U.S. indicts Russian hackers in global conspiracy

The Justice Department charged seven Russian nationals in a global hacking disinformation campaign stretching across several years and multiple continents.

Charges against the seven include hacking, wire fraud and identity theft and involve efforts by Russian intelligence agencies to delegitimize the work of groups probing Russia's doping violations in international athletics.

Dutch, Canadian and British authorities cooperated in the effort to unmask the alleged hackers, and there is overlap between the individuals charged in this case and the one brought by Special Counsel Robert Muller's investigation into Russian influence into the 2016 election.

"Three of the seven defendants charged in this case were previously charged in the indictment brought by the Office of Special Counsel in July of this year, which pertained to a conspiracy to interfere with the 2016 U.S. presidential election," Assistant Attorney General for National Security John Demers said at an Oct. 4 press conference.

In a joint announcement, those Dutch and U.K. law enforcement agencies said some of those same GRU officers were responsible for hacking into laboratories in Europe investigating alleged Russian use of chemical weapons in Syria and the poisoning of a former Russian agent.

The group also allegedly used spearphishing techniques to steal identities and network credentials of employees of a Westinghouse nuclear power plant based in Pittsburgh that supplied nuclear fuel to the Ukraine. The activity against the Westinghouse facility occurred between 2014 and 2016, according to the indictments. The Ukraine’s power grid was severely crippled in 2015 by cyberattacks attributed to Russia.

Overall, said Scott Brady, U.S. attorney for the Western District of Pennsylvania, the indictments point to a sprawling Russian campaign to sway public opinion and spread misinformation.

Brady said the ways the hackers gained access to anti-doping agencies and the nuclear power plant networks was "fascinating."

According to the 40-page indictment, the seven used remote, "on-site" or "close access" attempts to steal access credentials for victims' networks.

Typically, it said, hacking was done remotely from Russia. When that didn’t work, however, the conspirators travelled around the world to the sites. Some of the techniques targeted organizations or their personnel through Wi-Fi connections, including hotel Wi-Fi networks. Spearphishing that targeted specific employees to steal access codes and identity credentials was a favorite tactic, it said.

The hackers also used fictitious  names and leveraged online  infrastructure -- including  servers,  domains,  cryptocurrency, email  accounts and social  media  accounts --  as well as  other  online  services  provided  by  companies in the U.S. and elsewhere,  the indictment said, to pursue their goals.

In the case of hacking into the U.S. and World Anti-Doping Agency, the indictment alleged the seven used 38 common IP addresses to gain access, then spread the stolen health data via social media and website of the Fancy Bears’ Hack Team, fancybear.net and fancybear.org. Fancy Bear is one of the names the U.S. cybersecurity agencies have assigned to Russian government-backed hacking efforts.

In instances when the group was forced to use paid network infrastructure services for its activities, the indictment said it used fictitious names tied to Bitcoin and other cryptocurrencies.