Iran-linked hackers breach FBI director's personal email

Posted by m-hodges 2 days ago

447 points | 527 commentspage 2

mlmonkey 2 days ago|

> On their website, the hacker group Handala Hack Team said . . . .

Anybody have a link? You know, for science ...

Edit: Apparently, just last week the DoJ snatched their domains: https://www.justice.gov/opa/pr/justice-department-disrupts-i...

megous 2 days ago|

not all of them, search harder

AnimalMuppet 2 days ago||

So, to echo the previous comment, got a link?

"Search harder" is a pretty unfriendly response to a request for a link...

megous 2 days ago||

Just saying that there's a working link if you search. It's a useful information on its own.

There's no reason to post it directly. Their server is slow today even without adding lazy (ok, HN readers not interested in applying some effort to the matter) HN readers to the mix.

kevincloudsec 2 days ago||

Forget the Iran attribution for a second. The FBI director's personal email was already in leaked credential databases from prior breaches.

bcjdjsndon 2 days ago|

Every now and then something happens that makes me wonder how the fuck America is number one, this being one of them.

bpt3 2 days ago|||

Loads of natural resources, no local military threats, and historically a government that stayed out of the way and allowed individuals to reap the rewards of their efforts.

The first is almost impossible to screw up, though we're really trying on the last front.

krapp 2 days ago||||

America had the advantage of getting through WW2 relatively unscathed with lots of resources and intact infrastructure that it used to leverage against the reconstruction of Europe, Japan and the USSR and entrench its cultural and economic hegemony. Also the US essentially colonized the West with nuclear weapons under the guise of "Pax Americana" and making the dollar the reserve currency.

That's really it. Not moral superiority, not technical ingenuity, not the indomitable American spirit. Just imperialist opportunism.

mna_ 1 day ago|||

Plus huge amounts of braindrain from all over the world after WW2 (originally from Europe, but nowadays mainly from India and China).

1234letshaveatw 2 days ago||||

We're ranked number one based on the summation of all the angsty teen America bad comments on social media. At least that is the stat the press goes off of I believe

bobsmooth 2 days ago||||

One of the largest populations, and by extension, GDPs.

chanux 1 day ago|||

Bretton Woods, Petro dollar and Lindy effect?

XorNot 1 day ago|||

Also the only major economy which didn't fight World War 2 on its own territory.

OJFord 1 day ago||

Boy are there some angry Pearl Harbour comments incoming...

vrganj 2 days ago||||

Don't worry, it's on its way out.

basisword 2 days ago||||

Number one based on what metric other than they constantly say they're number one?

jorts 2 days ago|||

Because America is a lot more than a podcaster put into a position that he has no qualifications for.

1234letshaveatw 2 days ago||

[flagged]

fmajid 2 days ago||

GMail, like Apple, has specific enhanced security programs available for Politically Exposed Persons:

https://landing.google.com/intl/en_in/advancedprotection/

The fact the Director of the FBI did not avail himself of this just reiterates how incompetent he is, in addition to being corrupt as heck.

billfor 2 days ago||

Read the article he wasn't the director of the FBI: "The stolen emails appear to date from around 2011 to 2022"

hughw 2 days ago|||

He's had over a year to enable it.

DaSHacka 2 days ago|||

Why would he, when he wasn't director of the FBI then?

thephyber 1 day ago|||

You’re right. He was merely [checks notes]:

  - Chief of Staff to the United States Secretary of Defense (2020-2021)
  - Principal Deputy Director of National Intelligence (2020)

Not a big deal. No need for OpSec in those positions.

hughw 2 days ago|||

Agree only a smart person would the sense in it.

buzzerbetrayed 2 days ago||

[flagged]

sysguest 1 day ago|||

woah but even I haven't heard about that gmail feature...?

maybe google doesn't advertise about this much?

thephyber 1 day ago|||

They absolutely advertised it when it was released and every journalist knows about it.

Kashmir Patel went out of his way to bypass security protocols for onboarding his political hires (for the US’s premiere domestic intelligence service!). If he wanted to be secure, all he had to do was not get in the way of the FBI’s natural processes.

Also, this wouldn’t have happened if POTUS had hired someone with relevant FBI experience instead of a political hack.

sysguest 1 day ago||

> POTUS had hired someone with relevant FBI experience instead of a political hack.

well what percentage of highly-rated FBI people have actually enabled that feature?

did FBI had some internal recommendation to enable that feature?

FBI isn't NSA people...

thephyber 1 day ago|||

You are high on the first peak of Dunning Krueger right now.

The Director of the FBI is an immensely powerful position, unlike the average secretory/assistant in some FBI field office. Even the FBI Special Agents are taught OpsSec in depth at FBI cadet school and it is reinforced at every additional relevant training.

The reason Patel wasn’t is because he’s unqualified to be in the department and was a political hire who almost certainly bypassed the normal security protocols when he was hired. The FBI has an entire detail, not unlike that of Secret Service, who both secures the physical person / transport of the Director, but who also maintains intelligence about threats and OpsSec, which should cover this specifically scenario. In other words, Patel didn’t need to know about this security precaution himself — he just needed to not stifle his team from protecting him.

dessimus 1 day ago|||

What are you talking about? There's literally a Cyber Crimes[0] division of the FBI, and they run the National Cyber Investigative Joint Task Force (NCIJTF). They probably know a thing or two about cyber security for high-ranked governmental officials.

[0] https://www.fbi.gov/investigate/cyber

sysguest 1 day ago||

well by that logic, you can argue every top gov officials who didn't sign up for https://landing.google.com/intl/en_in/advancedprotection/ is incompetent, BECAUSE NSA IS part of the government ?

dude at least you should have brought an internal recommendation memo targeted all fbi people, not "but fbi has this and this division..."

lets say your college have astrophysics and other big departments. Are you really expert on those areas? Can you expect all highly-regarded professors to know most things from other departments? Do all 'competent' art professors know about astrophysics?

dessimus 1 day ago||

>well by that logic, you can argue every top gov officials who didn't sign up for https://landing.google.com/intl/en_in/advancedprotection/ is incompetent

I would, yes. Maybe a director in the Small Business Administration is lower on the target list of gov officials that would need to be concerned, but certainly anyone in the Departments of Defense, Justice, Homeland Security, State, Transportation, Treasury, and probably Nuclear Regulatory Commission, for sure.

> BECAUSE NSA IS part of the government ?

I don't know why multiple times in this comment section you allude to the NSA as being the only Federal agency tasked with any sort of cyber security responsibility, that is just plain wrong.

>you should have brought an internal recommendation memo targeted all fbi people

Yes, because I have access to any and all internal memos provided by the FBI to their employees. Internal memos are by their very nature are internal, so are generally not available for public consumption.

Also, your higher ed example is terrible, because as someone with a work history at a flagship state university's IT department, I can assure you that we provide all sorts of "memos", trainings, and tools to combat cybercrime, including special onboarding sessions to ensure new hires are protecting themselves and the university. We don't depend on the Art and Physics departments to make sure they keep their faculty 'in-line' following best practices in cyber security.

sysguest 1 day ago||

[flagged]

cindyllm 1 day ago||

[dead]

dessimus 1 day ago||||

If only the Director of the FBI had access to some sort of investigative team, maybe more than one, maybe even enough that they use a collective term for it, something like, I don't know: bureau?

saulapremium 1 day ago|||

"Even you"?

Are you someone who would be inclined to look into something like that?

sysguest 1 day ago||

no but I've been interested in cryptography/anonimity stuff, so I see a lot of suggestions/advertisements related to those: signal, telegram, proton-mail, etc

GeorgeRichard 1 day ago|||

Are you suggesting that he was targeted before he became the director of the FBI? That seems unlikely. Once he became an obvious target surely the FBI should have secured his past, present and future communications. But I have no idea what protocols there are for such things, I'm just going off common sense, a notoriously sketchy starting point in the crazy world of the current US administration.

coke12 1 day ago||

He was well known in the first Trump admin.

kevin_thibedeau 2 days ago|||

It's possible it was breached in 2022 and they've held on to it until now.

thephyber 1 day ago|||

He held very important positions in the US government before 2022, including in the SecDef’s office and DNI in 2020-2021.

This is just a sad story of a partisan hack who failed upwards into one of the most sensitive and powerful offices in the nation, simply for being a loyal sycophant, not merit.

andsoitis 2 days ago||||

From the article, he wasn't the director of the FBI for the time period the emails are from: "The stolen emails appear to date from around 2011 to 2022"

leereeves 2 days ago|||

It's also possible that he maintained security by not putting anything worth hacking on gmail.

stickfigure 2 days ago|||

It is also possible he is an idiot. There are few valuable sentences that begin with "it is possible..."

leptons 2 days ago||

To be fair, he probably never once in his wildest dreams ever thought he would be head of the FBI. So he probably didn't think he needed the extra security, because what idiot would put him in charge of the world's largest spy network.

thephyber 1 day ago|||

The same idiot who pushed him into SecDef’s office and DNI in 2020.

He shouldn’t be FBI Director and he shouldn’t have been in the DNI or Secretary of Staff for SecDef either. All of those are high positions of responsibility and require tremendous OpsSec. This guy’s first act as FBI Director was to waive most of the investigations into his staff to bypass security clearance checks.

Sorry if I’m not disagreeing with you. Sarcasm is a bit hard to identify these days.

nkrisc 1 day ago||||

World’s largest spy network? The FBI wouldn’t even be the largest spy network within the US.

eps 2 days ago|||

The FBI is not a spy network.

thephyber 1 day ago|||

You are being pedantic.

I have 2 family members who are/were special agents for the FBI. Much of their job is harvesting evidence to build cases by spying, which frequently comes more in the form of “spying” in the way we saw in The Sopranos.

The FBI is also the premier counter-espionage organization within the US, so it is tasked with spying on suspected foreign / turned spies.

It is much more than a spy network, but it is exactly that as well.

kevin_thibedeau 1 day ago||

All cleared citizens are subject to warrantless search at any time by the FBI, some for the remainder of their life. You don't have to be a suspect to fall within their panopticon.

thephyber 1 day ago|||

That’s at least partly because upping application for a security clearance, they are signing a contract to do that.

We don’t know how much the Trump political officials managed to avoid those onboarding requirements. It has been widely reported that at least some of them bypassed eligibility requirements and polygraph. It’s probably not a huge leap to assume these same people were not required to consent to these forever-after-searches.

leereeves 1 day ago|||

> All cleared citizens are subject to warrantless search at any time by the FBI, some for the remainder of their life.

That claim deserves a source.

kevin_thibedeau 1 day ago||

It's buried in EO12333

ArnoVW 1 day ago|||

While I understand why you would say that, I think the way "spy network" was meant, was in the way that their job is to spy within the US. And given the resources at their disposition, and the size of the US, "worlds biggest spy network" is not wrong.

Also, they do head up the main counterintelligence effort of the US.

How the mighty have fallen.

pdpi 2 days ago|||

Security in depth. Even if you think you don't have anything particularly valuable in there, you still protect it as if you did.

leereeves 2 days ago||

I'd rather he worry about securing government secrets, not spend one second worrying about "personal photographs of Patel sniffing and smoking cigars, riding in an antique convertible, and making a face while taking a picture of himself in the mirror with a large bottle of rum".

ndsipa_pomu 1 day ago|||

Obviously government secrets need to be properly secured, but the personal info/photos of a top official can often be used for blackmail or for determining close friends that could be used to compromise Patel.

leereeves 1 day ago||

There's so much speculation about how this hack could conceivably be damaging, but so little evidence that it actually contained anything damaging.

thephyber 1 day ago|||

“The enemy broke into our nuke silo, killed our Air Force manned crew, stole the nuke codes, launched the missile. Not a big deal because we shot it down before it hit its target.”

Most of the time, actual harm is the most important issue. In this case because that office holds so much centralized power and authority over many aspects of American life (domestic law enforcement, some foreign law enforcement, domestic counterterrorism / counterintelligence / counterespionage, and security clearance background checks for all VIPs), the means are equally as important as the ends.

And I would throw in a wrinkle: what evidence is there that the dumps were not stripped of the most useful blackmail material? If I were in charge of a hack operation, I would dump the low impact stuff to show the world how much of a joke this guy’s security is, but only after I already used the best stuff to blackmail him months ago.

leereeves 1 day ago||

The scenario you're proposing is more like "They broke into our silo and launched a nuke, then they shot it down themselves."

A successful blackmailer doesn't want the security breach exposed or investigated, they want to continue to use the victim.

ndsipa_pomu 1 day ago|||

Security through luck?

The reality is that officials are targetted by various states looking to get some leverage, so not properly securing an email account is a serious failing unless it's part of a wider honeypot scheme. Personally, I'm not convinced that the current U.S. administration is competent enough to plan ahead and implement honeypots.

leereeves 1 day ago||

No point in going round and round with personal opinions and general speculation. The debate is easily settled: just point to some actual harm done by this hack.

ndsipa_pomu 1 day ago||

I don't think you really understand how blackmail works. If the information is public, then that's a failed blackmail attempt. Also, the U.S. administration is unlikely to provide public information on how top officials have been compromised.

It's not really much of a debate as it's widely acknowledged that letting enemy states get access to the email accounts of officials is a really bad idea.

thephyber 1 day ago|||

Bad take.

Patel specifically bypassed security clearance protocols for Bongino and other staff he hired. His top priority isn’t protecting government secrets — it’s to take down what he thinks is the part of the US government that resists bending to Trump’s will.

And you are wrong that the FBI shouldn’t care about securing the Director’s private life information. Anything and everything can and will be used to blackmail him by foreign governments, criminals, political actors.

I highly doubt the first public dump of messages would include the most compromising content — that’s like handing away a maximum severity zero day for the most common OS in the federal government. There’s no logical reason to do that for free, so I suspect the really incriminating/ salacious stuff was withheld for private use.

And if the FBI didn’t enable the high security setting on the FBI Director’s private email account, they might not have known what, if any, compromising materials were in there.

kevin_thibedeau 1 day ago||

Trump bypassed clearance protocols for unclearable Jared. Nobody cares with an unaccountable executive.

thephyber 11 hours ago||

My take isn’t that “nobody cares”. It’s that we realized we are helpless against a President who violates the rules. Until he is impeached, he is for most purposes a king.

sysguest 1 day ago|||

> The fact the Director of the FBI did not avail himself of this

well even I haven't seen/heard about this...

maybe google should advertise more?

(or... maybe I don't look important to google :( ?)

ab_testing 2 days ago|||

Was that landing page written by Google India team !

thaumasiotes 2 days ago||||

Well, it was written to target Indian English. You can find the American version of the page at https://landing.google.com/intl/en_us/advancedprotection/ .

bedatadriven 2 days ago||||

Uh yeah, the locale in the link is specifically an Indian locale. If you find it it disorienting you can change en_in to en_us:

https://landing.google.com/intl/en_us/advancedprotection/

FreePalestine1 2 days ago||

The confusing thing is that googling "google advanced protection program" takes you to the en_in locale, even if you are in the US. An American has no clue what a crore is, so it is just an SEO failure on Google's part, which is funny. I didn't know there was an en_us equivalent to the page when I googled the topic.

ErroneousBosh 2 days ago||

> An American has no clue what a crore is

Really?

It's ten million of something, or (currently) about $11,000 US dollars in money.

You might also see "lakh" which is one hundred thousand of something, or about $1100 when it's used to describe money.

Now you know.

nsenifty 1 day ago|||

> or (currently) about $11,000 US dollars $110,000 US dollars

ErroneousBosh 1 day ago||

Oops, you're right. Don't do currency conversions in your head, folks.

sumedh 21 hours ago|||

India really needs to adopt millions and billions.

connorgurney 2 days ago|||

Not sure what difference the nationality of the copywriters makes…

echoangle 2 days ago|||

It doesn’t really tell you where the copywriters were from but you notice that the locale of the page is Indian because the numbers are given in crore.

throwaway290 2 days ago||

if this was a few years ago I would even say here on "hacker" news we could probably notice the indian locale in the damn URL and save an entire subthread of racial offtopic

bobsmooth 2 days ago||||

"Gmail blocks over 10 crore phishing attempts every day."

SanjayMehta 2 days ago|||

[flagged]

lazide 2 days ago||

Crores are pretty distinctive.

SanjayMehta 1 day ago||

That's coming from Google, the racism is coming from the commentators.

I have no problem with racism; I have a problem with hypocrisy.

lazide 23 hours ago||

How is it racism when it is literally written by/in Indians? As in literally has it as the locale and uses terms only really used in India?

You might as well be complaining someone notes ‘it’s Chinese’ when something written in Simplified Chinese by the CCP gets posted?

SanjayMehta 19 hours ago||

Good grief, read the comments up top, not talking about Google's page.

lazide 18 hours ago||

Mind linking to any particularly problematic ones? When I scanned through before making my earlier comment, I didn’t see anything.

Betelbuddy 2 days ago||

It would be poetic justice to get the unredacted Epstein files via Iran...

hmokiguess 2 days ago||

Was he running openclaw on his unpenetrable system by any chance?

k310 2 days ago||

A great many experts in the military, medicine, disaster relief, and cybersecurity { the list goes on } were fired.

It's almost as if the nation were being weakened on purpose.

Don't get mad, get Vlad. Or just prepare for the long-desired Rapture.[0] and which politicians seem to be working very hard to being about (the Apocalypse part, anyway)

[0] https://www.cnn.com/2025/06/29/us/iran-israel-evangelicals-p...

> Prophecy, not politics, may also shape America’s clash with Iran

So, is prophecy OK in a pitch deck? Asking for a friend.

idiotsecant 2 days ago||

Its both dumber and more dangerous than that. Competent people are not valuable to governments that value loyalty more than competence.

gotwaz 2 days ago|||

"Competent" people are not valuable and over rated because they will flake out in such jobs when the group holds them responsible for all sorts of things they have no control over. They are the first people who recognize lumits. Their own, their teams and the systems. But people dont want to hear about Limits. They want saviors and messaihs. They want fantasy and magic. So the system runs not optimized for efficiency but illusion of control, for damping of anxieties and fears.

genxy 2 days ago||

Over 90% of my managers got into their positions by either stabbing someone in the back, or walking across their dead body.

hackable_sand 2 days ago||

That's how hierarchies work. It's an circumstantial constraint. Some people just keep trying to make hierarchies permanent for whatever reason.

trinsic2 2 days ago|||

and that will be there eventual downfall luckily.

vrganj 2 days ago|||

The Manchurian Candidate.

RobRivera 2 days ago|||

When do the Raptor puppets go on sale?

refurb 2 days ago|||

Yes, the “experts” like the head of the HHS that was a lawyer and former DA in California.

leereeves 2 days ago|||

Were any of the people fired responsible for security on personal gmail accounts?

nickvec 2 days ago|||

no paywall for the CNN article: https://archive.ph/Pz81T

afpx 2 days ago||

For real, I wouldn't be shocked if Trump drafted everyone between 18 and 42, sent them all to Iran and then let Israel nuke Iran

conception 2 days ago|||

No, I’m convinced the one thing that Trump wants to do is to launch a nuke before he dies. That’s what he wants his legacy to be. and his name everywhere.

k310 2 days ago|||

No. DRAFT ICE!

  • They are already "trained" (in random violence against civilians. Checks one box) 
  • Bonespur "victims" have already been weeded out.  
  • They are already government employees and must go where assigned. (saves TONS of paperwork)  
  • They already have weapons, and unspent budget money.  
  • They already have swell masks to protect from radioactive dust that bombing reactors creates, and (this is big)  
  • Their kill to loss ratio is infinite.

Oh, and ...

  • It's them or Barron.

ThaDood 2 days ago||

If you check their telegram channel they have some humorous photos and his resume.

7174n6 2 days ago|||

I'm sure it will be embarrassing for him personally, but not a breach of U.S. government systems.

Kudos to CNN for publishing a balanced take on it.

ebiester 2 days ago||

These are a group that used outside signal chats to discuss war plans. What odds do you have that he didn't use a personal email to avoid future accountability?

hnlmorg 2 days ago||

That’s depressingly common with politicians the world over because Signal supports disappearing messages.

So I wouldn’t expect someone who uses Signal to automatically be the kind of person to use personal email for work.

SirFatty 2 days ago|||

You're assuming that he didn't use personal email for his FBI "work".

7174n6 2 days ago||

The leak is from 2011-2022. He wasn't in the government then!!!!

awkwardpotato 2 days ago|||

per Lorenzo Franceschi-Bicchierai

> In some cases, Patel appears to have sent emails from his former Justice Department email address in 2014 to his Gmail account. TechCrunch found that the emails sent from Patel’s DOJ account also appeared to be authentic.

phonon 2 days ago||||

Are you kidding? He had extremely sensitive roles as Devin Nunes' House committee aide from 2017–2019 in the House Permanent Select Committee on Intelligence, National Security Council aide and deputy director of national intelligence (2019–2020), and then Chief of staff to the secretary of defense (2020–2021).

enoint 2 days ago||

I wonder how much of 2021. Two FBI agents reported that he was the bag man for payments to alter Jan 6 cases.

https://www.nytimes.com/2023/03/02/us/politics/house-weaponi...

Hikikomori 2 days ago|||

Maybe something fun about his book. https://www.amazon.com/Plot-Against-King-Kash-Patel/dp/19555...

Muhammad523 2 days ago||

What a weird looking book. The cover shows Trump as the king, lol Anyways, if i were a parent, i'd certainly try to do everything to prevent my kids (under 10) from getting into politics. Let them live as normal kids should.

athrowaway3z 2 days ago||

The US media has a clear understanding that their reporting on the war needs to be filtered and biased. This is not some coming-to-their-senses against sensationalism, but a nothingburger they know they can't sensationalize without great risk.

As is the case in any administration; let alone with an admin as vindictive as Trump's.

This "balanced take" warrants kudos?

We're not even pretending to lift the bar off the ground when it comes to mainstream media, are we?

natas 8 hours ago||

probably got simswapped, but personal emails should hold no work-related information, so this is not a huge deal is it?

Ms-J 2 days ago||

Real link from Handala (dead): https://handala-team.to/kash-patel-current-director-of-the-f...

Archive: https://archive.ph/ILFFH

Download: https://link.storjshare.io/raw/jxoxwyp7qosgdwldereecudqpbva/...

Password: handala

bcjdjsndon 2 days ago|

Looking good there, murica, looking good

More comments...