FBI Stayed Mum on Kremlin-Linked Hacks, Ignoring Its Own Policy

The FBI deviated from its own policy on notifying victims of computer hacking when it left many U.S. officials and other Americans in the dark about Kremlin-aligned attempts to break into their personal Gmail accounts, The Associated Press has learned.

FBI policy calls for notifying victims, whether individuals or groups, to help thwart both ongoing and future hacking attempts. The policy, which was released in a lawsuit filed earlier this year against the FBI by the nonprofit Electronic Privacy Information Center, says that notification should be considered "even when it may interfere with another investigation or (intelligence) operation."

The AP interviewed almost 80 Americans, including senior policymakers, and found only two who said they learned of the efforts to hack into their Gmail accounts from the FBI.

"It's just remarkable to me that the Bureau did not do what it was supposed to do," said Marc Rotenberg, executive director of the Electronic Privacy Information Center.

The FBI did not immediately respond to requests for comment on this story. Late last week, the agency declined to discuss its investigation into the spying campaign and said in a statement: "The FBI routinely notifies individuals and organizations of potential threat information."

However, three people familiar with the matter -- including a current and a former government official -- said the FBI has known for more than a year the details of the hacking attempts by a Russian government-aligned hacking group known as Fancy Bear.

A senior FBI official, who was not authorized to publicly discuss the hacking operation because of its sensitivity, said the Bureau was overwhelmed by the sheer number of attempted hacks. "It's a matter of triaging to the best of our ability the volume of the targets who are out there," he said.

In the face of a tidal wave of malicious phishing attempts, the FBI sometimes...

Comments are closed.