It’s no longer a secret that Russian hackers have targeted the personal email accounts of American officials, but the FBI was apparently less than vigilant in giving these targets a heads-up. The AP has discovered through interviews that, out of nearly 80 people Russia’s Fancy Bear team tried to compromise (mainly in 2015), only two had been told by the FBI — even though the bureau reportedly had evidence for a year or more. In a few cases, the AP chat was the first time the victims learned they were in the crosshairs.
For its part, the FBI’s only official response is that it “routinely notifies” people and organizations of threats. Off the record, however, an unofficial source told the AP that the FBI struggles to cope with the volume of potential targets and had to prioritize alerts “to the best of our ability.”
Whether or not that claim holds water is another matter. Although the hit list (obtained thanks to Secureworks poring through targeting data) was daunting with over 500 US-based targets, there doesn’t appear to be evidence that the FBI launched a significant effort to warn those people and organizations. And there’s the problem: while it’s hard to know if the FBI could have notified all 500 in a timely manner, there doesn’t appear to have been a concerted attempt to try.
It’s not certain how much damage Russia’s email attack actually caused. The targets had to have opened questionable links and otherwise fallen prey, and some hadn’t occupied sensitive posts for years. However, the findings suggest that the FBI didn’t always have a sense of urgency when dealing with Russia’s coordinated hacking campaigns, and may not have taken them more seriously until the 2016 presidential election made clear they were a serious problem.
Published at Sun, 26 Nov 2017 20:53:00 +0000