This article is from the source 'nytimes' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.

You can find the current article at its original source at https://www.nytimes.com/2020/10/19/homepage/russian-intelligence-cyberattacks.html

The article has changed 6 times. There is an RSS feed of changes available.

Version 2 Version 3
U.S. Charges Russian Intelligence Officers in Major Cyberattacks U.S. Charges Russian Intelligence Officers in Major Cyberattacks
(about 4 hours later)
The Justice Department on Monday announced indictments of six Russian military intelligence officers in connection with major hacks worldwide, including of the Winter Olympics and elections in France as well as an attack in 2017 aimed at destabilizing Ukraine that spread rapidly and was blamed for billions of dollars in damage. The Justice Department on Monday unsealed charges accusing six Russian military intelligence officers of an aggressive worldwide hacking campaign that caused mass disruption and cost billions of dollars by attacking targets like a French presidential election, the electricity grid in Ukraine and the opening ceremony of the 2018 Winter Olympics.
Prosecutors said the suspects were from the same Russian unit that conducted one of the Kremlin’s major operations to interfere in the 2016 American election: the theft of Democratic emails. They attacked the 2017 French presidential elections; targeted British authorities investigating the poisoning of a Russian former intelligence operative and the 2018 Winter Olympics in Pyeongchang, South Korea; and hacked the Ukrainian Parliament, finance ministry and electrical grid, according to court documents. Prosecutors said the suspects were from the same unit that helped distribute stolen Democratic emails in the 2016 election. Though Justice Department officials played down the timing of the announcement two weeks before the presidential election, it nevertheless served as American officials’ latest censure of Russia’s hostile intrusions into other countries’ affairs, even as President Trump has adopted a more accommodating stance toward Moscow.
The case was another effort by Trump administration officials to punish Russia for its meddling in other countries’ affairs, even as President Trump has adopted a more accommodating stance toward Moscow. The charges did not address 2020 election interference; American intelligence agencies have assessed that Russia is trying to influence the vote in November. The prosecutors focused on seven breaches that together showed how Russia sought in recent years to use its hacking abilities to undermine democratic institutions and ideals, retaliate against enemies and destroy rival economies.
“No country has weaponized its cybercapabilities as maliciously or irresponsibly as Russia, wantonly causing unprecedented damage to pursue small tactical advantages and to satisfy fits of spite,” said John C. Demers, the assistant attorney general for national security.“No country has weaponized its cybercapabilities as maliciously or irresponsibly as Russia, wantonly causing unprecedented damage to pursue small tactical advantages and to satisfy fits of spite,” said John C. Demers, the assistant attorney general for national security.
In a dig at President Vladimir V. Putin’s claims that he is restoring Russia to greatness, Mr. Demers added, “No nation will recapture greatness while behaving in this way.” He added, “Their cyberattack combined the emotional maturity of a petulant child with the resources of a nation-state.”
Prosecutors said the suspects worked for Unit 74455 of the Russian Main Intelligence Directorate, commonly referred to as the G.R.U. Known among cybersecurity analysts as Sandworm, the unit worked hand in hand with another G.R.U. unit, known as Fancy Bear, to leak Democrats’ stolen emails during the 2016 election, embarrassing Hillary Clinton’s campaign in the final stretch. A spokesman for the Russian Embassy in Washington did not return an email seeking comment. Russians officials, including President Vladimir V. Putin, have long maintained that they have no role in hacking, saying that the claims are disinformation devised to undermine the country’s standing in the world.
One of the suspects charged in the newly unsealed indictments, Anatoliy Sergeyevich Kovalev, was indicted two years ago on charges announced by the special counsel, Robert S. Mueller III, over his suspected role in the 2016 election meddling. Prosecutors said the suspects worked for Unit 74455 of the Russian intelligence Main Directorate, commonly referred to as the G.R.U. Known among cybersecurity analysts as Sandworm, the unit worked hand in hand with another G.R.U. unit to leak Democrats’ stolen emails during the 2016 election, embarrassing Hillary Clinton’s campaign in the final stretch.
It was unclear whether the Russian officers would stand trial for the charges. Moscow is highly unlikely to hand them over to be prosecuted. But the charges could potentially restrict their travels, and they could be arrested if they enter a country willing to turn them over to the United States. Cybersecurity and national security experts had long argued that the Russians were behind the hacks that prosecutors detailed on Monday. But the indictment was the first time a major law enforcement agency made the allegation, bolstering the hacking unit’s notoriety as one of the most audacious in the world.
One of the intrusions that the Justice Department focused on was the 2017 attempt to interfere in the French presidential election. That year, hackers released stolen documents just as voting was beginning, aiming to hurt Emmanuel Macron in his race against Marine Le Pen, a far-right candidate supported by Moscow. “The G.R.U.’s hackers operate as a strategic arm of the Russian state, and they have been using this cybertool as a military weapon in a military campaign,” said Thomas P. Bossert, Mr. Trump’s first homeland security adviser, who is now the president of the security firm Trinity Cyber.
Security researchers at the time quickly blamed Russia for the hack-and-dump. One of the suspects charged in the newly unsealed indictments, Anatoliy Sergeyevich Kovalev, was indicted two years ago on charges announced by the special counsel, Robert S. Mueller III, over the 2016 election hacks. Mr. Kovalev was accused of playing a role in hacking election administration infrastructure alongside a larger scheme by other G.R.U. officers indicted in the thefts and release of emails from Democratic computer networks.
But unlike the Russian work in the 2016 American election, the French operation mixed genuine documents with altered material. The French news media largely ignored the stolen documents, in part because of questions of their authenticity, but also because France was in a government-mandated blackout period immediately before the vote. The new charges did not address 2020 election interference; American intelligence agencies have assessed that Russia is trying to influence the vote in November.
The charges also showed the limits of the United States’ power to deter Russia. Many of the breaches occurred after the United States imposed sanctions and publicly rebuked Russia over its 2016 election sabotage, and it is highly unlikely that the Kremlin will hand over the intelligence officers to stand trial in American courts.
Among the operations that the Justice Department cited was the release of stolen documents just as voting was beginning in France’s presidential election in 2017, an apparent bid to hurt Emmanuel Macron in his eventual victory against Marine Le Pen, a far-right candidate supported by Moscow. Security researchers at the time quickly blamed Russia.
Unlike the distribution of hacked emails in the 2016 American election, the French operation mixed genuine documents with altered material. The French news media largely ignored the stolen documents, in part because of questions of their authenticity, but also because France was in a government-mandated blackout period immediately before the vote.
American officials have warned that Russia could repeat those tactics in the presidential race in the United States this year, mixing falsified material with real stolen documents in a way that is difficult to tell fact from fiction.American officials have warned that Russia could repeat those tactics in the presidential race in the United States this year, mixing falsified material with real stolen documents in a way that is difficult to tell fact from fiction.
The indictments showed how the hacking unit became emboldened after its success interfering in the 2016 American election, despite the resulting furor and the Obama administration’s decision to punish and publicly rebuke Russia for its role. The indictment also portrayed Russia as determined to disrupt the 2018 Winter Olympics in Pyeongchang, South Korea, in retaliation for its embarrassing ban from the Olympics over its systemic efforts to undermine antidoping rules.
The G.R.U. for months sent spoofed emails to members of the International Olympic Committee, athletes and other companies, posing as Olympics or Korean government officials to trick the recipients into giving them access to key Olympics infrastructure. At one point, they hacked a company that provided time-keeping services to the Olympics, court papers showed.
Having laid their trap, the Russian officers attacked the opening ceremony of the Games, taking down internet access and telecasts, grounding broadcasters’ drones, shutting Olympics websites and preventing spectators from attending the opening ceremony.
Security experts labeled the attack Sour Grapes for its spiteful nature.
“If you were under the impression that, after 2016, they hung it up and gave up their aggressive behavior, the fact they hacked the Olympics should disabuse you of that notion,” said John Hultquist, the director of threat intelligence at FireEye, the Silicon Valley cybersecurity firm. “It was a vindictive attack. There was no clear geopolitical reason to do that. And it impacted the entire international community.”“If you were under the impression that, after 2016, they hung it up and gave up their aggressive behavior, the fact they hacked the Olympics should disabuse you of that notion,” said John Hultquist, the director of threat intelligence at FireEye, the Silicon Valley cybersecurity firm. “It was a vindictive attack. There was no clear geopolitical reason to do that. And it impacted the entire international community.”
The 2018 hack of the Pyeongchang Olympics, which took out internet access and telecasts, grounded broadcasters’ drones, shut down Olympics websites and prevented spectators from attending the opening ceremony. Experts had initially blamed North Korea for the attack but later determined that the G.R.U. used North Korean hacking tools to throw off investigators.
At the time, security experts named the attack Sour Grapes because they believed it was conducted by Russians out of spite for the Olympic Committee banning its athletes from participating in the Games after systemic violations of antidoping rules. As the Justice Department unsealed the indictment on Monday, British officials also revealed new details of a similar Russian plot to disrupt the Tokyo Olympics that had been scheduled for this summer but were postponed until 2021 because of the coronavirus. Britain’s foreign secretary, Dominic Raab, condemned the attacks as “cynical and reckless.”
The suspects were also responsible for developing malware used in two attacks on Ukraine’s power grid, according to the court documents. The first attack, on Dec. 23, 2015, infiltrated Ukrainian energy companies, cutting power for hours to over 200,000 residents in the country’s west. The allegations threatened to undermine Russia’s efforts to lift a four-year ban from international sports, including the Olympics, at Court of Arbitration for Sport, which has yet to rule on the matter. The I.O.C. did not respond to a request for comment.
In a follow-up attack that hit the power grid in Kyiv, Ukraine, a year later, the suspects used a second piece of malware, called Industroyer, to cut electricity for an hour, the indictment said. The malware, according to experts, posed one of the greatest digital threats to critical infrastructure since Stuxnet, the computer attack by the United States and Israel that took out Iran’s uranium centrifuges in 2009. The Justice Department indictment said the suspects were also responsible for developing malware used in attacks on Ukraine’s power grid. The first, on Dec. 23, 2015, infiltrated Ukrainian energy companies, cutting power for hours to more than 200,000 residents in the country’s west.
The wide-ranging attack in June 2017 is considered the most costly in history. Called NotPetya, it was originally aimed at Ukraine but quickly boomeranged around the world, paralyzing some of the biggest corporations in Europe and the United States at an estimated total cost of $10 billion. It cost Mondelez, the maker of Oreo cookies and Ritz crackers, more than $100 million, and Merck, the pharmaceutical giant, some $700 million in damages. In a follow-up in late 2016 that targeted the power grid in Kyiv, Ukraine, the suspects used a second piece of malware, called Industroyer, to cut electricity for an hour, the indictment said. The malware, according to experts, posed one of the greatest digital threats to critical infrastructure since Stuxnet, the computer attack by the United States and Israel that took out Iran’s uranium centrifuges in 2009.
“If you looked at a list of the top 10 most destructive cyberattacks in history,” Mr. Hultquist said, “these guys were responsible for four of them.” The suspects were also accused of carrying out an attack in June 2017 that is considered the most costly in history. Called NotPetya, it was originally aimed at Ukraine but quickly boomeranged around the world, paralyzing some of the biggest corporations in Europe and the United States at an estimated total cost of $10 billion. It was never clear, intelligence experts said, whether Russia intended to limit the attack to the Ukrainian economy and any company that dared to do business with Ukraine, or whether it knowingly built a tool that would wreak global havoc. But the estimated cost to Mondelez, the maker of Oreo cookies and Ritz crackers, alone was more than $100 million; Merck, the pharmaceutical giant, reported some $700 million in damages; the attack also impeded computer use at hospitals and medical facilities in western Pennsylvania.
Julian E. Barnes contributed reporting. In 2019, the same suspects took aim at the government of the country of Georgia, the indictment said. They defaced about 15,000 websites and replaced many home pages with images of its former president, known for his efforts to counter Russian influence, alongside the caption “I’ll be back,” an apparent bid to try to avoid detection.
At a news conference in Washington to announce the indictments, Mr. Demers, the Justice Department’s top national security official, took direct aim at Mr. Putin, who made an unusual appeal for a cyber “reset” with the United States last month.
Mr. Demers said the indictments were “a cold reminder of why its proposal is nothing more than dishonest rhetoric and cynical and cheap propaganda.”
He also took a dig in a news release at Mr. Putin’s claims that he is restoring Russia to greatness.
“No nation,” Mr. Demers said, “will recapture greatness while behaving in this way.”
Julian E. Barnes and Tariq Panja contributed reporting.