They absolutely advertised it when it was released and every journalist knows about it.
Kashmir Patel went out of his way to bypass security protocols for onboarding his political hires (for the US’s premiere domestic intelligence service!). If he wanted to be secure, all he had to do was not get in the way of the FBI’s natural processes.
Also, this wouldn’t have happened if POTUS had hired someone with relevant FBI experience instead of a political hack.
You are high on the first peak of Dunning Krueger right now.
The Director of the FBI is an immensely powerful position, unlike the average secretory/assistant in some FBI field office. Even the FBI Special Agents are taught OpsSec in depth at FBI cadet school and it is reinforced at every additional relevant training.
The reason Patel wasn’t is because he’s unqualified to be in the department and was a political hire who almost certainly bypassed the normal security protocols when he was hired. The FBI has an entire detail, not unlike that of Secret Service, who both secures the physical person / transport of the Director, but who also maintains intelligence about threats and OpsSec, which should cover this specifically scenario. In other words, Patel didn’t need to know about this security precaution himself — he just needed to not stifle his team from protecting him.
What are you talking about? There's literally a Cyber Crimes[0] division of the FBI, and they run the National Cyber Investigative Joint Task Force (NCIJTF). They probably know a thing or two about cyber security for high-ranked governmental officials.
dude at least you should have brought an internal recommendation memo targeted all fbi people, not "but fbi has this and this division..."
lets say your college have astrophysics and other big departments. Are you really expert on those areas? Can you expect all highly-regarded professors to know most things from other departments? Do all 'competent' art professors know about astrophysics?
I would, yes. Maybe a director in the Small Business Administration is lower on the target list of gov officials that would need to be concerned, but certainly anyone in the Departments of Defense, Justice, Homeland Security, State, Transportation, Treasury, and probably Nuclear Regulatory Commission, for sure.
> BECAUSE NSA IS part of the government ?
I don't know why multiple times in this comment section you allude to the NSA as being the only Federal agency tasked with any sort of cyber security responsibility, that is just plain wrong.
>you should have brought an internal recommendation memo targeted all fbi people
Yes, because I have access to any and all internal memos provided by the FBI to their employees. Internal memos are by their very nature are internal, so are generally not available for public consumption.
Also, your higher ed example is terrible, because as someone with a work history at a flagship state university's IT department, I can assure you that we provide all sorts of "memos", trainings, and tools to combat cybercrime, including special onboarding sessions to ensure new hires are protecting themselves and the university. We don't depend on the Art and Physics departments to make sure they keep their faculty 'in-line' following best practices in cyber security.
If only the Director of the FBI had access to some sort of investigative team, maybe more than one, maybe even enough that they use a collective term for it, something like, I don't know: bureau?
no but I've been interested in cryptography/anonimity stuff, so I see a lot of suggestions/advertisements related to those: signal, telegram, proton-mail, etc
Are you suggesting that he was targeted before he became the director of the FBI? That seems unlikely. Once he became an obvious target surely the FBI should have secured his past, present and future communications. But I have no idea what protocols there are for such things, I'm just going off common sense, a notoriously sketchy starting point in the crazy world of the current US administration.
He held very important positions in the US government before 2022, including in the SecDef’s office and DNI in 2020-2021.
This is just a sad story of a partisan hack who failed upwards into one of the most sensitive and powerful offices in the nation, simply for being a loyal sycophant, not merit.
From the article, he wasn't the director of the FBI for the time period the emails are from: "The stolen emails appear to date from around 2011 to 2022"
To be fair, he probably never once in his wildest dreams ever thought he would be head of the FBI. So he probably didn't think he needed the extra security, because what idiot would put him in charge of the world's largest spy network.
The same idiot who pushed him into SecDef’s office and DNI in 2020.
He shouldn’t be FBI Director and he shouldn’t have been in the DNI or Secretary of Staff for SecDef either. All of those are high positions of responsibility and require tremendous OpsSec. This guy’s first act as FBI Director was to waive most of the investigations into his staff to bypass security clearance checks.
Sorry if I’m not disagreeing with you. Sarcasm is a bit hard to identify these days.
I have 2 family members who are/were special agents for the FBI. Much of their job is harvesting evidence to build cases by spying, which frequently comes more in the form of “spying” in the way we saw in The Sopranos.
The FBI is also the premier counter-espionage organization within the US, so it is tasked with spying on suspected foreign / turned spies.
It is much more than a spy network, but it is exactly that as well.
All cleared citizens are subject to warrantless search at any time by the FBI, some for the remainder of their life. You don't have to be a suspect to fall within their panopticon.
That’s at least partly because upping application for a security clearance, they are signing a contract to do that.
We don’t know how much the Trump political officials managed to avoid those onboarding requirements. It has been widely reported that at least some of them bypassed eligibility requirements and polygraph. It’s probably not a huge leap to assume these same people were not required to consent to these forever-after-searches.
While I understand why you would say that, I think the way "spy network" was meant, was in the way that their job is to spy within the US. And given the resources at their disposition, and the size of the US, "worlds biggest spy network" is not wrong.
Also, they do head up the main counterintelligence effort of the US.
I'd rather he worry about securing government secrets, not spend one second worrying about "personal photographs of Patel sniffing and smoking cigars, riding in an antique convertible, and making a face while taking a picture of himself in the mirror with a large bottle of rum".
Obviously government secrets need to be properly secured, but the personal info/photos of a top official can often be used for blackmail or for determining close friends that could be used to compromise Patel.
“The enemy broke into our nuke silo, killed our Air Force manned crew, stole the nuke codes, launched the missile. Not a big deal because we shot it down before it hit its target.”
Most of the time, actual harm is the most important issue. In this case because that office holds so much centralized power and authority over many aspects of American life (domestic law enforcement, some foreign law enforcement, domestic counterterrorism / counterintelligence / counterespionage, and security clearance background checks for all VIPs), the means are equally as important as the ends.
And I would throw in a wrinkle: what evidence is there that the dumps were not stripped of the most useful blackmail material? If I were in charge of a hack operation, I would dump the low impact stuff to show the world how much of a joke this guy’s security is, but only after I already used the best stuff to blackmail him months ago.
The reality is that officials are targetted by various states looking to get some leverage, so not properly securing an email account is a serious failing unless it's part of a wider honeypot scheme. Personally, I'm not convinced that the current U.S. administration is competent enough to plan ahead and implement honeypots.
No point in going round and round with personal opinions and general speculation. The debate is easily settled: just point to some actual harm done by this hack.
I don't think you really understand how blackmail works. If the information is public, then that's a failed blackmail attempt. Also, the U.S. administration is unlikely to provide public information on how top officials have been compromised.
It's not really much of a debate as it's widely acknowledged that letting enemy states get access to the email accounts of officials is a really bad idea.
Patel specifically bypassed security clearance protocols for Bongino and other staff he hired. His top priority isn’t protecting government secrets — it’s to take down what he thinks is the part of the US government that resists bending to Trump’s will.
And you are wrong that the FBI shouldn’t care about securing the Director’s private life information. Anything and everything can and will be used to blackmail him by foreign governments, criminals, political actors.
I highly doubt the first public dump of messages would include the most compromising content — that’s like handing away a maximum severity zero day for the most common OS in the federal government. There’s no logical reason to do that for free, so I suspect the really incriminating/ salacious stuff was withheld for private use.
And if the FBI didn’t enable the high security setting on the FBI Director’s private email account, they might not have known what, if any, compromising materials were in there.
The confusing thing is that googling "google advanced protection program" takes you to the en_in locale, even if you are in the US. An American has no clue what a crore is, so it is just an SEO failure on Google's part, which is funny. I didn't know there was an en_us equivalent to the page when I googled the topic.
It doesn’t really tell you where the copywriters were from but you notice that the locale of the page is Indian because the numbers are given in crore.
if this was a few years ago I would even say here on "hacker" news we could probably notice the indian locale in the damn URL and save an entire subthread of racial offtopic
https://landing.google.com/intl/en_in/advancedprotection/
The fact the Director of the FBI did not avail himself of this just reiterates how incompetent he is, in addition to being corrupt as heck.