FBI failed to notify U.S. targets of hacking
Kremlin-linked group sought personal emails of government officials.
— The hackers’ tarWASHINGTON gets: The former head of cybersecurity for the U.S. Air Force. An ex-director at the National Security Council. A former head of the Defense Intelligence Agency.
All were caught up in a Russian government-aligned cyber-espionage campaign. None was warned by the FBI.
The bureau repeatedly failed to alert targets of the Russian hacking group known as Fancy Bear despite knowing for more than a year that their personal emails were in the Kremlin’s sights, an Associated Press investigation has found.
“No one’s ever said to me, ‘Hey Joe, you’ve been targeted by this Russian group,’” said former Navy
intelligence officer Joe Mazzafro, whose inbox the hackers tried to compromise in 2015. “That our own security services have not gone out and alerted me, that’s what I find the most disconcerting as a national security professional.”
The FBI declined to answer most questions from the Associated Press about how it responded to the spying operation. It provided a state- ment that said in part: “The FBI routinely notifies individuals and organizations of potential threat information.”
Three people familiar with the matter, including a current and a former govern- ment official, said the FBI has known the details of Fancy Bear’s attempts to break into Gmail inboxes for more than a year. A senior FBI official, who was not authorized to publicly discuss the hacking operation, said the bureau had been overwhelmed by an “almost insurmountable problem.”
The AP conducted its own investigation into Fancy Bear, dedicating two months and a small team of reporters to go through a list of 19,000 phish- ing links provided by the cybersecurity firm Secure- works.
The list showed how Fancy Bear worked in close alignment with Kremlin interests to steal tens of thousands of emails from the Democratic Party, the AP reported.
But it wasn’t just Demo- crats the hackers were after. The AP identified more than 500 U.S.-based targets in the data, reached out to more than 190 of them and inter- viewed nearly 80 people, including current or former military personnel, Democratic operatives, diplomats or ex-intelligence workers such as Mazzafro.
Many were retired, but about one-third were still in government or held security clearances at the time of the hacking attempts. Only two said they learned of the hacking attempts from the FBI. A few more were contacted by the FBI after their emails were published in the torrent of leaks in last year’s electoral contest.
Maj. James Phillips didn’t learn his emails were “flapping in the breeze” until two months after the fact, when a journalist called him.
“The fact that a reporter told me about DCLeaks kind of makes me sad,” Phillips said in a telephone interview.