Russia hackers had targets worldwide, beyond US election

Friday, October 27, 2017, Vol. 41, No. 43

WASHINGTON (AP) — The hackers didn't just go after Hillary Clinton's presidential campaign.

They tried to break into the private email of the sitting U.S. secretary of state, attempted to steal the private correspondence of a manager working on Lockheed Martin's stealth fighter program, and sought to break into the accounts of thousands of others, including the punk band Pussy Riot and Russian opposition leader Alexei Navalny.

About 19,000 lines of data, recently shared by cybersecurity firm Secureworks, show that Fancy Bear — the hacking group blamed by U.S. intelligence agencies for disrupting last year's presidential election — tried to break into more than 4,700 Gmail inboxes between March 2015 and May 2016.

It's effectively a hit list — one that experts say points to the Kremlin.

"There is only one country whose interests this list would serve," said Keir Giles, the director of the Conflict Studies Research Center in Cambridge, England, and one of five experts who reviewed the AP's findings.

"Regardless of the inevitable denials from Moscow, it is the only explanation that makes sense," he said.

Russian officials have described claims that they orchestrated the hacking as "ludicrous" and "verging on fantasy." On Wednesday, Russian Deputy Foreign Minister Sergei Ryabkov said there was "not a single piece of evidence" to back the allegations.

But the Fancy Bear targets identified by the AP tell a different story. In more than 100 interviews, many blamed Moscow for the hacking.

"We have no doubts about who is behind these attacks," said Artem Torchinskiy, a Navalny lieutenant who was targeted by Fancy Bear in 2015. "I am sure these are hackers controlled by Russian secret services."

The largest groups of targets were in the United States, Ukraine, Russia, Georgia and Syria. The hackers tried to compromise employees of major U.S. defense contractors and attempted to steal the emails of more than 130 Democrats and members of Clinton's inner circle, including her campaign chairman John Podesta, whose correspondence was leaked in the closing days of the presidential race. Others targeted include then-Secretary of State John Kerry and former U.S. Army Gen. Wesley Clark.

They also tried to hack a swath of Ukrainian politicians, including Serhiy Leshchenko, who helped uncover the off-the-books payments allegedly made to Donald Trump campaign chairman Paul Manafort. Islamist rebels fighting the Russia-backed government of Syrian President Bashar Assad were targeted, too, as was Pussy Riot's Maria Alekhina.

Vasily Gatov, a U.S.-based Russian media analyst who was among those targeted by Fancy Bear, said the list provides a global context to the hack of the Democrats in early 2016.

"It complements the puzzle," said Gatov, who was initially skeptical of the idea that Russian intelligence had singled out the Democrats.

"Now I'm convinced."

Allegations that Fancy Bear works for Russia aren't new. But raw data has been hard to come by. The U.S. intelligence community has made little proof available publicly.

The hit list made its way to AP after Secureworks stumbled upon a Bitly account being used by Fancy Bear to craft its malicious emails.

Over the course of its reporting, the AP found a direct line from Fancy Bear to the leaks that rocked the presidential contest in its final stages. All the Democrats whose private correspondence was published in the run-up to the election had previously been targeted by Fancy Bear either at their professional Gmail addresses or through the Democratic National Committee, the AP found.

Even if only a fraction of the 4,700 Gmail accounts targeted by Fancy Bear were successfully hacked, the data drawn from them could run into terabytes — putting the operation in the same league as some of the largest leaks in journalistic history.

Merely identifying and sorting the targets took a team of six AP reporters eight weeks.

The AP's effort offers "a little feel for how much labor went into this" hacking endeavor, said Thomas Rid, a professor of strategic studies at Johns Hopkins University's School of Advanced International Studies.

He said the investigation should put to rest any theories like the one then-candidate Donald Trump floated last year that the hacks could be the work of "someone sitting on their bed that weighs 400 pounds."

"The notion that it's just a lone hacker somewhere is utterly absurd," said Rid.

___

Donn reported from Plymouth, Massachusetts. Myers reported from Chicago. Chad Day, Desmond Butler and Ted Bridis in Washington, Frank Bajak in Houston, Lori Hinnant in Paris, Maggie Michael in Cairo and Erika Kinetz in Shanghai contributed to this report. Novaya Gazeta reporters Nikolay Voroshilov, Yana Surinskaya and Roman Anin in Moscow also contributed.

____

Satter, Donn and Myers can be reached at:

http://raphaelsatter.com, https://twitter.com/jadonn7 and https://twitter.com/myersjustinc

___

Editor's Note: Satter's father, David Satter, is an author and Russia specialist who has been critical of the Kremlin. His emails were published last year by hackers and his account is on Secureworks' list of Fancy Bear targets.