U.S. indicts Russian hackers in global conspiracy
- By Mark Rockwell
- Oct 04, 2018
The Justice Department charged seven Russian nationals in a global hacking disinformation campaign stretching across several years and multiple continents.
Charges against the seven include hacking, wire fraud and identity theft and involve efforts by Russian intelligence agencies to delegitimize the work of groups probing Russia's doping violations in international athletics.
Dutch, Canadian and British authorities cooperated in the effort to unmask the alleged hackers, and there is overlap between the individuals charged in this case and the one brought by Special Counsel Robert Muller's investigation into Russian influence into the 2016 election.
"Three of the seven defendants charged in this case were previously charged in the indictment brought by the Office of Special Counsel in July of this year, which pertained to a conspiracy to interfere with the 2016 U.S. presidential election," Assistant Attorney General for National Security John Demers said at an Oct. 4 press conference.
In a joint announcement, those Dutch and U.K. law enforcement agencies said some of those same GRU officers were responsible for hacking into laboratories in Europe investigating alleged Russian use of chemical weapons in Syria and the poisoning of a former Russian agent.
The group also allegedly used spearphishing techniques to steal identities and network credentials of employees of a Westinghouse nuclear power plant based in Pittsburgh that supplied nuclear fuel to the Ukraine. The activity against the Westinghouse facility occurred between 2014 and 2016, according to the indictments. The Ukraine’s power grid was severely crippled in 2015 by cyberattacks attributed to Russia.
Overall, said Scott Brady, U.S. attorney for the Western District of Pennsylvania, the indictments point to a sprawling Russian campaign to sway public opinion and spread misinformation.
Brady said the ways the hackers gained access to anti-doping agencies and the nuclear power plant networks was "fascinating."
According to the 40-page indictment, the seven used remote, "on-site" or "close access" attempts to steal access credentials for victims' networks.
Typically, it said, hacking was done remotely from Russia. When that didn’t work, however, the conspirators travelled around the world to the sites. Some of the techniques targeted organizations or their personnel through Wi-Fi connections, including hotel Wi-Fi networks. Spearphishing that targeted specific employees to steal access codes and identity credentials was a favorite tactic, it said.
The hackers also used fictitious names and leveraged online infrastructure -- including servers, domains, cryptocurrency, email accounts and social media accounts -- as well as other online services provided by companies in the U.S. and elsewhere, the indictment said, to pursue their goals.
In the case of hacking into the U.S. and World Anti-Doping Agency, the indictment alleged the seven used 38 common IP addresses to gain access, then spread the stolen health data via social media and website of the Fancy Bears’ Hack Team, fancybear.net and fancybear.org. Fancy Bear is one of the names the U.S. cybersecurity agencies have assigned to Russian government-backed hacking efforts.
In instances when the group was forced to use paid network infrastructure services for its activities, the indictment said it used fictitious names tied to Bitcoin and other cryptocurrencies.
Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.
Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, tele.com magazine and Wireless Week.
Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.
Click here for previous articles by Rockwell.
Contact him at firstname.lastname@example.org or follow him on Twitter at @MRockwell4.