US Says Russians Hacked Doping Agencies, Other Organizations
By Masood Farivar October 04, 2018
The U.S. Justice Department said Thursday that it had charged seven Russian intelligence officers with hacking the computer networks of international anti-doping agencies, as well as organizations investigating Russia's use of chemical agents.
Announcing the charges in Washington, Assistant Attorney General John Demers said the Russians belonged to GRU, Russia's military intelligence agency, and that three of them had been previously charged by special counsel Robert Mueller in connection with the hacking of Democratic computers during the 2016 U.S. presidential election.
But Demers, who heads the department's national security division, said the latest charges were not related to Mueller's investigation of Russian interference in the 2016 vote.
"Nonetheless, these two indictments charge overlapping groups of conspirators," Demers said at a news conference at the Justice Department." And they evince some of the same methods of computer intrusion and the same overarching Russian strategic goal: to pursue its interests through illegal influence and disinformation operations aimed at muddying or altering perceptions of the truth."
The seven Russian operatives were charged with computer hacking, wire fraud, aggravated identify theft and money laundering.
The alleged Russian cyber operation spanned from December 2014 to May 2018, targeting U.S. and international anti-doping agencies, sporting federations such as FIFA, anti-doping officials, and nearly 250 athletes from about 30 countries.
The agencies were targeted for exposing Russia's state-sponsored athlete doping program and their support for a ban on Russian athletes in the 2016 Summer Olympics and Paralympics in Rio de Janeiro, Brazil, while athletes' medical records were stolen for the purpose of publicizing them as part of an influence and disinformation campaign.
In addition, the Russians targeted Westinghouse Electric Corp., a U.S. nuclear energy company; the Organization for the Prohibition of Chemical Weapons, an international body investigating the use of chemical weapons in Syria and the March 2018 poisoning of Russian ex-spy Sergei Skripal and his daughter Yulia; and the Spiez Swiss Chemical Laboratory, an OPCW-accredited lab that analyzed the chemical agent connected to the poisonings of Skripal and others in Britain.
FBI Director Christopher Wray said the bureau worked closely with law enforcement agencies in other countries to identify the Russian operatives and disrupt their operation.
"The actions of these seven hackers, all working as officials for the Russian government, were criminal, retaliatory and damaging to innocent victims and the United States' economy, as well as to world organizations," Wray said in a statement.
In a joint statement, British Prime Minister Theresa May and her Dutch counterpart, Mark Rutte, condemned what they called the GRU's "unacceptable cyber activities."
"This attempt to access the secure systems of an international organization working to rid the world of chemical weapons demonstrates the GRU's disregard for the global values and rules that keep us all safe," May and Rutte said in a statement.
Russia's Foreign Ministry called the allegations "fantasies."
The alleged operation was often carried out remotely from Russia, with operatives using common hacking techniques such as spear-phishing victims into disclosing their log-in credentials. But when these methods proved fruitless, "close access" teams of skilled cyber agents would be dispatched to targets around the world to conduct on-site computer penetrations via local Wi-Fi networks, according to the indictment.
In one instance, two GRU agents – Aleksei Sergeyevich Morenets and Yevgenny Serebiakov – allegedly deployed to Rio de Janeiro in the summer of 2016 to conduct hacking operations on visiting doping officials by penetrating local Wi-Fi networks.
In another case, the two agents allegedly traveled to Lausanne, Switzerland, later that year to hack the computer network of a hotel hosting an anti-doping conference.
"After a successful hacking operation, the close access team transferred such access to conspirators in Russia for exploitation," according to the indictment.
The Russians then used social media accounts maintained by a special GRU unit to publicly release the athletes' medical records and other information through a fake hacktivist group calling itself "The Fancy Bears' Hack Team."
To enhance public exposure, the defendants allegedly exchanged emails and private messages with about 186 reporters, according to the indictment.
The cyberattack on the computer networks of the chemical weapons watchdog occurred in May 2018 after the poisoning of Skripal. Prosecutors said the four agents involved in the operation planned to travel on to Spiez, Switzerland, before being caught by Dutch security forces and expelled from the country.
Joseph Campbell, a director at Navigant Consulting in Washington, said the FBI's ability to identify the GRU operatives "indicates it's a very in-depth investigation."
While it's highly unlikely that the Russians will ever stand trial in the U.S., Campbell, a former FBI assistant director, said the operatives can now be sanctioned by the United States, severely limiting their ability to travel abroad and engage in business.
|Join the GlobalSecurity.org mailing list|