Posted on Nov 26, 2017
FBI didn't tell US targets as Russian hackers hunted emails
1.48K
20
9
6
6
0
Posted 7 y ago
Responses: 6
“You’ve got to tell your people. You’ve got to protect your people.”
No you don't. Protecting sources and methods are more important than letting someone know their non government affiliated account was targeted by an APT. How exactly do you expect them to report than, "Hey we have some classified information saying you're being targeted by the Russians."?
No you don't. Protecting sources and methods are more important than letting someone know their non government affiliated account was targeted by an APT. How exactly do you expect them to report than, "Hey we have some classified information saying you're being targeted by the Russians."?
(2)
(0)
Maj (Join to see)
Sgt Wayne Wood - sure. But there's a legitimate reason for this. What if the collection the FBI had was the only collect they had on this? By notifying people they could potentially burn that collect and now we're blind to the adversary. Sure we "protected" 500 people's NONGOVERNMENTAL email accounts but we lost collect on a very credible cyber threat.
Seems like the FBI made the right choice.
Seems like the FBI made the right choice.
(1)
(0)
Sgt Wayne Wood
With the politicization of the FBI and other ‘apolitical’ government agencies, the decisions made may be legitimately questioned.
Besides, based onpersonal experience a lot of the methods you tout are learned from external actors
Besides, based onpersonal experience a lot of the methods you tout are learned from external actors
(1)
(0)
Interesting that they (government organizations) are now trying to use the old mantra of 'do as I say, not as I do.' If this had happened to a non-governmental economic business, the DOJ (not just the FBI) would be all over this, along with a number of other governmental agencies demanding answers.
When something similar to this happened at the VA, the DOJ and other agencies were hammering the VA, especially on the speed of notification to the effected people.
"Others argued that the FBI may have wanted to avoid tipping the hackers off or that there were too many people to notify.
“The expectation that the government is going to protect everyone and go back to everyone is false,” said Nicholas Eftimiades, a retired senior technical officer at the Defense Intelligence Agency who teaches homeland security at Pennsylvania State University in Harrisburg and was himself among the targets.
But the government is supposed to try, said Michael Daniel, who served as President Barack Obama’s White House cybersecurity coordinator.
Daniel wouldn’t comment directly on why so many Fancy Bear targets weren’t warned in this case, but he said the issue of how and when to notify people “frankly still needs more work.”"
When something similar to this happened at the VA, the DOJ and other agencies were hammering the VA, especially on the speed of notification to the effected people.
"Others argued that the FBI may have wanted to avoid tipping the hackers off or that there were too many people to notify.
“The expectation that the government is going to protect everyone and go back to everyone is false,” said Nicholas Eftimiades, a retired senior technical officer at the Defense Intelligence Agency who teaches homeland security at Pennsylvania State University in Harrisburg and was himself among the targets.
But the government is supposed to try, said Michael Daniel, who served as President Barack Obama’s White House cybersecurity coordinator.
Daniel wouldn’t comment directly on why so many Fancy Bear targets weren’t warned in this case, but he said the issue of how and when to notify people “frankly still needs more work.”"
(1)
(0)
Read This Next