Russia hackers had targets worldwide

The Russian hackers who targeted the U.S. presidential election had targets outside Hillary Clinton’s campaign

Russia hackers had targets worldwide

The hackers who upended the U.S. presidential election had ambitions well beyond Hillary Clinton’s campaign, targeting the emails of Ukrainian officers, Russian opposition figures, U.S. defence contractors and thousands of others of interest to the Kremlin, according to a previously unpublished digital hit list obtained by The Associated Press.

The list provides the most detailed forensic evidence yet of the close alignment between the hackers and the Russian government, exposing an operation that stretched back years and tried to break into the inboxes of 4,700 Gmail users across the globe — from the pope’s representative in Kyiv to the punk band Pussy Riot in Moscow.

“It’s a wish list of who you’d want to target to further Russian interests,” said Keir Giles, director of the Conflict Studies Research Center in Cambridge, England, and one of five outside experts who reviewed the AP’s findings. He said the data was “a master list of individuals whom Russia would like to spy on, embarrass, discredit or silence.”

The AP findings draw on a database of 19,000 malicious links collected by cybersecurity firm Secureworks, dozens of rogue emails, and interviews with more than 100 hacking targets.

Secureworks stumbled upon the data after a hacking group known as Fancy Bear accidentally exposed part of its phishing operation to the internet. The list revealed a direct line between the hackers and the leaks that rocked the presidential contest in its final stages, most notably the private emails of Clinton campaign chairman John Podesta.

The issue of who hacked the Democrats is back in the national spotlight following the revelation Monday that a Donald Trump campaign official, George Papadopoulos, was briefed early last year that the Russians had “dirt” on Clinton, including “thousands of emails.”

Kremlin spokesman Dmitry Peskov called the notion that Russia interfered “unfounded.” But the list examined by AP provides powerful evidence that the Kremlin did just that.

“This is the Kremlin and the general staff,” said Andras Racz, a specialist in Russian security policy at Pazmany Peter Catholic University in Hungary, as he examined the data.

“I have no doubts.”

___

THE NEW EVIDENCE

Secureworks’ list covers the period between March 2015 and May 2016. Most of the identified targets were in the United States, Ukraine, Russia, Georgia and Syria.

In the United States, which was Russia’s Cold War rival, Fancy Bear tried to pry open at least 573 inboxes belonging to those in the top echelons of the country’s diplomatic and security services: then-Secretary of State John Kerry, former Secretary of State Colin Powell, then-NATO Supreme Commander, U.S. Air Force Gen. Philip Breedlove, and one of his predecessors, U.S. Army Gen. Wesley Clark.

The list skewed toward workers for defence contractors such as Boeing, Raytheon and Lockheed Martin or senior intelligence figures, prominent Russia watchers and — especially — Democrats. More than 130 party workers, campaign staffers and supporters of the party were targeted, including Podesta and other members of Clinton’s inner circle.

The AP also found a handful of Republican targets.

Podesta, Powell, Breedlove and more than a dozen Democratic targets besides Podesta would soon find their private correspondence dumped to the web. The AP has determined that all had been targeted by Fancy Bear, most of them three to seven months before the leaks.

“They got two years of email,” Powell recently told AP. He said that while he couldn’t know for sure who was responsible, “I always suspected some Russian connection.”

In Ukraine, which is fighting a grinding war against Russia-backed separatists, Fancy Bear attempted to break into at least 545 accounts, including those of President Petro Poroshenko and his son Alexei, half a dozen current and former ministers such as Interior Minister Arsen Avakov and as many as two dozen current and former lawmakers.

The list includes Serhiy Leshchenko, an opposition parliamentarian who helped uncover the off-the-books payments allegedly made to Trump campaign chairman Paul Manafort — whose indictment was unsealed Monday in Washington.

In Russia, Fancy Bear focused on government opponents and dozens of journalists. Among the targets were oil tycoon-turned-Kremlin foe Mikhail Khodorkovsky, who spent a decade in prison and now lives in exile, and Pussy Riot’s Maria Alekhina. Along with them were 100 more civil society figures, including anti-corruption campaigner Alexei Navalny and his lieutenants.

“Everything on this list fits,” said Vasily Gatov, a Russian media analyst who was himself among the targets. He said Russian authorities would have been particularly interested in Navalny, one of the few opposition leaders with a national following.

Many of the targets have little in common except that they would have been crossing the Kremlin’s radar: an environmental activist in the remote Russian port city of Murmansk; a small political magazine in Armenia; the Vatican’s representative in Kyiv; an adult education organization in Kazakhstan.

“It’s simply hard to see how any other country would be particularly interested in their activities,” said Michael Kofman, an expert on Russian military affairs at the Woodrow Wilson International Center in Washington. He was also on the list.

“If you’re not Russia,” he said, “hacking these people is a colossal waste of time.”

___

WORKING 9 TO 6 MOSCOW TIME

Allegations that Fancy Bear works for Russia aren’t new. But raw data has been hard to come by.

Researchers have been documenting the group’s activities for more than a decade and many have accused it of being an extension of Russia’s intelligence services. The “Fancy Bear” nickname is a none-too-subtle reference to Russia’s national symbol.

In the wake of the 2016 election, U.S. intelligence agencies publicly endorsed the consensus view, saying what American spooks had long alleged privately: Fancy Bear is a creature of the Kremlin.

But the U.S. intelligence community provided little proof, and even media-friendly cybersecurity companies typically publish only summaries of their data.

That makes the Secureworks’ database a key piece of public evidence — all the more remarkable because it’s the result of a careless mistake.

Secureworks effectively stumbled across it when a researcher began working backward from a server tied to one of Fancy Bear’s signature pieces of malicious software.

He found a hyperactive Bitly account Fancy Bear was using to sneak thousands of malicious links past Google’s spam filter. Because Fancy Bear forgot to set the account to private, Secureworks spent the next few months hovering over the group’s shoulder, quietly copying down the details of the thousands of emails it was targeting.

The AP obtained the data recently, boiling it down to 4,700 individual email addresses, and then connecting roughly half to account holders. The AP validated the list by running it against a sample of phishing emails obtained from people targeted and comparing it to similar rosters gathered independently by other cybersecurity companies, such as Tokyo-based Trend Micro and the Slovakian firm ESET.

The Secureworks data allowed reporters to determine that more than 95 per cent of the malicious links were generated during Moscow office hours — between 9 a.m. and 6 p.m. Monday to Friday.

The AP’s findings also track with a report that first brought Fancy Bear to the attention of American voters. In 2016, a cybersecurity company known as CrowdStrike said the Democratic National Committee had been compromised by Russian hackers, including Fancy Bear.

Secureworks’ roster shows Fancy Bear making aggressive attempts to hack into DNC technical staffers’ emails in early April 2016 — exactly when CrowdStrike says the hackers broke in.

And the raw data enabled the AP to speak directly to the people who were targeted, many of whom pointed the finger at the Kremlin.

“We have no doubts about who is behind these attacks,” said Artem Torchinskiy, a project co-ordinator with Navalny’s Anti-Corruption Fund who was targeted three times in 2015. “I am sure these are hackers controlled by Russian secret services.”

___

THE MYTH OF THE 400-POUND MAN

Even if only a small fraction of the 4,700 Gmail accounts targeted by Fancy Bear were hacked successfully, the data drawn from them could run into terabytes — easily rivaling the biggest known leaks in journalistic history.

For the hackers to have made sense of that mountain of messages — in English, Ukrainian, Russian, Georgian, Arabic and many other languages — they would have needed a substantial team of analysts and translators. Merely identifying and sorting the targets took six AP reporters eight weeks of work.

The AP’s effort offers “a little feel for how much labour went into this,” said Thomas Rid, a professor of strategic studies at Johns Hopkins University’s School of Advanced International Studies.

He said the investigation should put to rest any theories like the one then-candidate Donald Trump floated last year that the hacks could be the work of “someone sitting on their bed that weighs 400 pounds.”

“The notion that it’s just a lone hacker somewhere is utterly absurd,” Rid said.

___

Donn reported from Plymouth, Massachusetts. Myers reported from Chicago. Chad Day, Desmond Butler and Ted Bridis in Washington, Frank Bajak in Houston, Lori Hinnant in Paris, Maggie Michael in Cairo and Erika Kinetz in Shanghai contributed to this report. Novaya Gazeta reporters Nikolay Voroshilov, Yana Surinskaya and Roman Anin in Moscow also contributed.

____

Satter, Donn and Myers can be reached at:

http://raphaelsatter.com, https://twitter.com/jadonn7 and https://twitter.com/myersjustinc

___

Editor’s Note: Satter’s father, David Satter, is an author and Russia specialist who has been critical of the Kremlin. His emails were published last year by hackers and his account is on Secureworks’ list of Fancy Bear targets.

Raphael Satter, Jeff Donn And Justin Myers, The Associated Press

Just Posted

CVSE officer checking out all the trucks before the convoy, which started at Riverlodge Recreational Centre in Kitimat BC and finished at the George Little Park in Terrace BC. (Jacob Lubberts photo)
VIDEO: Kitimat truck drivers rally together in honour of 215 bodies discovered at Kamloops Residential School

The convoy started at Riverlodge Recreational Centre and finished at the George Little Park

Coast Mountains School District No. 82 acting superintendent of schools, Janet Meyer, talks about policies and procedures relating to the death of Diversity Morgan, a LGBTQ+ student. (Black Press file)
School District 82 to revisit policy after transgender student’s death

Diversity’ death has created a deeper resolve for CMSD 82 to continue doing the work they started

FILE – Perry Bellegarde, National Chief of the Assembly of First Nations, takes part in an event on Parliament Hill in Ottawa on Tuesday, July 7, 2020. THE CANADIAN PRESS/Sean Kilpatrick
Indigenous Peoples Day must be a ‘call to action’, says Assembly of First Nations chief

Discovery of children at Kamloops residential school site must lead to change, Perry Bellegarde says

Outside the Kitimat RCMP police station, Diversity Morgan’s family and Kitimat RCMP come together for a pride flag-raising ceremony. (Jacob Lubberts photo)
With heavy hearts, the Kitimat RCMP hosted a pride flag ceremony to highlight the RCMP’s commitment to inclusion and diversification, as well as honouring the passing of 15-year-old transgender student, Diversity Morgan, from Kitimat.
Speeches were given by Staff Sergeant Graham Morgan, Mayor Phil Germuth, Haisla Nation Chief Councillor Crystal Smith, and Diversity’s father, Mike Wilson.
“We are gathered here for the pride flag ceremony, but in my mind, we’re gathered here in solidarity for anyone who’s ever experienced prejudice or discrimination. […] Today we celebrate what makes us all unique individuals,” Mayor Phil Germuth said in his speech at the pride flag ceremony.
Struggling to get the words out, Crystal Smith, Haisla Nation’s chief councillor, emphasized her condolences to Diversity’s family in her speech sharing her similar experiences as well as acknowledging the need for education around these subjects.
Diversity’s father, Mike Wilson, said he wished that everyone was there under different circumstances but was grateful to see the turnout and the support from the community.
In honour of Diversity, the Kitimat RCMP also lowered their Canadian flag to half-mast, to bring awareness for people who are experiencing discrimination and are in need of additional support.
The Kitimat RCMP also stated that they will be lowering their Canadian flag around this time every year as a visual representation of LGBTQ+.
Kitimat Save-On-Foods also donated water and snacks for the ceremony.
Kitimat RCMP host pride flag ceremony in memory of Diversity Morgan

“We’re gathered here in solidarity for anyone who’s ever experienced prejudice or discrimination”

(Haisla First Nation logo)
Haisla Nation host walk for strength and series of virtual sessions for Indigenous History Month

The purpose of the walk is to bring Haisla Nation members together and show their collective support

The border crossing into the United States is seen during the COVID-19 pandemic in Lacolle, Que. on February 12, 2021. THE CANADIAN PRESS/Paul Chiasson
VIDEO: Border quarantine to soon lift for fully vaccinated Canadians

Eligible travellers must still take multiple COVID-19 tests

Fans watch the warm-up before Game 6 between the Toronto Maple Leafs and the Montreal Canadiens in NHL playoff hockey action Saturday, May 29, 2021 in Montreal. Quebec’s easing of COVID-19 restrictions will allow 2,500 fans to attend the game for the first time in fourteen months. THE CANADIAN PRESS/Ryan Remiorz
Two-thirds of Canadians say governments shouldn’t lift all COVID-19 restrictions

Poll reports Canadians who gained pandemic weight say they have gained 16 pounds on average

Paul Bernardo is shown in this courtroom sketch during Ontario court proceedings via video link in Napanee, Ont., on October 5, 2018. Teen killer and serial rapist Paul Bernardo is set for a parole hearing today. The designated dangerous offender, has been eligible for full parole for more than three years. Bernardo’s horrific crimes in the 1980s and early 1990s include for kidnapping, torturing and killing Kristen French and Leslie Mahaffy near St. Catharines, Ont. THE CANADIAN PRESS/Greg Banning
Killer rapist Paul Bernardo faces parole hearing today; victim families opposed

Designated dangerous offender has been eligible for full parole for more than three years.

People look over the damage after a tornado touched down in Mascouche, Que., north of Montreal, Monday, June 21, 2021. Dozens of homes were damaged and one death has been confirmed. THE CANADIAN PRESS/Ryan Remiorz
One dead and extensive damage as tornado hits Mascouche, Que., north of Montreal

Damage reported in several parts of the city, and emergency teams dispatched to sectors hardest hit

Chilliwack secondary school’s principal is apologizing after a quote equating graduation with the end of slavery in the U.S. was included in the 2020-2021 yearbook. (Screenshot from submitted SnapChat)
B.C. student’s yearbook quote equates grad to end of slavery; principal cites editing error

Black former student ‘disgusted’ as CSS principal apologizes for what is called an editing error

Skeena MLA Ellis Ross. (Photo by Peter Versteege)
BC Liberal leadership candidate condemns ‘senseless violence’ of Okanagan church fires

Skeena MLA Ellis Ross says reconciliation isn’t about revenge for past tragedies

A coroner’s inquest will be taking place at the Capitol Theatre in Port Alberni for the next week. (ELENA RARDON / ALBERNI VALLEY NEWS)
Teen B.C. mom who died following police custody recalled as ‘friend to many’

Police sent Jocelyn George to hospital after intoxication had gone ‘beyond the realm’ of normal detox

FILE - In this Nov. 29, 2020, file photo, Las Vegas Raiders defensive end Carl Nassib leaves the field after an NFL football game against the Atlanta Falcons in Atlanta. Nassib on Monday, June 21, 2021, became the first active NFL player to come out as gay. Nassib announced the news on Instagram, saying he was not doing it for the attention but because “I just think that representation and visibility are so important.” (AP Photo/John Bazemore, File)
Nassib becomes first active NFL player to come out as gay

More than a dozen NFL players have come out as gay after their careers were over

Penticton Indian Band Chief Greg Gabriel speaks to the Sacred Hearts Catholic Church burning down early Monday morning, June 21, 2021. (Monique Tamminga Western News)
Penticton band chief condemns suspicious burning of 2 Catholic churches

Both Catholic church fires are deemed suspicious, says RCMP

Most Read