Election hackers. The Wall Street Journal (USA): No one knows why the Russian hackers ignored the midterms. NYT: where are the Russians in the US elections
© AP Photo, Robert F. Bukaty
After campaigning massively in the 2016 US election, Russian hackers have gone quiet ahead of the midterm elections. And no one knows why. While The Wall Street Journal is trying to figure out what cybersecurity experts know, its readers have long made up their minds. Commentators believe that the Democrats have regained the House of Representatives and therefore do not make false claims about Russian interference.
The Wall Street Journal (USA): Nobody Knows Why Russian Hackers Ignored Midterm Elections
Congressional elections 2018San Francisco— After conducting massive cyberattacks and a campaign of disinformation in the 2016 US presidential election, Russian trolls and hackers have largely quieted down and stepped aside ahead of last week's midterm elections.
And no one knows why.
Federal agencies, state election officials and social media companies have been hard at work over the past two years building impenetrable voting systems and combating online disinformation in preparation for new elections. But the midterm elections passed without major incident, according to US officials and cybersecurity firms looking for evidence of Russian interference.
There are several factors that have reduced the effectiveness of Russian influence. Clint Watts, senior fellow at the Foreign Policy Research Institute, said that because congressional and state elections are decentralized, they are much more difficult to influence than presidential elections.
Others, including some inside the Trump administration, say efforts to contain foreign hackers and Moscow's message that election meddling is unacceptable have paid off.
But at the same time, experts also talk about the existence of a third possibility. In their view, Russian President Vladimir Putin felt that he had succeeded in inflaming political passions, creating division and undermining confidence in American democracy, and therefore he could sit back and watch others do all the work for him. Political discussions in the US are becoming more heated and tense, with a huge amount of disinformation, and it is created mainly by supporters of one party or another, Watts said.
“What else can the Russians do to distort facts and create confusion that the Americans themselves have not done?” - he asked.
Former and current US officials say it's impossible to figure out which factor is the most important. “To really know the reasons, you have to get into their heads,” John Demers, head of the Department of Justice’s Homeland Security Division, said in an interview.
Context
NYT: where are the Russians in the US elections?
The New York Times 02.11.2018Washington Post: election meddling again? Do not look for Russians, this time the Americans did everything
The Washington Post 07.11.2018Vox: Russia is unhappy with the victory of the Democrats in the House of Representatives
Vox 08.11.2018Russia denies trying to influence the US election. However, U.S. intelligence agencies have concluded that Moscow went to great lengths to sway the 2016 election in Trump's favor.
U.S. executives and tech companies say there was some Russian-related activity this year, but it was far below the 2016 campaign, when Russian hackers tested electoral systems in more than 20 states. They hacked the Democrats' emails, organized information leaks from it and waged a real information war on social networks. US intelligence agencies say they did not assess whether Moscow's collective actions influenced the outcome of the vote in their analysis of Russian interference.
There were some hiccups and problems in the midterm elections, but this is unlikely to be the result of foreign interference. Voters in New York and Georgia complained about long lines due to equipment breakdowns and a lack of voting machines.
One company that supplies public election security risk information said in a fact sheet that several states reported "multiple scans and probes" early last week. These attempts were made by well-known spammers, according to a confidential report found by the Wall Street Journal.
“I think in 2018 we did pretty well on defense,” NSA senior cybersecurity adviser Rob Joyce said last week at a conference plenary session in San Francisco.
The scope of Russia's activity in social networks has also become much smaller than in 2016. Collaboration between social media companies and the Federal Bureau of Investigation, which jointly identify and remove fake accounts linked to Russia and other US adversaries, helped curb disinformation, Demers said. In 2016, such cooperation did not exist.
Facebook, shortly before the election, deleted more than 100 accounts associated with the Russian Internet Research Agency troll factory. This was the result of an FBI tip.
However, current and former officials warn that it is too early to sound victory. The intelligence community did not fully grasp the scope of the Russian operation to smear Hillary Clinton and support Trump only months after the 2016 election. And Russia began to understand well the actions of Russia on disinformation on the Internet only a year later.
A more complete picture may emerge before the end of this year. In September, Trump signed an executive order requiring the intelligence services to conduct an analysis of foreign interference in elections. This assessment must be completed within 45 days.
Demers also warns that post-election campaigns to undermine confidence in the vote could be just as damaging as pre-election campaigns. Trump himself has repeatedly sneered over Florida's gubernatorial and senator recounts over the past week. “An honest vote count is no longer possible - the ballots are massively infected,” he tweeted on Monday without providing any evidence.
The 2018 election was less likely to be hacked from the start because the stakes are not as high as in 2016, said Dmitry Alperovich, co-founder and CTO of cybersecurity firm CrowdStrike. His firm was investigating a hacking attack on the Democratic National Committee in 2016. “The midterms are not presidential elections, and it is much more difficult to have a broad impact on them,” he added.
Watts, formerly an FBI special agent, suggested that 2016 could have been the height of the Russian disinformation campaign. “I don’t think they will ever be able to do it the way they did in 2016,” he said. “Society today is much more aware of these efforts.”
Hacker Week has begun in Las Vegas - three major conferences are held there, at which information security specialists share data on vulnerabilities found and try to draw public attention to cyber defense problems. Who are white hackers, why a work pass should not be carried in your pocket, and is it possible to repeat the hacking of the presidential elections - in the material of Gazeta.Ru.
Three major hacker conferences are taking place in Las Vegas this week - BSides, Black Hat and DEF CON. At these events, in addition to traditional Q&A sessions and presentations, real hacks take place - participants compete with each other, trying to find vulnerabilities in systems.
Information security experts joke that these days in Las Vegas it is better to use a touch-tone phone and give up more sophisticated gadgets, since such a large number of hackers in one place will certainly bode trouble.
In addition, the Caesars Palace hotel, which will host DEF CON, has closed its business center just in case, fearing cyber-hacks. Other companies followed suit, such as logistics firm UPS.
White hackers in the service of society
Hackers can be conditionally divided into "good" and "bad". If everything is clear with the latter, then the former, who are also called "white" (English "white hats"), began to play an important role in the information security of the planet.
White hat hackers use their skills for good, trying to find vulnerabilities before attackers take advantage of them, or looking for a way to minimize losses if the infection does take place.
The largest IT companies use the services of white hat hackers. According to GQ, Google paid out about $1.5 million to such specialists in 2014. Over the past year and a half, Uber has spent over $1 million on 600 such experts, and Facebook in 2017 is offering $40,000 rewards for successfully hacking the company's systems.
Although white hat hackers are mostly freelancers and act as private consultants working from home, this career choice is becoming a full-fledged high-paying profession.
The "eldest" of the three Vegas conferences is DEF CON, founded in 1993 by Jeff Moss, an information security expert.
25 years ago, DEF CON was attended by only 100 people, but now it has become the largest hacker event, gathering tens of thousands of guests - information security specialists, journalists, students, government employees and, of course, white hat hackers.
One of the regular participants of the conference, Philip Harewood from Trinidad and Tobago, who is professionally engaged in the search for vulnerabilities, believes that cyber defense should become an important public task, since criminals often try to exploit the weak points of society.
“Hackers hack university websites right after exams because they know that students will go to look at grades. They attack hospitals during operations, insurance companies, lawyers, accountants - anything that can be profited from. The hospital will immediately pay the ransom if medical equipment is paralyzed by a ransomware virus,” said Harewood.
Election Hacking Reconstruction
White hat hackers have already made several important presentations this year. One of them was presented by Dennis Maldonado, founder of the Houston Area Hackers Anonymous.
As part of DEF CON, he demonstrated the system he created for cloning RDIF tags - they are used, among other things, in electronic passes to the office used by employees of companies around the world.
“I hope it’s all pentesters [Gazeta.Ru], and not black hat hackers,” Maldonado said to the laughter of his audience before showing his device.
The digital code stored on the labels inside the pass or ID-card is very easy to read and copy even at a distance. Maldonado showed how an attacker could place a small device inside a backpack, come within two feet (about 60 cm), read the tag, and then send the data to a system that quickly clones the card.
Since it is not uncommon for people to be in such close proximity, such as on an escalator or in line, the victim will not even notice that something has happened.
The speaker noted that the technology he used is sold in the public domain on the eBay marketplace. “Literally in seconds, you steal someone's data, make a copy and enter the building,” Maldonado concluded, drawing the attention of the audience to the existing vulnerability.
In addition, two security researchers William Caputh and Sam Reinthaler gave a presentation at the BSides conference about the endemic vulnerability of gift cards, which many turn a blind eye to.
Half of the gift card business is served by a single manufacturer. Kaput and Reinthaler told the audience that out of 16 numbers on such cards, the first 12 are a strict arithmetic progression, and the remaining 4 are randomly generated. It turns out that with the help of mathematics, you can calculate 12 characters, and then pick up the last 4 digits, and then use the victim's funds to pay for their purchases.
The hackers pulled off such a trick with a digital tool and a simple card reader that you can buy online. They noted that after the publication of their material, some stores took additional security measures, but others remained indifferent - among them a chain of cinemas and casinos, the names of which the speakers did not disclose.
But one of the most important events of DEF CON will be an attempt to hack into 30 voting machines to determine if it is possible to somehow interfere in the outcome of the election.
Conference organizer Jeff Moss said he set up the test because he was "tired of reading misinformation about the security of voting systems."
The negative results of ethical hacking could put an end to the many rumors and accusations against "Russian hackers" that influenced the 2016 US presidential election. Earlier, Russian President Vladimir Putin called investigations into the influence of Russian special services on the vote "an increase in anti-Russian hysteria."
Russian interference in the American presidential election is considered a proven fact across the ocean and textbook nonsense in the Russian Federation. The "evidence" of malicious manipulations by Russian emissaries is constructed by an amazing for us and quite logical for them manner. Consider an example of investigative actions in the US media environment based on the rarest material evidence from Russiagate.
On October 6, 2016 - exactly one month before the fatal date of the Trump vote - a huge poster with the image of the President of the Russian Federation appeared on one of the bridges in New York City. The poster had dimensions of 6x9 meters, was decorated with panels of the Russian and Syrian state flags, contained a large inscription "Peacemaker" in English. The poster was hung by two men - acting measuredly, in the daytime, in a crowded place. In a few hours, tens of thousands of New Yorkers, millions of TV viewers and visitors to social networks saw visual propaganda.
On November 10, 2016 - three days after the shocking election of D. Trump - a similar banner appeared on the bridge in Washington DC with the image of the current US President. The portrait of B. Obama was accompanied by the inscription "Goodbye, killer!" again in English and only hung for a few hours. The sensitive object (bridge!) in Washington (!!) calmly endured this performance a month after the first action.
Performers of both poster exhibitions to be identified and detained failed.
Once again - the police of the American capital and the largest metropolis, all 17 intelligence services, the ubiquitous FBI and private security agencies. With data from dozens of security cameras, spy satellites and unmanned spies, hundreds of witnesses. With the help of thousands of specialists in two high-profile incidents ... they could not find lovers of daring actionism in two years of the largest scandal. With physical evidence at its disposal, a staff of the best experts, a galaxy of detective masters, a monitoring network "Big brother is watching you" and the legitimate possibilities of the Patriot Act.
But based on the activity of spreading viral videos with bridge propaganda in social networks, a conclusion was made about Russian hackers who distributed this video. That is, the whole operation "Posters" credited to Russian Hackers, KGB & GRU. Promoting the division of America and dissecting the American electoral process.
How the portrait of V. V. Putin could influence the opinion of US voters is not specified - but rather not invented. The portrait of B. Obama appeared after the elections and could not change their result even theoretically.
Nevertheless "Two Banners" entered the annals of Russian aggression against the fragile American democracy. Acquired the status of conclusive evidence of a daring and effective campaign of foreign interference - although there is absolutely no evidence of Russian involvement in the banners themselves. Highly likely, they were posted by the Americans themselves in the public service.
Over the past two years "a daring and effective intervention by Russian Hackers" lost the clarification about hackers and generally changed radically. The intervention was given a socialized character - verbosely repeating the spell "Russia is guilty!", interpreting any possible Russian actions in the worst way.
It was practically possible to confirm the interest of Russian diplomats and officials in the environment and in D. Trump himself - which is natural, because there has never been such a candidate for the US presidency!
Re-read only Mr. Trump's Twitter revelations from spring 2015 to spring 2016, study his pre-election intentions in foreign policy. To ignore such a bright and unformatted personality is diplomatic mediocrity and blatant negligence.
According to the now dominant version of "interference", at the stage of the primaries, Russia did not support the New York tycoon in any way. Until April 2016 - that is, until he is nominated as a Republican candidate, until reaching the final with the arrogant favorite H. Clinton.
After that, the Russian authorities allegedly discredited Mrs. Clinton with her own mistakes on the verge of malfeasance. Forced Lady Hillary to abandon campaigning in the swing states. Forced the Democratic National Committee to commit official fraud in her favor, stole an archive of fraud from Democratic servers and handed it over to WikiLeaks. They also organized a campaign on Facebook and Twitter for Trump and against Clinton with the help of several dozen fighters of the information front. The evidence of all sins is below the poster level.
125 million people took part in the US presidential election. Hundreds of thousands of people worked professionally. The electoral system has been fine-tuned for centuries and is presented as a universal democratic ideal for all countries and peoples.
Announcement of Effective Intervention several dozen foreign social media talkers into the formation tens of millions American opinions - a sentence of exceptional delusions. Perhaps more painful than the Japanese air strike on Pearl Harbor ...
Therefore, the second anniversary of Hackergate was marked by a clumsy maskirovka of espionage-cybernetic inventions.
Russia interfered in the American political process, boldly and skillfully, sophisticatedly and multifaceted ... but completely ineffectively, without affecting the election results at all.
Several people from D. Trump's entourage met with citizens of the Russian Federation, then denied meeting in front of the stern face of the American special prosecutor's office, then they were deprived of their positions for lying to the investigation - and the Russian authorities and hacker groups are to blame for this. Which are identified very simply by the presence of the word Bear(English) bear) in the name of a group approved by the US intelligence conglomerate.
At the meetings, a criminal conspiracy was hypothetically discussed, prepared, approached - boldly, skillfully, sophisticatedly and ... absolutely right, absolutely ineffective!
The FBI was so excited about the possible collusion that it began to monitor Trump and his associates as early as July 2016 and did not track down anything criminal.
By the fall of 2018, the conspiracy of the Trump team with the Russian authorities is prudently not mentioned.
No evidence of any interaction between the republican candidate and the Russian authorities before the November 7, 2016 elections was found.
But the fact of a deep split in the American elites and society is very difficult to hide. As well as the stunning degradation of universal democracy. When the leader of the "civilized world" has to be chosen from a bloodthirsty pensioner with megalomania and a cheeky narcissist with a dollar measure of all values.
A protracted hacker-sabotage scandal managed to record "subversion to discredit democratic values and beliefs with American ideals" at the expense of a foreign power. Their citizens believed, and let others rejoice at the absence of democratic bombing.
The Pyrrhic victory of the investigation will hang like a blade of Damocles over all significant US elections and the stability of power for at least a few years. The authors of the provocative installation do not have a monopoly on turning a hypothetical sword into a punishing political guillotine.
After the election of Donald Trump as President of the United States and the subsequent scandal surrounding Russia's alleged interference in the American elections, the phrase "Russian hackers" finally took root in the rhetoric of politicians and journalists. According to a number of media outlets, cybercriminals from Russia are allegedly involved in a significant number of crimes and attacks on other countries. However, if we turn to the facts, including judicial ones, then the history of "Russian hackers" is revealed from the other side.
RAPSI studied the legal side of one of the most controversial topics of the year. From this material, readers will be able to learn how more than 20 "Russian hackers" have tested US justice over the past 5 years.
Since 2012, US authorities have convicted at least fourteen Russian citizens on charges of cyberfraud, theft of confidential information and related crimes. Many others are in the status of defendants and suspects.
In many cases, Russians have been extradited or are awaiting extradition to US authorities after being detained in other countries. And, for example, the Russian Foreign Ministry called the detention in the Maldives a “kidnapping”.
The terms of already convicted Russians range from a year to 27 years in prison. US officials estimate that convicted and accused Russians have caused at least $2 billion worth of damage.
Unfortunately, such incidents are not uncommon, and RAPSI cases of criminal prosecution of Russians accused of cybercrime. Your attention is offered an overview of the trials of "Russian hackers" in recent years.
Fraud
“When our routine payments end up with millions of dollars in the accounts of attackers, we are all victims,” the prosecutor’s office for the Western District of Washington said after a Seattle court sentenced Seleznev to 27 years in prison for cyber fraud.
It is fraud, carried out using a variety of scenarios, that is most often meant when it comes to cybercrimes committed by Russians in the United States. So, on this charge in March 2012, he was convicted - a member of a criminal group that staged virus attacks on American banks. Some of the criminals used fake foreign documents to open bank accounts and transfer stolen funds to these accounts, and kept 10% of this amount for themselves.
Another type of fraudulent scheme was used by a convicted person in January 2013 in the case of hacking the RBS WorldPay payment system. Having gained access to the data of credit cards of the owners, the attackers began to withdraw money from ATMs around the world. Horokhorin pleaded guilty, also saying that he was selling stolen information about bank cards and their holders on various forums on the Internet.
Laundering of money
In July 2016, Russian Vadim Polyakov was sentenced to a prison term of 4 to 12 years (depending on behavior). The criminal scheme, which included the theft of StubHub e-ticketing service users, the illegal sale of entertainment tickets and the transfer of criminal proceeds to PayPal accounts, was classified as money laundering and possession of stolen property.
Another Russian, also accused of money laundering, is awaiting a final decision on his extradition to the United States from Greece. Vinnik is accused of having received four billion dollars as an operator of the BTC-e cryptocurrency trading exchange and was doing business in the United States without complying with anti-money laundering laws.
Virus development
Some criminals, for example, have been convicted of creating malware that was used by other attackers.
Belorossov, known as "Rainerfox", sold Citadel malware designed to steal users' financial information. He was sentenced to 4 years and 6 months in prison in September 2015 on the same charge of cyber fraud.
Later, already in July 2017, he was also convicted, who was called a "mechanic" who worked on the virus. The damage from Citadel, which infected more than 11 million computers worldwide, is estimated at $500 million.
In April 2016, a court in Georgia sentenced to 9.5 years in prison for creating and distributing SpyEye, a malware that infected about 50 million computers worldwide. The program allowed attackers to remotely control infected computers and was popular with hackers due to the large number of options it offered.
In May of the same year, a court in New York ruled in the case of Nikita Kuzmin. He was accused of being involved in the creation of the Gozi computer virus that infected more than a million computers worldwide, including those of NASA. According to the prosecutor's office, Kuzmin used an unusual criminal scheme - he did not sell, but rented out his virus. By paying $500 for a week of using the program, the criminals could use the virus to earn money. Kuzmin spent three years and one month in custody pending a court decision, the judge credited this time and released Kuzmin after the verdict.
Another virus allegedly created by a Russian is NeverQuest. The US authorities are accused of creating a program that provides access to banking logins, which in turn allows criminals to gain access to victims' accounts. Now Lisov is awaiting extradition to the United States from Spain.
Botnets
Another common type of fraudulent scheme is the creation and management of a network of infected computers - the so-called. botnets. Owners may not be aware that an attacker is remotely using their computers for their own purposes: carrying out DDoS attacks, collecting information on infected devices, spreading spam, bitcoin mining, and other tasks.
One of the convicts in such a case was, convicted in July 2017 to 9 years and 2 months in prison. A court in Virginia found that a Russian who emigrated to the United States in 2007 ran botnets used to steal credit card details and other sensitive financial information. Tverdokhlebov was a member of elite Russian-language online forums for cybercriminals, where he offered a wide range of illegal services, including money laundering.
In August of the same year, a court in Minnesota found the Russian guilty of developing the Ebury botnet, which united over 25,000 computers around the world. The network was used to steal data from infected servers, including those located in the United States. As the court found, Senakh and his accomplices generated and redirected Internet traffic to promote fraudulent sites and distribute spam by e-mail.
A programmer from St. Petersburg, who was detained in Spain in April 2017, was charged with running the global spam botnet Kelihos. Since about 2010, Levashov has been administering a botnet that sent hundreds of millions of spam messages, according to the US Department of Justice. Levashov was on the list of "the ten worst spammers in the world."
Attacks on LinkedIn and Yahoo
The Czech Republic is considering the fate of a man arrested in Prague at the request of the United States in connection with a hacker attack on the social network LinkedIn and the theft of personal data of millions of its users in 2012. The attack became known only in the spring of 2017, when an unknown hacker announced that he had at his disposal the personal data of more than 100 million users (about a quarter of LinkedIn's entire customer base). In May 2016, the company confirmed the data theft.
US authorities also believe that FSB officers orchestrated the 2014 Yahoo hack. Charges of organizing a cyberattack on the American web giant were brought against the officer and his alleged boss.
It is assumed that the defendants stole the data of 500 million Yahoo users and spy on Russian journalists, politicians from the Russian Federation and the United States, as well as others. In December 2016, Dokuchaev was arrested by a Russian court in a treason case, and in November 2017, Canadian citizen Karim Baratov, who is considered the direct perpetrator of this attack, pleaded guilty in this case.
The issue of extradition
Returning to the case of Roman Seleznev and the diplomatic scandal that erupted around his detention, we should recall the circumstances under which it happened.
In July 2014, a Russian, the son of State Duma deputy Valery Seleznev, was detained in the Maldives by agents of the US secret service. Warrants for his arrest were authorized by a federal court in Washington in March 2011, in connection with charges against Seleznev of involvement in fraud.
Shortly after the arrest, the Russian was transported to the United States and taken into custody on the island of Guam in the Pacific Ocean. The Maldives agreed to detain the suspected hacker and turn him over to US law enforcement officials on the basis that Seleznev's name was on the Interpol database.
The Russian Foreign Ministry called Seleznev's detention on the territory of a third country and his delivery to the United States an "unfriendly step," and the defense of the accused defended precisely the version of the kidnapping of the Russian.
Prosecutors said that between 2009 and 2013, Seleznev, known as Track2, hacked payment device systems and stole millions of credit card details from more than 500 US companies.
Later, the stolen data was transferred to remote servers, where databases were formed from them for sale to other criminals. US authorities note that Seleznev mainly attacked small businesses, which in some cases could lead to their bankruptcy.
In August 2016, a Seattle jury found Seleznev guilty of cyber fraud, including the theft of credit card data and online scams, resulting in $170 million in losses. The Russian was found guilty on 38 of the 40 counts against him and was sentenced in April to 27 years in prison. The Russian Embassy in the United States called the verdict illegal and insists that a Russian citizen was kidnapped.
This trial was connected with only one of the cases against Seleznev. In December 2017, a court in the state of Georgia concluded on charges of participating in an organized crime group and conspiring to commit bank fraud.
According to the statement of the US Department of Justice, the Russian admitted that since January 2009 he was a member of the international group of cybercriminals Carder.su, which carried out transactions via the Internet with stolen credit cards and committed other fraudulent activities. As a result of the actions of the criminal organization, the victims lost more than $50 million.
At the moment, extradition to the United States threatens the Russians Yevgeny Nikulin, Stanislav Lisov, Petr Levashov and Alexander Vinnik.
In October 2017, the representative of the Deputy Foreign Minister of Russia, Alexei Meshkov, commented on the decisions of foreign courts: "We are categorically against the extradition of our citizens to foreign states, in this case to the United States. The US judicial system, in principle, does not comply with European law."
According to the author of The New York Times, in recent months Russia has begun to use a "new tactic" in such cases, seeking the extradition of the accused to its territory in order to prevent their extradition to the United States. Of particular interest to the United States authorities are the cases of Nikulin and Levashov, who are associated with alleged Russian interference in the 2016 presidential election, the journalist notes.
Wanted by the FBI
To conclude this list, it is worth noting that four Russians appear on the FBI's Most Wanted list under the "cybercrimes" category.
He is suspected of creating a computer code that allowed fraudsters to steal personal data of users, including bank card data, as well as hack bank security systems. According to the prosecution, Bogachev, known under the nickname Lucky12345, was part of a criminal group that "planned to steal millions of dollars belonging to users in the United States."
Another suspect was born in Riga in 1987 and is currently a Russian citizen. US authorities suspect Belan of having remotely accessed the networks of large American companies in Nevada and California in 2012 and 2013, stealing personal data and passwords for millions of accounts, after which he put the databases up for sale. Belan is also accused of involvement in the aforementioned attack on Yahoo.
American courts have repeatedly issued warrants for the arrest of Bogachev and Belan. In December 2016, US President Barack Obama imposed sanctions on both suspects, banning them from entering the country and seizing their bank accounts.
"Russian hackers" convicted in the USA in 2012-2017
|
№ |
First and last name |
Term of imprisonment |
Damage |
Detention country |
|
2 years |
$3,000,000 |
USA |
||
|
7 years and 3 months |
$9,000,000 |
France |
||
|
4 years and 6 months |
$500,000,000 |
Spain |
||
|
9 years and 6 months |
$1,000,000,000 |
USA |
||
|
Nikita Kuzmin |
3 years and a month |
$10,000,000+ |
USA |
|
|
3 years |
$100,000+ |
Switzerland |
||
|
Vadim Polyakov |
4-12 years old |
$1,000,000 |
Spain |
|
|
27 years |
$127,000,000 |
Maldives |
||
|
3 years |
<$5,000,000 |
USA |
||
|
year and 2 months |
<$5,000,000 |
USA |
||
|
2 years and 3 months |
<$5,000,000 |
USA |
||
|
9 years and 2 months |
<$23,000,000 |
USA |
||
|
5 years |
$500,000,000 |
Norway |
||
|
3 years and 8 months |
$1,000,000+ |
Finland |
"Russian hackers" awaiting trial in the US
|
№ |
First and last name |
Status |
Detention country |
|
Accused in absentia |
|||
|
Awaiting the verdict |
Netherlands |
||
|
Awaiting the verdict |
Netherlands |
||
|
Accused in absentia |
|||
|
Accused in absentia |
|||
|
Awaiting the verdict |
USA |
||
|
Pending Extradition |
One of the main news of the US election race is the hacking of the servers of the National Democratic Committee, which was blamed on hackers associated with the Russian authorities. Apparat explains what happened, who is suspected of hacking, and what Russian bears have to do with it.
What happened?
Unidentified attackers hacked into the mail server of the US Democratic National Committee (NDC) and in June 2016 transferred data from there to the WikiLeaks website. From the published documents, it appeared that the Democrats during the primaries did everything possible to win them Hillary Clinton, and not Bernie Sanders, a senator from Vermont, who suddenly gained great popularity.
A hacker named Guccifer 2.0 claimed responsibility for the attack. He presents himself as a resident of Romania and denies any connection with Russian state structures.
How did the actions of hackers affect the US elections?
The publication on Wikileaks caused a scandal. NDC Chair Debbie Wasserman-Schultz resigned. The revelations of hackers were used in their statements by Republican candidate Donald Trump. At one of the press conferences, he said: "Russia, if you can hear me now, I hope you are able to find 30 thousand missing emails" (Clinton's opponents believe that some of the letters from her hacked correspondence were destroyed).
Although there is no 100% proof that it was the Russian special services who organized the cyber attack, most officials and experts in recent months have not questioned this version. Largely due to this, for the first time since the collapse of the USSR, the Russian topic has become one of the main ones in the presidential debate. At the last - October 19 - Hillary Clinton said that the Kremlin is trying to influence the results of the US elections. According to her, never before in the history of the outside forces have taken such steps. “They are doing this [hacking the computers of American institutions] to help Donald Trump.”
The Republican nominee has repeatedly spoken approvingly of Vladimir Putin and promised closer relations between Washington and Moscow. After the DNC servers were hacked and the first suspicions of Russian hackers, a number of members of the Democratic establishment said that the attacks were carried out to compromise Clinton and the Democrats and help Trump win. Some publications sympathetic to Clinton directly called the billionaire an agent of the Kremlin. At the same time, they remembered that Trump’s adviser Paul Manafort used to help the ex-president of Ukraine Viktor Yanukovych, and another adviser, Michael Flynn, was on the 10th anniversary of the Russian propaganda channel RT, sat next to Vladimir Putin, and he was also paid for speaking.
Where does the version that “Russian hackers” stand behind the hack?
These are the findings of CrowdStrike, which the Democrats have asked to investigate the hack. The firm's specialists found out that NDC servers were hacked by two groups of hackers at once. According to CrowdStrike, both groups are linked to Russian intelligence agencies, one of which is the Main Intelligence Directorate (GRU). The first group is called Fancy Bear ("Fashion Bear"), the second - Cozy Bear ("Cozy Bear"). As the director of CrowdStrike explained in an interview with Esquire, these names reflect the classification system of hacker groups: “The bear is Russia, the panda is China, the tiger is India, and the kitten is Iran. The definitions of cozy and fancy reflect the methods used by hackers. For example, fancy is a reference to the Sofacy method, a virus that, when downloaded, is able to take control of the victim's computer.
The conclusions of CrowdStrike are confirmed by the Slovak company ESET. In connection with Russia, according to the company's specialists, indicates the schedule of activity of hackers, coinciding with the working day, Moscow time.
ESET followed Fancy Bear for two years. The company's specialists identified the handwriting of hackers. They first try to get the e-mail data of employees of the attacked institution using phishing. In March-September 2015, hackers sent almost 1,900 phishing messages. For the links, the hackers used the Bitly link shortening service. True, the attackers accidentally made the results of their work public.
The version about the Russian trace is also supported by an expert in the field of special services. According to him, the main problem is the search for "attribution", the identification of the initiators of the actions of hackers. Unlike China, cyberattacks in the interests of the Kremlin are often carried out by groups that are not formally related to the state.
Are you sure in the USA that the Russians hacked the NDC?
Unknown. Barack Obama's security adviser Lisa Monaco announced a possible response to "Russian cyber attacks", and the head of the US National Security Agency (NSA), Mike Rogers, spoke of "suspicions" against Russian intelligence agencies.
Who are Fancy Bear and Cozy Bear?
Both hacker groups have been known for a long time. For about 10 years, they have been attacking the servers of government and commercial institutions around the world. Fancy Bear as Sednit, Sofacy and APT 28. Among the latest victims of Fancy Bear are the website of the French TV channel TV5, the German Bundestag, Anonymous International and the International Anti-Doping Agency (WADA). From the latter, hackers stole information about the tests of athletes, which, in their opinion, indicates the bias of WADA, which weeded out part of the Russian Olympic team before the games in Rio. The choice of the object of the attack allowed experts to say that Fancy Bear is related to Russia. Cozy Bear is also called APT29.
And before, “Russian hackers” were suspected of attacks on American institutions?
Yes, and . In the fall of 2014, experts from FireEye announced that they had been finding traces of Russian hackers on US military computers for several years. Also "Russian hackers" in hacking the servers of the US State Department and the White House. The evidence of the connection of hackers with Russia in FireEye is the use of Cyrillic in the code and the time of activity of the attackers, which coincides with the working day in Moscow.
How do the Russian authorities react to statements from the United States?
After news of the White House break-in, Russian presidential spokesman Dmitry Peskov said that blaming Moscow for everything "has already become a sport." After the NDC hack, Vladimir Putin said that hackers' connections with anyone's authorities are "an absolutely difficult thing to verify, if at all possible to check it," and that "at the state level, we definitely do not deal with this [hacking]."
What can the US authorities do if Russia's involvement in cyber attacks is proven?
In April 2015, Barack Obama issued an executive order allowing financial sanctions against people and companies involved in cyberattacks on US government agencies, the banking and energy sectors. So far, he has never exercised this right, although after the NDC hack he was called to do so in Congress.
Who is Guccifer 2.0?
Unknown. He claims to live in Eastern Europe. Perhaps he is from Romania. He says that he is not connected with the Russian authorities. He also stated that he would not be easy to catch, that he had taken every precaution, and that he was not afraid of being caught. According to CrowdStrike, while corresponding with journalist Kevin Collier, he used a VPN to disguise his IP as French. The VPN provider was a company from Russia. According to NBC, Guccifer 2.0 worked with Cozy Bear.
What speaks against Moscow's involvement in the attack?
Firstly, the “Russian trace” is too obvious. It is not clear why the hackers set themselves up like that, sending data in documents from the Russian-language Word and code in Russian, and one of them had the nickname “Felix Edmundovich” (the name of the head of the Cheka Dzerzhinsky). According to Ilya Sachkov of Group IB, cybercriminals often deliberately insert text in a foreign language into the code so that suspicion falls on someone else. He says that Russian is often used by the Chinese, while Russians, on the contrary, use Mandarin Chinese.
Secondly, the absence of obvious traces. Andrey Soldatov writes: “Neither the authorship of the viruses, nor the location of the servers mean anything: the Syrian special services have been using a virus written by a French hacker to hack the Skype accounts of local activists for several years. And servers can be rented anonymously in many countries.” However, despite this, Soldatov is confident that the Russians were involved in the attack on the NDC servers.