russia, that would've probably caused some of the victims to tip off the fact that there was an FBI investigation into the mail hack.

Re:

[Anonymous Coward]

Yeah. Much better to just let them break in. I like the way you think.

Re:

[WindBourne]

Depends on what information was there, vs compromising what the intel world knows about the Russian/Chinese crackers.
Snowden was a traitor and gave both a lot of information. Now, we need to make sure that neither of these nations (along with a few other nations/groups) discover how we track them.

Mod comment up.

[asjk]

No text

Re:

[Dread_ed]

Close, but you miss the obvious. See, the FBI can't directly infiltrate these lawmaker's email accounts. Sure it's against the law, but you and I both know (ala Snowden and others) that something being against the law doesn't stop three letter agencies from doing it, especially when it comes to unlawfully acquiring information on Americans.

In this case it's different, though. The information the FBI wants, in this case, is held by people who actually matter, not the people of the US, but the leaders of t

Russian "hackers"

[king neckbeard]

They keep calling them hackers, but the mention of clicking on links seems to suggest that this was a phishing campaign, which tend to make things more embarrassing than scary.

Yep. Targeted + phishing = professional

[raymorris]

You're quite right. If they specifically target 325 named government officials, as in this case, with tailored emails, that's spear phishing and very much the kind of thing sophisticated professionals will do. Once they have access using the credentials of the deputy director of the NSA, they would then move laterally to own most of the NDA network.

Targets such as the director, deputy director, and top network / database administrators is gold. That's even better than arbitrary code execution on some random system with an unprivileged account, which is what Hollywood-style hacking normally results in. (Though if you can follow that up with privilege escalation on a critical system, that gets even more interesting).

Yes, indeed I do this for a living.

Re: Yep. Targeted + phishing = professional

[Zero__Kelvin]

You mischaracterize Hollywood style hacks for a living?

Re:

[guacamole]

Apparently, he is a Slashdot armchair IT security specialist, for a living.

Re:

[Evangelical_Molester]

Spear phishing has compromised thousands of major organizations. You don't know what you're talking about if you think hacker groups won't use every means available. Stop running smokescreens thanks.

Re:Russian "hackers"

[Hal_Porter]

Yup, and his IT guy didn't notice the bit.ly link for change password.

https://wikileaks.org/podesta-... [wikileaks.org]

https://motherboard.vice.com/e... [vice.com]

When we sent these out I was saying to Dmitry 'No one is going to be dumb enough to click on that. He'll call his IT guy and they'll tell him not to click it'. And he said to me 'Volodya, these Americans have heads full of post modernism and spirit cooking. Their precious bodily essences have been contaminated with soy milk. They'll fall for it, like traitor drinking polonium!'.

And, Hail Great Leader Putin, it worked! KGB Deep Cover Agent Donaldovich Trumpovski was successfully installed as US President.

No doubt he'll call off the confrontational 'Red Line' policies of the former accursed Imperialist administration in Syria any day now and allow our pilots to operate their unmolested.

Re:

[Hal_Porter]

Yeah, the Democrats basically outsourced their IT to a family of scam artists who were incompetent and probably blackmailing them.

Still that was the Democrats in Congress. The Clinton campaign had a completely separate set of IT people who were dumb enough to not realise that a Google email containing a link to a bit.ly page that goes to myaccount.google.com-securitysettingspage.tk is a scam. My parents would have spotted that! You'd think the front runner for POTUS in the US would have ex NSA types working

Re: Russian "hackers"

[Brockmire]

You have basic facts wrong. You have no credibility. The Podesta email was identified as a scam by two people (one of them being Podesta), the actual fucking fuck up was the IT guy making a typo that implied it was not a scam when Podesta asked him if it was legit. Typos are a different human error. Why you think the location of the server being in a datacenter vs a basement is a tell for how stupid you are. It comes down to who is administrating it, not it's fucking Internet pipe or power failure resilie

Re:

[Hal_Porter]

If I do a search for "How Podesta got hacked" every article I find says it was because he clicked that bit.ly link to the .tk address controlled by the spearfishers. And then typed his password into a page that looked like Google.

E.g.

https://www.vox.com/policy-and... [vox.com]

To the IT team's credit, they did send along a legitimate Google link - not the original phishing email's bit.ly link - to change Podesta's password and instructed him to add two factor-authentication to his account for an added level of password security. But the legitimate Google link didn't seem to make it to Podesta, and instead he must have used the "poisoned link," giving his password to hackers and opening up his personal email to unwelcomed eyes.

They didn't spot the bit.ly link or if they did they didn't mention. They did send a legitimate Google link, but they didn't point out the link in the original email - a bit.ly link that went to a .tk address - was obviously a phishing attempt.

Re:

[guacamole]

The point is that spear phishing attack is basically the least common denominator in all black hat hacking. Even a high school drop out could execute this from his mom's basement, yet the media and the government present this as a highly sophisticated government operation.

Likewise, the DNC hack. To this day we haven't been presented even once piece of credible evidence that it was Russians.

Re:

[Anonymous Coward]

"more embarrassing than scary"
that's just the first round.
it's nice that you have some pointy words, but hacking you know not about.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[fustakrakich]

It's just a conveniently catchy Hollywood buzzword now. Try not to think about it. Hell, North Korea calls itself a "democratic republic". Words mean what people want them to.

Re:

[king neckbeard]

Yes. Technically, they are hackers, as all phishing would be. What I'm saying is that they are projecting the sophistication of someone like Mitnick onto attacks that are, at least as this stage, closer to Nigerian prince scammers. We've seen one of these emails thanks to the Podesta leaks, and it's only a little more sophisticated.

The reason I'm concerned is because it's furthering the repeating narrative of "RUSSIAN HACKERZ OMG" to shut down discussion about anything else, inflate the threat, and tur

Re: Russian "hackers"

[Zero__Kelvin]

In fact social engineering was Mitnick's primary tool. He had skills ... Don't get me wrong, but he also knew it is a he'll of a lot easier to call and ask for a password than it is to use technical means to get it. Indeed every person versed in security knows the weakest link is the human element.

Re:

[Antique Geekmeister]

According to Merriam Webster, one of the definitions of "hacker" is " a person who illegally gains access to and sometimes tampers with information in a computer system". I'm afraid that "spearfishing" would count as "hacking", especially with such a clear context.

Let's do some math...

[Bodhammer]

"Three people familiar with the matter — including a current and a former government official — said the FBI has known for more than a year the details of Fancy Bear’s attempts to break into Gmail inboxes." By my calculations that would be the Obama Justice Department, James Comey, and Robert Mueller. AMIRIGHT?

What could possibly be their motivation for not notifying the targets?

“IT’S CURIOUS”

Re:

[Evangelical_Molester]

Putin's personal chatbot, you need a real job.

the problem is NOT that they clicked the link

[WindBourne]

The real issue is that they are mixing personal life with military. That absolutely should NOT happen.
The west continues to drop our guard on classified information which is foolish, esp. since most of personal computers are running Windows. This makes it trivial to crack.
What is needed is to require that personal stuff either not be ran on military laptops, OR that it be over a VPN/remote display, OR that it simply be on a virtual system, with the personal being the client, not the other way around.

The west is not taking Russia and China serious in their work to undermine and destroy us. We need to stop that.

Re:

[RazorSharp]

The west is not taking Russia and China serious in their work to undermine and destroy us.

Undermine, yes. Destroy? Hyperbole at its worst. Especially concerning the Chinese, who benefit so much from our relationship. I agree that we need to take foreign intelligence threats more seriously, but that doesn't mean we should return to Cold War mentalities where we dehumanize others, assuming that they want to see us reduced to a heap of rubble.

Re:

[WindBourne]

I have no desire to return to the 70s/80s. I worked on biological and chemical weapon and shielding development back then. I will say that in the 80s, I opposed these because we KNEW that USSR was going away. In general, reagan kept it going, though to be fair, it is possible that he kept us out of a hot war by doing that.
China's gov, like Russia's, is already in a cold war with the west, esp. with America. That does not mean that the citizens are. In fact, you will see that I regularly write against some

Re:

[Anonymous Coward]

A guy once told me that all he does at his civil service job (Port of San Diego) is sit and watch porn all day on his computer. You can't take the stupid out of gov't workers.

Re:

[AHuxley]

The US has a lot of US mil/navy contractors, ex, former mil workers under some type of investigation at this time.
Both as FBI interviews in the form of two people making "offers" to past US contractors/gov/mil workers and constant key logging of many "secure" computers all over the US gov/mil.
If a person is a US contractor and gets an interview with or is approached by two interesting people, its the FBI with an amazing offer of cash for US mil secrets/information..
The first part of such investigations w

Another part of the US gov? Doing law enforcement

[AHuxley]

Why the halt on protecting the US from another nation if it was really another nation?
Every day wasted is another day the another skilled nation could copy out all the plain text data... again.
US investigators tried to wait and see with a real extraction effort and allowed a lot of US secrets to walk out in real time while under investigation...
Methods would have changed by now so who is looking after US domestic collection and who wants easy to find malware code to stay in place?
Some US investigatio

Re:

[Dread_ed]

So did we reach the same conclusion. The FBI made it look like the Russians in order to spy on Americans with plausible deniability?

Re:

[AHuxley]

Yes US version of Operation Socialist set up by the FBI to hunt all the US mil/gov/contractors/ex/former mil/gov/police people walking out/selling/giving away US secrets.
If they find complex malware never seen before, the FBI has its malware talked about by experts globally. Investigations that needed to stay in place on gov/mil computers stop.

Someone finds very average malware that everyone is talking about in the US media? Its reported as been the same as what has everyone found before. The only sli

Need an excuse

[sjames]

How would they get a high profile hack in the news to justify new sweeping spy powers if they stop the hackers too soon?

Why the F*** are extra warnings necessary at all?

[knorthern knight]

First day on the job for *ANY* governement official should include a briefing telling them that no matter how low-level or high-level they are, there *WILL* be third parties (governments/corporations/whatever) aiming to collect juicy stuff from any and all email accounts they and their families have. This includes personal and work accounts.

And there should be training on how to recognize and avoid such compromises. Security 101, folks.

Re: Why the F*** are extra warnings necessary at a

[Anonymous Coward]

Yes, I'm sure that will stop security breaches completely. If only the so-called security professionals had thought of that.