The fur is not gonna fly: Uncle Sam charges seven Russians with Fancy Bear hack sprees

Largely pointless, since they're never going to stand trial


In what's turning into International Cyber-Attribution Week, a US federal grand jury has indicted seven alleged Russian military intelligence officers – and accused them of hacking anti-doping watchdogs, sports officials, and others.

Four of the men are said to be part of a hacking operation, run by Kremlin spy agency GRU, that fell foul of Dutch intelligence. The Feds today named the seven as Dmitriy Sergeyevich Badin, Artem Andreyevich Malyshev, Alexey Valerevich Minin, Aleksei Sergeyevich Morenets, Evgenii Mikhaylovich Serebriakov, Oleg Mikhaylovich Sotnikov, and Ivan Sergeyevich Yermakov.

All seven were, it is claimed, part of GRU's Fancy Bear hacking team that infiltrated the World Anti-Doping Agency's computers in 2016, and other organizations. They are charged with computer hacking, wire fraud, aggravated identity theft, and money laundering.

The FBI said the accused conducted “computer hacking activity spanning from 2014 through May of 2018, including the computer intrusions of the United States Anti-Doping Agency (USADA), the World Anti-Doping Agency (WADA), and other victim entities during the 2016 Summer Olympics and Paralympics and afterwards.”

Pink Panther

Dutch cheesed off with Russians, expel four suspects over chemical weapons Wi-Fi spying

READ MORE

American prosecutors added that Westinghouse Electric Company and FIFA were also victims of the Fancy Bear cyber-attacks, in which hackers tried to get into their computer networks. The group allegedly created fictitious personas and used proxy servers to research their victims, sent spear-phishing emails, and ran backend servers to command and control malware infections.

If a victim didn't fall for their remote attacks (or, as the prosecutors noted, “accounts that were successfully compromised [that] did not have the necessary access privileges”), Morenets, Serebriakov, Sotnikov, and Minin allegedly set about accumulating frequent-flyer points. They would travel to where desirable servers and networks were located, break into Wi-Fi networks connected to those systems, and if the operation was successful, “the close access team transferred such access to conspirators in Russia for exploitation,” it is claimed.

In 2016, they leaked stolen private information about 250 athletes from 30 countries to journalists via email and Twitter as part of a GRU disinformation campaign, prosecutors claimed.

The charge sheet also provided detailed allegations of the team's April 2018 attempt to compromise the investigation into recent Novichok attacks in Salisbury, England. Morenets, Serebriakov, Sotnikov, and Minin used diplomatic passports to travel to The Hague in the Netherlands, in an attempt to break into the Wi-Fi network of the Organisation for the Prohibition of Chemical Weapons, which was probing the poisonings.

They intended, it is claimed, to continue to Spiez in Switzerland, home of the Spiez Swiss Chemical Laboratory, which was analyzing “military chemical agents, including the chemical agent that the United Kingdom authorities connected to the poisoning of a former GRU officer in that country” – the Novichok used against ex-GRU agent Sergei Skripal and his daughter Yulia, in other words.

A troll emerging from a nesting doll

UK pins 'reckless campaign of cyber attacks' on Russian military intelligence

READ MORE

“Data obtained from at least one item of equipment confirmed its operational use at multiple locations around the world, including connections to the Wi-Fi network of the CCES official’s hotel in Switzerland (the dates the conspirators conducted the Wi-Fi compromise of the senior CCES official’s laptop at the same hotel), and at another hotel in Kuala Lumpur, Malaysia in December 2017”, the prosecution stated.

The full indictment is here. It also details the alleged agents' use of Bitcoin to buy computer kit, and how they registered spoof domains to try and gather information (these included wada.awa.org and wada.arna.org to try and trap users looking for the legitimate wada.ama.org, and westinqhousenuclear.com, substituting a q for the g.

The indictments have been welcomed by the governments of Britain, the Netherlands, Canada, Australia, and New Zealand.

Since none of those named are present in America, we're unlikely to see a trial any time soon. ®

Similar topics

Narrower topics


Other stories you might like

  • Experts: AI should be recognized as inventors in patent law
    Plus: Police release deepfake of murdered teen in cold case, and more

    In-brief Governments around the world should pass intellectual property laws that grant rights to AI systems, two academics at the University of New South Wales in Australia argued.

    Alexandra George, and Toby Walsh, professors of law and AI, respectively, believe failing to recognize machines as inventors could have long-lasting impacts on economies and societies. 

    "If courts and governments decide that AI-made inventions cannot be patented, the implications could be huge," they wrote in a comment article published in Nature. "Funders and businesses would be less incentivized to pursue useful research using AI inventors when a return on their investment could be limited. Society could miss out on the development of worthwhile and life-saving inventions."

    Continue reading
  • Declassified and released: More secret files on US govt's emergency doomsday powers
    Nuke incoming? Quick break out the plans for rationing, censorship, property seizures, and more

    More papers describing the orders and messages the US President can issue in the event of apocalyptic crises, such as a devastating nuclear attack, have been declassified and released for all to see.

    These government files are part of a larger collection of records that discuss the nature, reach, and use of secret Presidential Emergency Action Documents: these are executive orders, announcements, and statements to Congress that are all ready to sign and send out as soon as a doomsday scenario occurs. PEADs are supposed to give America's commander-in-chief immediate extraordinary powers to overcome extraordinary events.

    PEADs have never been declassified or revealed before. They remain hush-hush, and their exact details are not publicly known.

    Continue reading
  • Stolen university credentials up for sale by Russian crooks, FBI warns
    Forget dark-web souks, thousands of these are already being traded on public bazaars

    Russian crooks are selling network credentials and virtual private network access for a "multitude" of US universities and colleges on criminal marketplaces, according to the FBI.

    According to a warning issued on Thursday, these stolen credentials sell for thousands of dollars on both dark web and public internet forums, and could lead to subsequent cyberattacks against individual employees or the schools themselves.

    "The exposure of usernames and passwords can lead to brute force credential stuffing computer network attacks, whereby attackers attempt logins across various internet sites or exploit them for subsequent cyber attacks as criminal actors take advantage of users recycling the same credentials across multiple accounts, internet sites, and services," the Feds' alert [PDF] said.

    Continue reading

Biting the hand that feeds IT © 1998–2022