FBI Failed To Notify 70+ US Officials Targeted By Russian Hackers

An anonymous reader quotes the AP: The FBI failed to notify scores of U.S. officials that Russian hackers were trying to break into their personal Gmail accounts despite having evidence for at least a year that the targets were in the Kremlin's crosshairs, The Associated Press has found. Nearly 80 interviews with Americans targeted by Fancy Bear, a Russian government-aligned cyberespionage group, turned up only two cases in which the FBI had provided a heads-up. Even senior policymakers discovered they were targets only when the AP told them, a situation some described as bizarre and dispiriting.

"It's utterly confounding," said Philip Reiner, a former senior director at the National Security Council, who was notified by the AP that he was targeted in 2015. "You've got to tell your people. You've got to protect your people." The FBI declined to answer most questions from AP about how it had responded to the spying campaign... A senior FBI official, who was not authorized to publicly discuss the hacking operation because of its sensitivity, declined to comment on timing but said that the bureau was overwhelmed by the sheer number of attempted hacks... A few more were contacted by the FBI after their emails were published in the torrent of leaks that coursed through last year's electoral contest. But to this day, some leak victims have not heard from the bureau at all.
Here's an interesting statistic from the AP's analysis. "Out of 312 U.S. military and government figures targeted by Fancy Bear, 131 clicked the links sent to them."

Another part of the US gov? Doing law enforcement

[AHuxley]

Why the halt on protecting the US from another nation if it was really another nation?
Every day wasted is another day the another skilled nation could copy out all the plain text data... again.
US investigators tried to wait and see with a real extraction effort and allowed a lot of US secrets to walk out in real time while under investigation...
Methods would have changed by now so who is looking after US domestic collection and who wants easy to find malware code to stay in place?
Some US investigation has a nice new hidden tool set that offers a Russian skill set and global staging server if detected by other parts of the US gov/mil/contractors?
The ip range, time of day, code litter is just a cover for deep and long term US investigative skill sets.
Any private sector person or 3rd party in the private sector has a look, it has to be "Russia" with an easy to find, media friendly "Bear"code litter?
"CIA anti-forensics tool that makes Uncle Sam seem fluent in enemy tongues" (31 Mar 2017)
https://www.theregister.co.uk/...
Great cover for a long term FBI or other agency investigation.
The question for people finding the code would be is it US parallel construction https://en.wikipedia.org/wiki/... or a real US court backed investigation?
Who domestically is looking at your systems and has the legal power to keep the code in?
When was the last time an investigation was hidden and results not shared, a domestic US version of Operation Socialist ?
https://theintercept.com/2014/...
Has the FBI gone back to its Magic Lantern (software) https://en.wikipedia.org/wiki/... and stayed in long term, deep in domestic computer and telco networks?
Could this be the US version of incorruptible US law enforcement needing hidden tools set well apart form all other US courts, telcos, police, lawyers?
Greek wiretapping case 2004–05 https://en.wikipedia.org/wiki/...–05
The Italian SISMI-Telecom scandal https://en.wikipedia.org/wiki/...

US law enforcement has set up a "Royal Ulster Constabulary Special Branch" that does not have to risk talking or sharing with any other part of US law enforcement and is getting results with mil/CIA grade computer systems?

Re:Russian "hackers"

[king+neckbeard]

Yes. Technically, they are hackers, as all phishing would be. What I'm saying is that they are projecting the sophistication of someone like Mitnick onto attacks that are, at least as this stage, closer to Nigerian prince scammers. We've seen one of these emails thanks to the Podesta leaks, and it's only a little more sophisticated.

The reason I'm concerned is because it's furthering the repeating narrative of "RUSSIAN HACKERZ OMG" to shut down discussion about anything else, inflate the threat, and turn the argument away from more relevant concerns, like how bad these military contractors are at basic OpSec. We had too much of that kind of distraction bullshit in the Bush era.