The head of the FBI defended the bureau’s policies for notifying victims of state-sponsored cyberattacks Thursday after coming under fire for reportedly alerting only a fraction of the current and former U.S. government officials allegedly targeted by Russian military intelligence.
Federal agents notified only two of nearly 80 Americans targeted in recent years by a hacking outfit linked to Russian intelligence, the Associated Press reported recently, a troubling development raised by lawmakers questioning FBI Director Christopher Wray on Thursday during a House Judiciary Committee hearing.
“Can you explain why these individuals had to learn from The Associated Press that they were targets of an aggressive Russian hacking effort?” asked Rep. Zoe Lofgren, California Democrat.
“I’m not comfortable trying to discuss the specific victim engagements in a particular investigation, at least in this setting,” Mr. Wray responded. “But … we have very well-established criteria and policies and procedures for questions of victim notification in cyber matters.”
FBI agents typically weigh certain factors before deciding whether to notify a potential hacking victim, including whether targets can be positively identified and if warning them could “potentially compromise or jeopardize an existing investigation or reveal sources and methods,” Mr. Wray said.
The director also noted that investigators have a harder time alerting potential hacking victims when attackers set their sights on targets that aren’t under the government’s direct control.
“When you have a large number of people, it’s much easier for us to provide victim notification when we have official or government or corporate accounts where we can contact the chief information security officer, and then they can communicate to all the people who are on that server,” Mr. Wray said. “When you talk about Gmail accounts and all that, it gets a lot harder.”
“I think the procedures themselves remain the same and the procedures themselves I think are pretty sound,” Mr. Wray added. “If you think about what they are, they are questions the investigators have to ask in each victim notification context.”
Russian state-sponsored hackers interfered in the 2016 U.S. presidential race in part by targeting the email accounts of American targets, according to the U.S. intelligence community, and security researchers have linked those campaigns to operations waged by a group linked to Russian military intelligence known by names including Fancy Bear and APT28. Emails obtained by successfully breaching targeted accounts associated with the Democratic Party were subsequently leaked online prior to Election Day and are widely attributed with derailing nominee Hillary Clinton’s campaign.
The FBI “repeatedly failed to alert targets of the Russian hacking group … despite knowing for more than a year that their personal emails were in the Kremlin’s sights,” the AP reported last month.
Russia has denied interfering in the 2016 White House race.
• Andrew Blake can be reached at ablake@washingtontimes.com.
Please read our comment policy before commenting.