Most Fancy Bear hacking targets werent warned by FBI Naked Security. An investigation by the Associated Press has revealed that the FBI never got around to telling a majority of US officials that theyd been targeted by Fancy Bear Russian hackers who tried to pry open their email accounts. At all. Whatsoever. In some cases, that includes not being contacted by the FBI even after their emails had been stolen and published online. Working off a hit list of the Russian government linked cyberespionage group that was provided by the security firm Secure. Works, the AP identified more than 5. US based people or groups that were targeted. Hacking. and Cracking. In the early years of computers, hacking had a positive connotation in the computing field. Computer wizards and geniuses from MIT and Stanford. An investigation by the Associated Press has revealed that the FBI never got around to telling a majority of US officials that theyd been targeted by Fancy Bear. Over the course of two months, relying on the work of a small team of reporters, the AP reached out to more than 1. The FBI had informed only two of them that their Gmail accounts had been targeted. The FBI reached out to a few more after their emails were leaked during last years presidential election. Many of the officials were long retired, but about a quarter were still working in government positions or held security clearances when they were targeted. The AP did more than simply call those people it also sent reporters to knock on doors in the countries where websites associated with breached information were hosted. One such site was DCLeaks. Fancy Bear linked hacking of Hillary Clinton campaign chairman John Podesta and other members of the Democratic National Committee DNC. DCLeaks was registered at THCServers. AP describes as a brightly lit, family run internet company on the former grounds of a communist era chicken farm outside the Romanian city of Craiova. THC founder Catalin Floricas response when the APs two reporters started asking questions Nope, havent seen any FBI agents round these parts. Or law enforcement agents of any flavor, for that matter Its curious. You are the first ones that contact us. NFC can be made secure at the application layer by implementing secure channels or by requiring credentials, but NFC as a protocol itself is not secure at all. Were introducing a new series on CAN and automotive hacking. First, well introduce CAN and discuss how invehicle networks work. In 1986, Bosch. The dangers of being a hacking victim are growing for smartphone and laptop users at WiFi hot spots, who may not realize that their browsing is being watched. Stepping Up Our Game Refocusing the Security Community on Defense and Making Security Work for Everyone. Since the first Black Hat conference 20 years ago, the. The AP got a similar reaction from the Kuala Lumpur offices of the Malaysian web company Shinjiru Technology, which it says hosted DCLeaks stolen files for the duration of the electoral campaign. Shinjiru CEO Terence Choong said he hadnt heard of DCLeaks until the AP contacted him What is the issue with itThe FBI, which launched its investigation into Russian meddling in the 2. US election two months ago, declined to publicly comment on Fancy Bears spying. It did, though, provide the AP with a statement that said in part that yes, we do give people a heads up The FBI routinely notifies individuals and organizations of potential threat information. But sources familiar with the matter, including one former and one current government official, told the AP that the FBI has known for more than a year about Fancy Bears attempts to break into the US officials Gmail accounts. A third, senior FBI official noted that the bureau was overwhelmed by the sheer number of attempted hacks. Its a matter of triaging to the best of our ability the volume of the targets who are out there. Hacking Safeguard Easy Encryption' title='Hacking Safeguard Easy Encryption' />Oh, that is so not cutting it, said Philip Reiner, a former senior director at the National Security Council who first heard from the AP that hed been targeted in 2. Its utterly confounding. Youve got to tell your people. Youve got to protect your people. Another targeted official was Charles Sowell, who previously worked as a senior administrator in the Office of the Director of National Intelligence. Encrypting-information-with-HTTPS.gif' alt='Hacking Safeguard Easy Encryption' title='Hacking Safeguard Easy Encryption' />He was targeted by Fancy Bear two years ago and told the AP that theres no reason why the FBI couldnt have done the same outreach and research that the news agency conducted Its absolutely not OK for them to use an excuse that theres too much data. Would that hold water if there were a serial killer investigation, and people were calling in tips left and right, and they were holding up their hands and saying, Its too much Thats ridiculous. When the AP contacted the 1. FBIs failure to inform them of the hacking attempts. They were also mystified as to what they should do about it, or what the ramifications of the attacks are. One such was retired Maj. Hacking Safeguard Easy Encryption' title='Hacking Safeguard Easy Encryption' />Gen. Brian Keller, a former director of military support at the Geospatial Intelligence Agency. The FBI didnt call Keller, even after DCLeaks posted his emails to the internet. He told the AP that he wasnt clear on what had happened, who had hacked him or whether his data was still at risk. Should I be worried or alarmed or anything Not everybodys miffed at the Bureau. The AP talked to Nicholas Eftimiades, a retired senior technical officer at the Defense Intelligence Agency who teaches homeland security at Pennsylvania State University in Harrisburg and who was himself among the targets The expectation that the government is going to protect everyone and go back to everyone is false. At any rate, beyond questions of why the FBI didnt reach out to the hacking targets and what responsibility it has to at least try, theres the question of how successful Fancy Bear attacks were. According to the APs analysis Out of 3. US military and government figures targeted by Fancy Bear, 1. That could mean that as many as 2 in 5 came perilously close to handing over their passwords. Ouch. Thats a lot of people, in sensitive government positions, clicking where were all hopefully trained not to click. TrueCrypt-7.2-ISO-Latest-Version-Download.png' alt='Hacking Safeguard Easy Encryption' title='Hacking Safeguard Easy Encryption' />How could they Unfortunately, its far too easy to fall for phishing attempts. That was made clear by the New York Times when it explained how Podestas credentials were given up because of the simplest of errors a mere two missing letters. Yes, he was caught out by a typo. Not his typo, mind you. Rather, an aide forwarded a phishing email sent to Podesta, sending it to the campaigns IT staff to ask if the notice was for real. The email, purportedly from Google, said that hackers had tried to infiltrate Podestas Gmail account. Clinton campaign aide Charles Delavan replied that yes, the message was a legitimate email and that Podesta should change his password immediately. There were two missing letters i and l that should have preceded the word legitimate. As Delavan told the NYT, he knew the email was a phishing attack, given that the Clinton campaign was getting a steady stream of them. He meant to reply that the email was illegitimate. What he should have told the aide was that the password should be changed immediately, directly through Googles site and not by clicking on the link in the phishing email. But instead, he inadvertently told the aide to click on the phishing link, and thats how the attackers got Podestas Gmail login, enabling them to get into Podestas account and to about 6. Watch Serial Kis Desh Mein Hai Mera Dil. Ouch, ouch, ouch. You know, it would be great if we could rely on the FBI to inform all espionage targets of phishing attacks like that. Hell, it would be great if we could rely on the FBI to inform all of us about phishing attacks, particularly now that were knee deep in Christmas retail glee and the fraud that it drags in. But cybersecurity helps those who help themselves. And Naked Security being all about helping those who help themselves as well as family and friends has put together 3 simple tips to stay off the hook this phishing season. May they help you stay in the didnt click percentage Follow Naked. Security. Follow Lisa.