Law Enforcement

U.S. indicts Russian hackers in global conspiracy

 

The Justice Department charged seven Russian nationals in a global hacking disinformation campaign stretching across several years and multiple continents.

Charges against the seven include hacking, wire fraud and identity theft and involve efforts by Russian intelligence agencies to delegitimize the work of groups probing Russia's doping violations in international athletics.

Dutch, Canadian and British authorities cooperated in the effort to unmask the alleged hackers, and there is overlap between the individuals charged in this case and the one brought by Special Counsel Robert Muller's investigation into Russian influence into the 2016 election.

"Three of the seven defendants charged in this case were previously charged in the indictment brought by the Office of Special Counsel in July of this year, which pertained to a conspiracy to interfere with the 2016 U.S. presidential election," Assistant Attorney General for National Security John Demers said at an Oct. 4 press conference.

In a joint announcement, those Dutch and U.K. law enforcement agencies said some of those same GRU officers were responsible for hacking into laboratories in Europe investigating alleged Russian use of chemical weapons in Syria and the poisoning of a former Russian agent.

The group also allegedly used spearphishing techniques to steal identities and network credentials of employees of a Westinghouse nuclear power plant based in Pittsburgh that supplied nuclear fuel to the Ukraine. The activity against the Westinghouse facility occurred between 2014 and 2016, according to the indictments. The Ukraine’s power grid was severely crippled in 2015 by cyberattacks attributed to Russia.

Overall, said Scott Brady, U.S. attorney for the Western District of Pennsylvania, the indictments point to a sprawling Russian campaign to sway public opinion and spread misinformation.

Brady said the ways the hackers gained access to anti-doping agencies and the nuclear power plant networks was "fascinating."

According to the 40-page indictment, the seven used remote, "on-site" or "close access" attempts to steal access credentials for victims' networks.

Typically, it said, hacking was done remotely from Russia. When that didn’t work, however, the conspirators travelled around the world to the sites. Some of the techniques targeted organizations or their personnel through Wi-Fi connections, including hotel Wi-Fi networks. Spearphishing that targeted specific employees to steal access codes and identity credentials was a favorite tactic, it said.

The hackers also used fictitious  names and leveraged online  infrastructure -- including  servers,  domains,  cryptocurrency, email  accounts and social  media  accounts --  as well as  other  online  services  provided  by  companies in the U.S. and elsewhere,  the indictment said, to pursue their goals.

In the case of hacking into the U.S. and World Anti-Doping Agency, the indictment alleged the seven used 38 common IP addresses to gain access, then spread the stolen health data via social media and website of the Fancy Bears’ Hack Team, fancybear.net and fancybear.org. Fancy Bear is one of the names the U.S. cybersecurity agencies have assigned to Russian government-backed hacking efforts.

In instances when the group was forced to use paid network infrastructure services for its activities, the indictment said it used fictitious names tied to Bitcoin and other cryptocurrencies.

About the Author

Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.

Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, tele.com magazine and Wireless Week.

Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.

Click here for previous articles by Rockwell. Contact him at mrockwell@fcw.com or follow him on Twitter at @MRockwell4.


Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.