advertisement

FBI leaves US targets of Russian hackers in the dark

WASHINGTON (AP) - The hackers' targets: The former head of cybersecurity for the U.S. Air Force. An ex-director at the National Security Council. A former head of the Defense Intelligence Agency.

All were caught up in a Russian government-aligned cyberespionage campaign. None was warned by the FBI, despite an agency policy that calls for notification.

The bureau repeatedly failed to alert targets of the Russian hacking group known as Fancy Bear despite knowing for more than a year that their personal emails were in the Kremlin's sights, an Associated Press investigation has found.

"No one's ever said to me, 'Hey Joe, you've been targeted by this Russian group,'" said former Navy intelligence officer Joe Mazzafro, whose inbox the hackers tried to compromise in 2015. "That our own security services have not gone out and alerted me, that's what I find the most disconcerting as a national security professional."

FBI policy calls for notifying victims, whether individuals or groups, to help thwart both ongoing and future hacking attempts. The policy, which was released in a lawsuit filed earlier this year against the FBI by the nonprofit Electronic Privacy Information Center, says that notification should be considered "even when it may interfere with another investigation or (intelligence) operation."

The FBI did not immediately respond to requests on the details of its notification policy. Late last week, it declined to discuss its investigation into Fancy Bear's spying campaign, but did provide a statement that said in part: "The FBI routinely notifies individuals and organizations of potential threat information."

Three people familiar with the matter - including a current and a former government official - said the FBI has known the details of Fancy Bear's attempts to break into Gmail inboxes for more than a year. A senior FBI official, who was not authorized to publicly discuss the hacking operation because of its sensitivity, said the bureau had been overwhelmed by an "almost insurmountable problem."

The AP conducted its own investigation into Fancy Bear, dedicating two months and a small team of reporters to go through a list of 19,000 phishing links provided by the cybersecurity firm Secureworks.

The list showed how Fancy Bear worked in close alignment with Kremlin interests to steal tens of thousands of emails from the Democratic Party , the AP reported this month.

But it wasn't just Democrats the hackers were after.

The AP identified more than 500 U.S.-based targets in the data, reached out to more than 190 of them and interviewed nearly 80 people, including current or former military personnel, Democratic operatives, diplomats or ex-intelligence workers such as Mazzafro.

Many were long-retired, but about one-third were still in government or held security clearances at the time of the hacking attempts. Only two told the AP they learned of the hacking attempts from the FBI. A few more were contacted by the FBI after their emails were published in the torrent of leaks that coursed through last year's electoral contest. To this day, some leak victims have not heard from the bureau.

One was retired Maj. James Phillips, who was one of the first people exposed by the website DCLeaks in mid-2016. A year later, Philips has yet to hear anything from the FBI.

In fact he didn't learn his emails were "flapping in the breeze" until two months after the fact, when a journalist called him to ask for comment.

"The fact that a reporter told me about DCLeaks kind of makes me sad," Phillips said in a telephone interview.

Phillips' story would be repeated again and again as the AP spoke to officials from the National Defense University in Washington to the North American Aerospace Defense Command in Colorado.

Among them: a former head of the Defense Intelligence Agency, retired Lt. Gen. Patrick Hughes; a former head of Air Force Intelligence, retired Lt. Gen. David Deptula; a former defense undersecretary, Eric Edelman; and a former director of cybersecurity for the Air Force, retired Lt. Gen. Mark Schissler.

Some targets of Fancy Bear's spying said they don't blame the FBI for not notifying them.

"The expectation that the government is going to protect everyone and go back to everyone is false," said Nicholas Eftimiades, a retired senior technical officer at the Defense Intelligence Agency who teaches homeland security at Pennsylvania State University in Harrisburg and was himself among the targets.

But Charles Sowell, who previously worked as a senior administrator in the Office of the Director of National Intelligence and was targeted by Fancy Bear two years ago, said there was no reason the FBI couldn't do the same work the AP did.

"It's absolutely not OK for them to use an excuse that there's too much data," said Sowell. "Would that hold water if there were a serial killer investigation, and people were calling in tips left and right, and they were holding up their hands and saying, 'It's too much'?

"That's ridiculous."

___

EDITOR'S NOTE - Raphael Satter's father, David Satter, is an author and Russia specialist who has been critical of the Kremlin. His emails were published last year by hackers and his account is on Secureworks' list of Fancy Bear targets. He was not notified by the FBI.

This image shows a portion of a phishing email sent to a Washington area-based military analyst on Nov. 9, 2017. Scores of U.S. diplomatic, military and government figures were not told about attempts to hack into their emails even though the FBI knew they were in the Kremlin’s crosshairs, The Associated Press has learned. (AP Photo) The Associated Press
FILE - This Feb. 3, 2012, file photo shows FBI headquarters in Washington. Many U.S. diplomatic, military and government figures were not told about Russia-linked attempts to hack into their emails, even though the FBI knew they were in the Kremlin’s crosshairs, The Associated Press has learned. (AP Photo/Manuel Balce Ceneta, File) The Associated Press
In this image made from video, seen though an interior window, employees work in the offices of Secureworks in Atlanta on Oct. 4, 2017. Working off a list supplied by the cybersecurity firm, The Associated Press found that scores of U.S. diplomatic, military and government figures were not told about attempts to hack into their emails even though the FBI knew they were in the Kremlin’s crosshairs. (AP Photo/Marina Hutchinson) The Associated Press
Catalin Florica, who launched THCServers.com in 2013, poses for a portrait during an interview at the company's headquarters, outside Craiova, southern Romania, Wednesday, Oct. 4, 2017. The company based in a remote part of the Eastern European country was used to register the website DCLeaks, which U.S. intelligence has accused of being a front for Russian spies. (AP Photo/Vadim Ghirda) The Associated Press
FILE - In this Aug. 3, 2004 file photo, Lt. Gen. Patrick Hughes of the Department of Homeland Security appears before the Senate Government Affairs Committee on Capitol Hill. Hughes, a former head of the Defense Intelligence Agency, was one of scores of U.S. diplomatic, military and government figures who were not told about attempts to hack into their emails even though the FBI knew they were in the Kremlin’s crosshairs, The Associated Press has learned. (AP Photo/Dennis Cook, File) The Associated Press
FILE - This Sept. 29, 2017 photo shows the Kremlin in Moscow. Scores of U.S. diplomatic, military and government figures were not told about Russia-linked attempts to hack into their emails, even though the FBI knew they were in Moscow's crosshairs, The Associated Press has learned. (AP Photo/Ivan Sekretarev, File) The Associated Press
FILE - In this May 15, 2013 file photo, U.S. Ambassador to Russia Michael McFaul leaves the Foreign Ministry in Moscow, Russia. McFaul, who served as ambassador from 2012 to 2014, was angry to learn that he was sent a phishing email in 2015 - and was told nothing about it by the FBI. “Our government needs to be taking greater responsibility to defend its citizens in both the physical and cyber worlds, now, before a cyberattack produces an even more catastrophic outcome than we have already experienced,” he said. (AP Photo/Misha Japaridze, File) The Associated Press
FILE - In this Oct. 4, 2017, file photo, a motorcycle is parked outside the THCServers.com company headquarters, outside Craiova, southern Romania. The company based in a remote part of the eastern European country was used to register the website DCLeaks, which U.S. intelligence has accused of being a front for Russian spies. (AP Photo/Vadim Ghirda, File) The Associated Press
Article Comments
Guidelines: Keep it civil and on topic; no profanity, vulgarity, slurs or personal attacks. People who harass others or joke about tragedies will be blocked. If a comment violates these standards or our terms of service, click the "flag" link in the lower-right corner of the comment box. To find our more, read our FAQ.