A new investigation by the Associated Press turned up evidence that Russian hackers didn’t just steal tens of thousands of emails from the Democratic Party last year, they also attacked the Gmail accounts of scores of U.S. officials — many of them with jobs with, or ties to, American intelligence service.
And the FBI knew about it — but in the vast majority of cases failed to notify the officials they were being targeted by Fancy Bear, a Russian government-aligned cyberespionage group.
That’s both alarming and outrageous.
The AP report said a senior FBI official asked for comment declined to say when the agency had received the Fancy Bear target list, but said the bureau was overwhelmed by the sheer number of attempted hacks.
“It’s a matter of triaging to the best of our ability the volume of targets who are out there,” the FBI official said.
The AP did that grunt work on its own using a small staff of reporters over two months who sorted through 19,000 lines of Fancy Bear targeting data that was provided by Secureworks, a cybersecurity firm.
The AP identified more than 500 U.S.-based people or groups from that list, tried to contact 190 of them and was able to interview nearly 80.
In many cases the contact from the news agency was the first time the person had been contacted by anyone. In only two of the cases had the target been warned by the FBI that their Gmail accounts were in the cross-hairs of Russian hackers.
The targets read like a Who’s Who of U.S. intelligence — many of them retired, but some still active — including a former head of the Defense Intelligence Agency, a former head of Air Force Intelligence, a former defense undersecretary, a former director of cybersecurity for the Air Force, a retired senior technical officer at the Defense Intelligence Agency and a former director of military support at the Geospatial Intelligence Agency.
Some of those contacted said they had taken their computers for repairs when they noticed something strange going on. Others said they never put classified information on their accounts or opened Gmails that they didn’t recognize. But the AP investigation found that out of the 312 U.S. military and government officials targeted, 131 had clicked on the malicious link sent to them by Fancy Bear.
The AP said it remains unclear whether the malware had been successful in gaining access to passwords and credentials or what the hackers may have acquired.
What is not in doubt is that the FBI failed miserably in its duty do protect American security interests — or at the very least to tell those who had been targeted that their Gmail accounts had been under siege by foreign hackers and they should watch their cybersecurity.
The FBI needs to close the door on cybersecurity hacks by Russians and other countries just as surely as our military branches have the responsibility of defending us from physical attacks.