‘It’s utterly confounding’
FBI failed to inform U.S. targets of Russian hackers
The FBI failed to notify scores of U.S. officials that Russian hackers were trying to break into their personal Gmail accounts despite having evidence for at least a year that the targets were in the Kremlin’s crosshairs, The Associated Press has found.
Nearly 80 interviews with Americans targeted by Fancy Bear, a Russian government-aligned cyberespionage group, turned up only two cases in which the FBI had provided a heads-up. Even senior policymakers discovered they were targets only when the AP told them, a situation some described as bizarre and dispiriting.
“It’s utterly confounding,” said Philip Reiner, a former senior director at the National Security Council, who was notified by the AP that he was targeted in 2015. “You’ve got to tell your people. You’ve got to protect your people.”
The FBI declined to discuss its investigation into Fancy Bear’s spying campaign, but did provide a statement that said in part: “The FBI routinely notifies individuals and organizations of potential threat information.”
Three people familiar with the matter — including a current and a former government official — said the FBI has known for more than a year the details of Fancy Bear’s attempts to break into Gmail inboxes. A senior FBI official, who was not authorized to publicly discuss the hacking operation because of its sensitivity, declined to comment on when it received the target list, but said the bureau was overwhelmed by the sheer number of attempted hacks.
“It’s a matter of triaging to the best of our ability the volume of the targets who are out there,” he said.
The AP did its own triage, dedicating
two months and a small team of reporters to go through a hit list of Fancy Bear targets provided by the cybersecurity firm Secureworks.
Previous AP investigations based on the list have shown how Fancy Bear worked in close alignment with the Kremlin’s interests to steal tens of thousands of emails from the Democratic Party. The hacking campaign disrupted the 2016 U.S. election and cast a shadow over the presidency of Donald Trump, whom U.S. intelligence agencies say the hackers were trying to help. The Russian government has denied interfering in the American election.
The Secureworks list comprises 19,000 lines of targeting data. Going through it, the AP identified more than 500 U.S.-based people or groups and reached out to more than 190 of them, interviewing nearly 80 about their experiences.
Many were long-retired, but about one-quarter were still in government or held security clearances at the time they were targeted. Only two told the AP they
learned of the hacking attempts on their personal Gmail accounts from the FBI. A few more were contacted by the FBI after their emails were published in the torrent of leaks that coursed through last year’s electoral contest. But to this day, some leak victims have not heard from the bureau at all.
Charles Sowell, who previously worked as a senior administrator in the Office of the Director of National Intelligence and was targeted by Fancy Bear two years ago, said there was no reason the FBI couldn’t do the same work the AP did.
“It’s absolutely not OK for them to use an excuse that there’s too much data,” Sowell said. “Would that hold water if there were a serial killer investigation, and people were calling in tips left and right, and they were holding up their hands and saying, ‘It’s too much’? That’s ridiculous.”
‘It’s curious’
The AP found few traces of the bureau’s inquiry as it launched its own investigation two months ago.
In October, two AP journalists visited THCServers.com, a brightly lit, family-run internet company on the former grounds of a communist-era chicken farm outside the Romanian city of Craiova. That’s where someone registered DCLeaks.com, the first of three websites to publish caches of emails belonging to Democrats and other U.S. officials in mid-2016.
DCLeaks was clearly linked to Fancy Bear. Previous AP reporting found that all but one of the site’s victims had been targeted by the hacking group before their emails were dumped online.
Yet THC founder Catalin Florica said he was never approached by law enforcement.
“It’s curious,” Florica said. “You are the first ones that contact us.”
THC merely registered the site, a simple process that typically takes only a few minutes. But the reaction was similar at the Kuala Lumpur offices of the Malaysian web company Shinjiru Technology, which hosted DCLeaks’ stolen files for the duration of the electoral campaign.