Russians Hacked to Disrupt Doping, Poison Probes, U.S. Says
(Bloomberg) -- U.S. authorities accused seven Russian nationals of hacking attempts against anti sports-doping groups, the international soccer governing body and an anti-chemical weapons group, with the aim of disrupting efforts to investigate Russian activities.
The hackers also sought access to systems operated by Westinghouse Electric Corp., a designer of nuclear power equipment, according to an indictment unsealed Thursday in federal court in Western Pennsylvania.
The U.S. outlined hacks from 2014 through May that they said were carried out by Russians aligned with the military intelligence agency known as the GRU. Hours earlier, the U.K. and Dutch governments said they had foiled a Russian military intelligence operation involving some of the same Russians, who they said tried to gain intelligence about and counteract international probes into its activities.
Three of the hackers charged in the U.S. -- Ivan Yermakov, Dmitriy Badin and Artem Malyshev -- had shown up in a previous U.S. indictment. They were among a dozen Russians charged in July in relation to hacks of Democratic officials’ emails as part of Special Counsel Robert Mueller’s investigation into Russian election interference.
The other four hackers were the focus of an operation described by the Dutch government in which the Russians set up a listening post outside the office of a United Nations body examining evidence of a nerve-agent attack in the U.K. that’s been blamed on Russia. The men were apprehended and expelled by the Netherlands, Dutch Defense Minister Ank Bijleveld said in a briefing in The Hague.
“The joint U.K./Dutch intelligence operation led to four Russian GRU officers being caught red handed, while they attempted to breach the cyber security of the Organization for the Prohibition of Chemical Weapons,” Assistant Attorney General John Demers said.
The U.S. indictment describes intrusion methods similar to those allegedly used to influence the 2016 U.S. election, Demers said, this time to pursue Russia’s interests “through illegal influence and disinformation operations aimed at muddying or altering perceptions of the truth.”
‘Close Access’
The Dutch authorities said they had foiled a Russian cyber attack on the Organization for the Prohibition of Chemical Weapons as it probed the alleged use by Kremlin spies of a deadly nerve poison on British soil and Syria’s use of chemical weapons on its people.
They were caught conducting “close-access attacks” using equipment concealed in the trunk of their rented Citroen to disrupt computer networks at the OPCW, according to U.K. officials.
In the new U.S. indictment, prosecutors accused the seven of identity theft and conspiracy to commit wire fraud and launder money.
Among the goals of the conspiracy, the U.S. said, was to undermine and retaliate against anti-doping organizations that had publicly exposed Russian-sponsored doping by Russian athletes and to damage the reputation of clean athletes from other countries by falsely claiming they had used banned drugs.
Russian operatives flooded social and traditional media with the private medical information of more than 250 athletes from 30 countries in a way that inaccurately reflected or omitted the true purpose of that information, Demers said.
Some of the information on the athletes was released under the false auspices of a hactivist group called “Fancy Bears’ Hack Team,” the U.S. said.
Westinghouse Attack
The conspirators waged an attack against Westinghouse, the Pennsylvania-based manufacturer whose designs are the basis for about half of the world’s operating nuclear reactors. Justice Department officials at a news conference announcing the indictments wouldn’t say why Westinghouse was targeted by the Russians or whether the company’s systems had been breached.
The Russian hackers began researching the company in November 2014. Later they created a fake Westinghouse Internet domain and sent spear-phishing emails to company and private accounts to steal credentials from employees, prosecutors said.
The employees were involved in advanced nuclear reactor development and new reactor technology, the U.S. said. Since 2008, Westinghouse has supplied Ukraine with an increasing amount of nuclear fuel, they said.
“We have found no evidence that the phishing campaigns against employees to breach Westinghouse’s systems were successful,” said Sarah Cassella, a spokeswoman for Westinghouse. “We are cooperating with the Department of Justice regarding this matter but are unable to comment regarding the specifics of the case as it is an ongoing investigation.”
Weapons Group
The attempted attack against the OPCW by the four hackers expelled from the Netherlands occurred in April of this year, when they traveled to the country on Russian diplomatic passports and checked in to a hotel next to the organization’s headquarters, the U.S. said. The OPCW had held a meeting three days earlier, on April 7, to discuss the use of chemical weapons in Syria.
On April 11, two of the men, Oleg Sotnikov and Alexey Minin, rented a car and assembled hacking equipment in the car’s trunk that was capable of intercepting WiFi signals and harvesting user credentials, prosecutors said. Two days later, they parked the car adjacent to the organization’s property. The trunk was facing the OPCW and an antenna was aimed at the headquarters, covered by a jacket.
The operation was abandoned after Dutch intelligence officials disrupted it. While many details remain unclear, authorities recovered the backpack of a third man, Evgenii Serebriakov, that contained equipment to intercept WiFi signals. His equipment also contained an image placing him at the 2016 Summer Olympics in Rio, prosecutors said.
The case is U.S. v. Morenets, 18-cr-263, U.S. District Court, Western District of Pennsylvania (Pittsburgh).
©2018 Bloomberg L.P.