You'd Think The FBI Would Be More Sensitive To Protecting Encrypted Communications Now That We Know The Russians Cracked The FBI's Comms
from the guys,-encryption-matters dept
On Monday, Yahoo News had a bit of a new bombshell in revealing that the closures of various Russian compounds in the US, along with the expulsion of a bunch of Russian diplomats — which many assumed had to do with alleged election interference — may have actually been a lot more about the Russians breaching a key FBI encrypted communications system.
American officials discovered that the Russians had dramatically improved their ability to decrypt certain types of secure communications and had successfully tracked devices used by elite FBI surveillance teams. Officials also feared that the Russians may have devised other ways to monitor U.S. intelligence communications, including hacking into computers not connected to the internet. Senior FBI and CIA officials briefed congressional leaders on these issues as part of a wide-ranging examination on Capitol Hill of U.S. counterintelligence vulnerabilities.
These compromises, the full gravity of which became clear to U.S. officials in 2012, gave Russian spies in American cities including Washington, New York and San Francisco key insights into the location of undercover FBI surveillance teams, and likely the actual substance of FBI communications, according to former officials. They provided the Russians opportunities to potentially shake off FBI surveillance and communicate with sensitive human sources, check on remote recording devices and even gather intelligence on their FBI pursuers, the former officials said.
That all seems like a fairly big deal. And, it specifically targeted the FBI’s encrypted communications phone system:
That effort compromised the encrypted radio systems used by the FBI?s mobile surveillance teams, which track the movements of Russian spies on American soil, according to more than half a dozen former senior intelligence and national security officials. Around the same time, Russian spies also compromised the FBI teams? backup communications systems ? cellphones outfitted with ?push-to-talk? walkie-talkie capabilities. ?This was something we took extremely seriously,? said a former senior counterintelligence official.
The Russian operation went beyond tracking the communications devices used by FBI surveillance teams, according to four former senior officials. Working out of secret ?listening posts? housed in Russian diplomatic and other government-controlled facilities, the Russians were able to intercept, record and eventually crack the codes to FBI radio communications.
While this is all interesting in the “understanding what the latest spy v. spy fight is about,” it’s even more incredible in the context of the FBI still fighting to this day to weaken encryption for everyone else. The FBI, under both James Comey and Christopher Wray, have spent years trashing the idea that encrypted communications was important and repeatedly asking the tech industry to insert deliberate vulnerabilities in order to allow US officials to have easier access to encrypted communications. The pushback on this, over and over, is that any such system for “lawful access” will inevitably lead to much greater risk of others being able to hack in as well.
Given that, you’d think that the FBI would be especially sensitive to this risk, now that we know the Russians appear to have cracked at least two of the FBI’s encrypted communications systems. Indeed, back in 2015, we highlighted how the FBI used to recommend that citizens use encryption to protect their mobile phones, but they had quietly removed that recommendation right around the time Comey started playing up the “going dark” nonsense.
Of course, it’s possible that the folks dealing with the Russians cracking FBI encrypted comms are separate from the people freaking out about consumer use of encryption, but the leadership (i.e., Comey and Wray) certainly had to understand both sides of this. This leaves me all a bit perplexed. Were Comey and Wray so completely clueless that they didn’t think these two situations had anything to do with one another? Or does it mean that they thought “hey, if we had our comms exposed, so should everyone else?” Or do they just not care?