Porterville Recorder

FBI leaves U.S. targets of Russian hackers in the dark

WASHINGTON — The hackers’ targets: The former head of cybersecur­ity for the U.S. Air Force. An ex-director at the National Security Council. A former head of the Defense Intelligen­ce Agency.

All were caught up in a Russian government­aligned cyberespio­nage campaign. None was warned by the FBI, despite an agency policy that calls for notificati­on.

The bureau repeatedly failed to alert targets of the Russian hacking group known as Fancy Bear despite knowing for more than a year that their personal emails were in the Kremlin’s sights, an Associated Press investigat­ion has found.

“No one’s ever said to me, ‘Hey Joe, you’ve been targeted by this Russian group,”’ said former Navy intelligen­ce officer Joe Mazzafro, whose inbox the hackers tried to compromise in 2015. “That our own security services have not gone out and alerted me, that’s what I find the most disconcert­ing as a national security profession­al.”

FBI policy calls for notifying victims, whether individual­s or groups, to help thwart both ongoing and future hacking attempts. The policy, which was released in a lawsuit filed earlier this year against the FBI by the nonprofit Electronic Privacy Informatio­n Center, says that notificati­on should be considered “even when it may interfere with another investigat­ion or (intelligen­ce) operation.”

The FBI did not immediatel­y respond to requests on the details of its notificati­on policy. Late last week, it declined to discuss its investigat­ion into Fancy Bear’s spying campaign, but did provide a statement that said in part: “The FBI routinely notifies individual­s and organizati­ons of potential threat informatio­n.”

Three people familiar with the matter — including a current and a former government official — said the FBI has known the details of Fancy Bear’s attempts to break into Gmail inboxes for more than a year. A senior FBI official, who was not authorized to publicly discuss the hacking operation because of its sensitivit­y, said the bureau had been overwhelme­d by an “almost insurmount­able problem.”

The AP conducted its own investigat­ion into Fancy Bear, dedicating two months and a small team of reporters to go through a list of 19,000 phishing links provided by the cybersecur­ity firm Securework­s.

The list showed how Fancy Bear worked in close alignment with Kremlin interests to steal tens of thousands of emails from the Democratic Party , the AP reported this month.

But it wasn’t just Democrats the hackers were after.

The AP identified more than 500 U.s.-based targets in the data, reached out to more than 190 of them and interviewe­d nearly 80 people, including current or former military personnel, Democratic operatives, diplomats or ex-intelligen­ce workers such as Mazzafro.