Email of top U.S. Russia expert said to be hacked
On Tuesday morning, a hacker going by the name of “Johnnie Walker” sent out a group email to an unknown number of recipients claiming to have a trove of emails from the private account of a U.S. intelligence official.
“The U.S. State Department officer’s email has been hacked,” the email announced, and included at least two years’ worth of personal emails from the private Gmail account of a State Department official working in the secretive intelligence arm of the State Department focusing on Russia.
The sender said the archive included exchanges between the official and “CIA officers and other intelligence agencies, mainstream media, nongovernmental organizations and international funds” that would “give you evidence of who is responsible for agenda formation in many countries worldwide, especially where the situation is insecure.”
The official involved is currently in a senior position in the State Department’s Bureau of Intelligence and Research, according to a 2017 Department of State directory. Even though the official’s name is public, Foreign Policy is not identifying him at the request of the State Department, citing security concerns.
Additionally, the emails, from a nongovernment account, include personal information.
The State Department did not confirm or deny the authenticity of the emails. “The Department of State is well aware that malicious actors often target email accounts of government and business leaders across the United States. As a matter of policy, we do not discuss specific attempts or incidents,” a State Department spokesman said.
But the official’s expertise in Russian politics and organized crime makes him a significant target.
“He’s probably the top intelligence guy in the entire U.S. government on Russia; he knows more than anybody about what’s going on there,” said one source whose correspondence with the official was revealed in the hack.
While it’s unclear whether the hack is an isolated incident or part of a broader campaign, it comes amid a widening investigation into Russian cyberattacks that included interference in the 2016 U.S. presidential election. Those attacks, according to officials and documents, go beyond high-level political operatives and include experts and think tanks, particularly those working on Russia issues.
A 2016 document from the Department of Homeland Security Office of Intelligence and Analysis warned there had been over a dozen recent cases of U.S. think tanks being hacked, including one breach that involved stealing data on Russia-Turkey relations. The document, which is marked “For Official Use Only,” says that “cyber actors likely will continue to target think tanks and similar organizations, as many maintain significant connections to US government information and personnel, especially foreign policy officials.” The Homeland Security Department did not respond to a request for comment.
James Comey, then the FBI director, testified that Russian interference in the U.S. election included a wide array of people and institutions and began well ahead of time.
“The Russian active measures campaign may have begun as early as 2015, when Russian intelligence services launched a series of spear phishing attacks designed to penetrate the computers of a broad array of Washington-based Democratic and Republican party organizations, think tanks and other entities,” he testified in March. “This continued at least through the winter of 2016.”
The official’s emails were primarily conversations among Russia experts in government, including the intelligence community, exchanging articles, newsletters, and thoughts on current events. The official also corresponded frequently with other Russia experts in academia and the think tank world.
If it was Russians who carried out the hack, it wouldn’t be surprising, intelligence experts say.
“The Russians are probably the most aggressive intelligence service in the world,” John Sipher, a 38-year veteran of the CIA’s National Clandestine Service, said in a phone interview. “The fact that they did go after State Department officials is completely consistent with the way the Russians behave.”
Intelligence officers are regular targets of attacks from all kinds of state and criminal enemies, according to Sipher. “It’s probably a lot wider than we know,” he said.