Law Enforcement

U.S. indicts Russian hackers in global conspiracy


The Justice Department charged seven Russian nationals in a global hacking disinformation campaign stretching across several years and multiple continents.

Charges against the seven include hacking, wire fraud and identity theft and involve efforts by Russian intelligence agencies to delegitimize the work of groups probing Russia's doping violations in international athletics.

Dutch, Canadian and British authorities cooperated in the effort to unmask the alleged hackers, and there is overlap between the individuals charged in this case and the one brought by Special Counsel Robert Muller's investigation into Russian influence into the 2016 election.

"Three of the seven defendants charged in this case were previously charged in the indictment brought by the Office of Special Counsel in July of this year, which pertained to a conspiracy to interfere with the 2016 U.S. presidential election," Assistant Attorney General for National Security John Demers said at an Oct. 4 press conference.

In a joint announcement, those Dutch and U.K. law enforcement agencies said some of those same GRU officers were responsible for hacking into laboratories in Europe investigating alleged Russian use of chemical weapons in Syria and the poisoning of a former Russian agent.

The group also allegedly used spearphishing techniques to steal identities and network credentials of employees of a Westinghouse nuclear power plant based in Pittsburgh that supplied nuclear fuel to the Ukraine. The activity against the Westinghouse facility occurred between 2014 and 2016, according to the indictments. The Ukraine’s power grid was severely crippled in 2015 by cyberattacks attributed to Russia.

Overall, said Scott Brady, U.S. attorney for the Western District of Pennsylvania, the indictments point to a sprawling Russian campaign to sway public opinion and spread misinformation.

Brady said the ways the hackers gained access to anti-doping agencies and the nuclear power plant networks was "fascinating."

According to the 40-page indictment, the seven used remote, "on-site" or "close access" attempts to steal access credentials for victims' networks.

Typically, it said, hacking was done remotely from Russia. When that didn’t work, however, the conspirators travelled around the world to the sites. Some of the techniques targeted organizations or their personnel through Wi-Fi connections, including hotel Wi-Fi networks. Spearphishing that targeted specific employees to steal access codes and identity credentials was a favorite tactic, it said.

The hackers also used fictitious  names and leveraged online  infrastructure -- including  servers,  domains,  cryptocurrency, email  accounts and social  media  accounts --  as well as  other  online  services  provided  by  companies in the U.S. and elsewhere,  the indictment said, to pursue their goals.

In the case of hacking into the U.S. and World Anti-Doping Agency, the indictment alleged the seven used 38 common IP addresses to gain access, then spread the stolen health data via social media and website of the Fancy Bears’ Hack Team, and Fancy Bear is one of the names the U.S. cybersecurity agencies have assigned to Russian government-backed hacking efforts.

In instances when the group was forced to use paid network infrastructure services for its activities, the indictment said it used fictitious names tied to Bitcoin and other cryptocurrencies.

About the Author

Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.

Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, magazine and Wireless Week.

Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.

Click here for previous articles by Rockwell. Contact him at [email protected] or follow him on Twitter at @MRockwell4.


  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

Stay Connected