FBI Failed to Alert Victims of Ongoing Hacking Attempts
The bureau notified only two out of nearly 80 U.S. officials and groups whose email accounts had been breached, the AP found
The FBI neglected to notify nearly 80 U.S. officials that their personal gmail accounts were the targets of Russian hacking attempts, the Associated Press reported Sunday.
Of the 190 affected officials and groups to which AP reached out, nearly 80 granted the outlet interviews. Although the FBI had been gathering evidence and knew for at least a year that the Americans were victims of a hacking scheme, the bureau failed to inform the victims of the threat posed to them. And after interviewing nearly 80 parties that had been targeted, AP found that the FBI had alerted only two of them before any hacked emails or information could be released.
While some of the hackers’ victims never heard from the FBI at all, others heard from the bureau only after their emails and information were leaked publicly.
“It’s utterly confounding,” Philip Reiner, a former senior director at the National Security Council, told AP after the outlet informed him he had been one of the hackers’ targets. “You’ve got to tell your people. You’ve got to protect your people.”
The Russian cyberespionage group at the center of the hacking efforts, unofficially referred to as Fancy Bear, is thought to be connected to the Russian military intelligence agency GRU. Fancy Bear is the same group that has been linked to the 2016 email phishing operation directed at the Democratic National Committee (DNC). The DNC reportedly refused to allow the FBI to inspect its compromised servers.
In response to AP’s inquiries about why it chose not to inform the U.S. officials of their vulnerability, the FBI provided a statement saying, “The FBI routinely notifies individuals and organizations of potential threat information.”
“A senior FBI official, who was not authorized to publicly discuss the hacking operation because of its sensitivity, declined to comment on when it received the target list, but said that the bureau was overwhelmed by the sheer number of attempted hacks,” AP wrote.
The FBI official in question told AP: “It’s a matter of triaging to the best of our ability the volume of the targets who are out there.”
AP’s Sunday report further highlighted the controversy surrounding the FBI and the U.S. government’s handling of the allegations of Russian hacking during the 2016 U.S. presidential election cycle.
Although many of the victims AP interviewed felt that the FBI should have alerted them of the threat they faced, some said the bureau was within its rights to keep them in the dark.
“Perhaps optimistically, I have to conclude that a risk analysis was done and I was not considered a high enough risk to justify making contact,” retired Air Force Gen. Norton Schwartz, who was targeted in 2015, told the outlet.
Fancy Bear has found itself in the news over the past several days. On Thursday, BBC reported that the group hired servers from the United Kingdom-registered company Crookservers to infiltrate the Nigerian government and target Apple products. Crookservers itself also found that Fancy Bear had hacked into one of its own servers.
AP’s report also came as the U.S. and Russia continue to battle over the extradition of Yevgeniy Nikulin, an alleged Russian hacker. Nikulin found himself slapped with a U.S. grand jury indictment in 2016 on charges related to identity theft and computer hacking. He currently is held in a Prague prison.