FBI didn’t tell US officials Russian hackers were trying to hack their emails | world-news
Nearly 80 interviews with Americans targeted by Fancy Bear, a Russian government-aligned cyberespionage group, turned up only two cases in which the FBI had provided a heads-up. Even senior policymakers discovered they were targets only when the AP told them, a situation some described as bizarre and dispiriting.
“It’s utterly confounding,” said Philip Reiner, a former senior director at the National Security Council, who was notified by the AP that he was targeted in 2015. “You’ve go to tell your people. You’ve got to protect your people.”
The FBI declined to answer most questions from AP about how it had responded to the spying campaign. The bureau provided a statement that said in part: “The FBI routinely notifies individuals and organizations of potential threat information.”
Three people familiar with the matter — including a current and a former government official — said the FBI has known for more than a year the details of Fancy Bear’s attempts to break into Gmail inboxes. A senior FBI official, who was not authorized to publicly discuss the hacking operation because of its sensitivity, declined to comment on timing but said that the bureau was overwhelmed by the sheer number of attempted hacks.
“It’s a matter of triaging to the best of our ability the volume of the targets who are out there,” he said.
The AP did its own triage, dedicating two months and a small team of reporters to go through a hit list of Fancy Bear targets provided by the cybersecurity firm Secureworks.
In this image made from video, seen though an interior window, employees work in the offices of Secureworks in Atlanta on Oct. 4, 2017.
Previous AP investigations based on the list have shown how Fancy Bear worked in close alignment with the Kremlin’s interests to steal tens of thousands of emails from the Democratic Party. The hacking campaign disrupted the 2016 US election and cast a shadow over the presidency of Donald Trump, whom US intelligence agencies say the hackers were trying to help. The Russian government has denied interfering in the American election.
The Secureworks list comprises 19,000 lines of targeting data. Going through it, the AP identified more than 500 US-based people or groups and reached out to more than 190 of them, interviewing nearly 80 about their experiences.
Many were long-retired, but about one-quarter were still in government or held security clearances at the time they were targeted. Only two told the AP they learned of the hacking attempts on their personal Gmail accounts from the FBI. A few more were contacted by the FBI after their emails were published in the torrent of leaks that coursed through last year’s electoral contest. But to this day, some leak victims have not heard from the bureau at all.
Charles Sowell, who previously worked as a senior administrator in the Office of the Director of National Intelligence and was targeted by Fancy Bear two years ago, said there was no reason the FBI couldn’t do the same work the AP did.
“It’s absolutely not OK for them to use an excuse that there’s too much data,” Sowell said. “Would that hold water if there were a serial killer investigation, and people were calling in tips left and right, and they were holding up their hands and saying, ‘It’s too much’? That’s ridiculous.”
The AP found few traces of the bureau’s inquiry as it launched its own investigation two months ago.
In October, two AP journalists visited THCServers.com, a brightly lit, family-run internet company on the former grounds of a communist-era chicken farm outside the Romanian city of Craiova. That’s where someone registered DCLeaks.com, the first of three websites to publish caches of emails belonging to Democrats and other U.S. officials in mid-2016.
DCLeaks was clearly linked to Fancy Bear. Previous AP reporting found that all but one of the site’s victims had been targeted by the hacking group before their emails were dumped online.
Yet THC founder Catalin Florica said he was never approached by law enforcement.
“It’s curious,” Florica said. “You are the first ones that contact us.”
THC merely registered the site, a simple process that typically takes only a few minutes. But the reaction was similar at the Kuala Lumpur offices of the Malaysian web company Shinjiru Technology, which hosted DCLeaks’ stolen files for the duration of the electoral campaign.
Catalin Florica, who launched THCServers.com in 2013, poses for a portrait during an interview at the company’s headquarters, outside Craiova, southern Romania, Wednesday, Oct. 4, 2017.
The company’s chief executive, Terence Choong, said he had never heard of DCLeaks until the AP contacted him.
“What is the issue with it?” he asked.
Questions over the FBI’s handling of Fancy Bear’s broad hacking sweep date to March 2016, when agents arrived unannounced at Hillary Clinton’s headquarters in Brooklyn to warn her campaign about a surge of rogue, password-stealing emails.
The agents offered little more than generic security tips the campaign had already put into practice and refused to say who they thought was behind the attempted intrusions, according to a person who was there and spoke on condition of anonymity because the conversation was meant to be confidential.
Questions emerged again after it was revealed that the FBI never took custody of the Democratic National Committee’s computer server after it was penetrated by Fancy Bear in April 2016. Former FBI Director James Comey testified this year that the FBI worked off a copy of the server, which he described as an “appropriate substitute.”
“Makes me sad”
Retired Maj. James Phillips was one of the first people to have the contents of his inbox published by DCLeaks when the website made its June 2016 debut.
But the Army veteran said he didn’t realize his personal emails were “flapping in the breeze” until a journalist phoned him two months later.
“The fact that a reporter told me about DCLeaks kind of makes me sad,” he said. “I wish it had been a government source.”