Failures

by Tim Cushing


Filed Under:
fbi, hacking, journalists, russians



FBI Leaves It To Journalists To Notify US Government Targets Of Russian Hacking

from the all-the-small-things dept

The last year-and-a-half has provided plenty of evidence that the Russian government attempted to influence the 2016 presidential election. Unfortunately, most of the evidence confirming this has been delivered by entities outside the US government. The government has released reports but has omitted plenty of key details.

This hasn't done much for those affected by Russia's efforts. In almost every case, individuals targeted by Russian government-directed hacking entity Fancy Bear were made aware of this by journalists, not the FBI, despite the fact both had access to the same evidence.

The FBI failed to notify scores of U.S. officials that Russian hackers were trying to break into their personal Gmail accounts despite having evidence for at least a year that the targets were in the Kremlin's crosshairs, The Associated Press has found.

Nearly 80 interviews with Americans targeted by Fancy Bear, a Russian government-aligned cyberespionage group, turned up only two cases in which the FBI had provided a heads-up. Even senior policymakers discovered they were targets only when the AP told them, a situation some described as bizarre and dispiriting.

"It's utterly confounding," said Philip Reiner, a former senior director at the National Security Council, who was notified by the AP that he was targeted in 2015. "You've got to tell your people. You've got to protect your people."

The FBI refused to comment specifically on its disclosure efforts (or rather, the lack thereof). It offered no official excuse for its across-the-board lack of notification. Even the few that were notified could hardly be considered to be apprised of anything.

Rob “Butch” Bracknell, a 20-year military veteran who works as a NATO lawyer in Norfolk, Virginia, said an FBI agent visited him about a year ago to examine his emails and warn him that a “foreign actor” was trying to break into his account.

“He was real cloak-and-dagger about it,” Bracknell said. “He came here to my work, wrote in his little notebook and away he went.”

Despite evidence otherwise, the FBI claims it "routinely" notifies people and organizations about potential threats. The statement it issued to the AP would sound credible if it weren't immediately disproved by results of the AP investigation. This lack of target notification dovetails nicely with the government's handling of other disclosure efforts. The government says the same thing about the hardware and software vulnerabilities its intelligence agencies exploit. It claims to be very forthcoming about vulnerabilities and yet exploits it never informed affected tech companies about have been repeatedly leveraged to attack computers all over the world.

The FBI's unofficial excuse for this lack of notification is unavailing:

A senior FBI official, who was not authorized to publicly discuss the hacking operation because of its sensitivity, declined to comment on timing but said that the bureau was overwhelmed by the sheer number of attempted hacks.

“It’s a matter of triaging to the best of our ability the volume of the targets who are out there,” he said.

This doesn't explain why the AP was able to track down affected government employees and contractors -- using less personal information than the FBI has access to -- and inform those affected by Fancy Bear hacking. The AP unquestionably has less manpower available than the nation's largest law enforcement agency. Certainly limiting its notification efforts to just this hacking effort allowed the AP to complete this task, but even in the face of multiple hacking attacks, the FBI should have been able to provide more notification. The "there's too much to deal with properly" excuse doesn't even impress former Intelligence Community members -- people who definitely know about drowning in data.

Charles Sowell, who previously worked as a senior administrator in the Office of the Director of National Intelligence and was targeted by Fancy Bear two years ago, said there was no reason the FBI couldn’t do the same work the AP did.

“It’s absolutely not OK for them to use an excuse that there’s too much data,” Sowell said. “Would that hold water if there were a serial killer investigation, and people were calling in tips left and right, and they were holding up their hands and saying, ‘It’s too much’? That’s ridiculous.”

Phishig attempts aren't murders, but the underlying assertion -- there's too much happening to do anything about -- is still worthless. The FBI wants to be the go-to agency for national security issues as well as a key player in the cyberwar, but seems unwilling to perform the mundane, but necessary, tasks that accompany those noble pursuits. The boring parts of the job still need to be done. If the FBI seriously wants people to get behind its counterterrorism efforts and cybersecurity work, it needs to make a better effort getting behind the people affected by those the agency is targeting.


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    Vidiot (profile), 27 Nov 2017 @ 10:38am

    "The AP unquestionably has less manpower available..."

    Budgets are tight... full-blown agents are expensive. Sounds like the FBI needs a squad of $8/hr part-timers to do what the AP did so easily. And with Home Depot jobs harder and harder to come by, imagine how many 60+ applicants they'd have! Boost American employment stats!

    They could call them "Junior G-Men".

    reply to this | link to this | view in chronology ]

  • This comment has been flagged by the community. Click here to show it
    identicon
    Fancy Bear, 27 Nov 2017 @ 10:51am

    SO, Google can know ALL in Gmail, but the Russians can't.

    Probably your slyest plug for absolute faith in Google ever.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 27 Nov 2017 @ 10:58am

      Re: SO, Google can know ALL in Gmail, but the Russians can't.

      Oh look it thinks it has a real gotcha point. How droll.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 27 Nov 2017 @ 11:14am

      Re: SO, Google can know ALL in Gmail, but the Russians can't.

      Username checks out. Welcome comrade!

      We'd love to listen to your propaganda but sadly all your propaganda schemes were outed after the last election.

      Good try though! Nostrovia!

      reply to this | link to this | view in chronology ]

    • identicon
      I.T. Guy, 27 Nov 2017 @ 12:36pm

      Re: SO, Google can know ALL in Gmail, but the Russians can't.

      Google denied your unemployment; Didn't they?

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 27 Nov 2017 @ 11:01am

    declined to comment on timing but said that the bureau was overwhelmed by the sheer number of attempted hacks.

    They had a list of email accounts, and mass emailing is not that difficult to give people a heads up.

    reply to this | link to this | view in chronology ]

  • icon
    crade (profile), 27 Nov 2017 @ 11:17am

    “It’s a matter of triaging to the best of our ability the volume of the targets who are out there,”

    The best of your ability is pathetic.

    reply to this | link to this | view in chronology ]

  • identicon
    Bar, 27 Nov 2017 @ 11:38am

    Trump is the best thing ever to happen to Russia.....and China.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 27 Nov 2017 @ 11:39am

    Comey

    Is there anyone left on the planet who thinks that Comey did good job and should have been allowed to keep his job?

    reply to this | link to this | view in chronology ]

  • icon
    ThaumaTechnician (profile), 27 Nov 2017 @ 11:50am

    Easy fix:

    Pull some agents away from the Terrorist Factory, get them actually helping society instead of just working on their own career promotion at hapless lost souls' expense.

    reply to this | link to this | view in chronology ]

  • identicon
    John E Cressman, 27 Nov 2017 @ 12:07pm

    Misleading

    Once again, misleading title. The fact of the matter is, there are agents of every government CONSTANTLY trying to hack us and every other government.

    I'm not surprised they didn't notify people however, their general policy is not to comment on an ongoing investigation. My HOPE is, they were monitoring those accounts, trying to track down the culprits but I have little faith in the FBI, or any other government agency.

    reply to this | link to this | view in chronology ]

  • identicon
    @b, 27 Nov 2017 @ 1:23pm

    Why buy the cow

    when you can get the milk for free.

    reply to this | link to this | view in chronology ]

  • icon
    orbitalinsertion (profile), 27 Nov 2017 @ 2:15pm

    We'll just have to remember the "too much data" line next time their NSA collection firehose comes up.

    reply to this | link to this | view in chronology ]

  • icon
    Shane (profile), 27 Nov 2017 @ 7:29pm

    Lame

    Every government on the face of the earth attempts to influence American elections. That's the whole point of using the US dollar as a global reserve currency you idiots.

    Move on already. Sick and tired of every single outlet of any type anywhere spewing DNC party line bile.

    You guys are even soft peddling the reversal of Net Neutrality. "Oh, don't be too hard on Ajit Pai.... We don't want to seem EXTREME..."

    Pathetic.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 27 Nov 2017 @ 7:55pm

      Re: Lame

      Well...bye

      reply to this | link to this | view in chronology ]

    • icon
      That One Guy (profile), 28 Nov 2017 @ 5:36am

      Re: Lame

      This may surprise you, but you don't actually have to read every article. I know the magic coding makes it difficult not to, but if you try really hard I'm sure you can manage to avoid the articles you so disagree with, thereby reducing your stress levels.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 28 Nov 2017 @ 6:55am

    Judging a book by the cover

    "unwilling to perform the mundane, but necessary, tasks that accompany those noble pursuits. The boring parts of the job still need to be done."

    Not exactly. The FBI doesn't have 1000's of agents responding to these events. They barely have a few 100. Of those 100's, they are likely broken down into country specific specialties: China, Iran, Russia, etc... Now take it down further into spear-phishing, malware, exploitation, etc.. So realistically, they probably have <15 people working.

    Despite them being total asshats, they are doing the best they can. They also have responsibilities to business who work on behalf of the Gov as well.

    The cyber game is as complicated as the encryption debate. So how does the FBI know if Fancy Bear is spear-phishing people? They are likely camping out on some sensitive information. Running around and telling EVERYONE they are being targeted is not realistic. The FBI is likely tracking TTPs and gathering further information to figure out what is happening on strategic level. They are triaging the problem.

    I love me some FBI bashing; however, this is not as straight forward as we want it to be.

    To comment on the "$8/hr part-timers", what exactly do you propose? Do you want to hire a bunch of census-style people to do notifications? I just rolled my eyes at this. The media would sniff this out and then cyber actors would know they are being tracked and change TTPs making it difficult to detect them again.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Special Affiliate Offer

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.