Saturday, April 17, 2021

U.S. Exposes Hackers’ Helpers to Punish Russian Cyber-Attacks

IS THAT LIKE HAMBURGER HELPER


Michael Riley and Ryan Gallagher, 
Bloomberg News Apr 15, 2021


Vladimir Putin Photographer: Andrey Rudakov/Bloomberg , Bloomberg


(Bloomberg) -- In punishing Russian hacks and election meddling, the Biden administration on Thursday revealed new details about Russian intelligence’s vast disinformation and cyber-operations, including the names of companies that allegedly help facilitate cyber-attacks and websites accused of spreading false claims to damage the U.S.

The information release is designed partly to damage Russian intelligence services by blowing the cover of its support network, including companies that provide essential services and, in one case, the location of a technology park near the Black Sea used by spies for Russian’s military intelligence directorate, the GRU.

“This is how you roll up people’s networks,” said James Lewis, senior vice president at the Center for Strategic and International Studies in Washington. “You identify them, so that they have to rebuild their tradecraft and rebuild their cover. It’s cheap for us but can be very costly to them.”

The names of companies and individuals, including a deputy chief of staff to Russian President Vladimir Putin, were officially released in relation to U.S. sanctions imposed Thursday, but the larger harm may come from being associated with Russia’s spy operations, experts say.

According to the U.S. Treasury Department, a Russian cybersecurity company called Positive Technologies hosts large-scale conventions that are used as a recruiting pipeline for Russia’s intelligence agencies, the Federal Security Service (FSB) and the GRU. While the U.S. didn’t identify the name of the conference, one annual event held by Positive Technologies -- which names Societe Generale, UniCredit and Enel as clients on its website -- is called “Positive Hack Days.” In 2019, it hosted 8,000 people, and participants competed to hack into cash machines and a Tesla car.


The disclosure about the company’s alleged links to Russian intelligence comes just after reports that it was considering an initial public offering, which Kommersant newspaper reported in March, citing an unidentified person familiar with the plan. The company earned 5.6 billion rubles ($73 million) in 2020 and was targeting a valuation of between $2 billion and $4 billion, the paper said.

Positive Technologies didn’t immediately respond to a request for comment.

The U.S. also sanctioned ERA Technopolis, a research center and technology park located in Krasnodar Krai, Russia, which is near the Black Sea. U.S. officials alleged that ERA Technopolis “houses and supports” units of Russia’s main intelligence directorate, the GRU, which it said was responsible for offensive cyber and information operations.

The technology park had been publicly linked to the Russian Ministry of Defense, which claims that the facility combines scientific and educational functions. But the fact that it’s now known to house GRU units will likely be an inconvenience for an agency that thrives in secrecy.

Russian officials have repeatedly denied allegations of hacking, election meddling and spreading disinformation in the U.S.

It’s likely that many of the details about the intelligence agencies’ support networks were classified until recently, but Lewis said the decision to release them was a result of an internal U.S. government debate about how to impose stiff costs for what the U.S. calls “malign behavior.”

Those activities include aggressive efforts to influence the outcome of U.S. presidential elections in 2016 and 2020, the poisoning of Russian opposition leader Alexey Navalny, and the recent hack of U.S. government agencies and private firms through software made by Texas-based SolarWinds Corp.

“The debate is over how to impose costs on the Russians, as well as whether those costs will be enough to get them to change their behavior,” Lewis said. “Some of these companies go to a lot of effort to establish cover and to build business networks. They can try to restart that process, but it won’t be easy.”

The Biden administration also disclosed new details about how Russian intelligence agencies have used disinformation outlets and companies to secretly try to influence U.S. voters and spread false claims about candidates and elections.

“Private and public sector corruption facilitated by President Vladimir Putin has enriched his network of confidants, who used their illicit business connections to advance Russia’s campaign to undermine the 2020 U.S. presidential election—and to give Russia plausible deniability in its disinformation activities,” according to the Treasury Department.

The FSB operates several disinformation outlets, including SouthFront, which is registered in Russia and attempts to appeal to military enthusiasts, veterans and conspiracy theorists while hiding its connections to Russian intelligence, according to the Biden administration. Following the November U.S. presidential election, SouthFront allegedly published content alleging voter fraud had taken place during the election.


Another disinformation outlet, NewsFront, is based in Crimea and allegedly worked with FSB officers to attempt to undermine the credibility of a news website that advocated for human rights. NewsFront was also used to distribute false information about the Covid-19 vaccine, “which further demonstrates the irresponsible and reckless conduct of Russian disinformation sites,” according to the Treasury Department.

In addition, SVR directs an online journal called the Strategic Culture Foundation that created “false and unsubstantiated narratives” about U.S. officials involved in the 2020 presidential election, while GRU operates InfoRos, which used a network of websites to spread false conspiracy theories and disinformation, according to the U.S.

One of the companies outed Thursday is based in Pakistan, but it seems to have provided Russian intelligence agents with an essential -- if illicit -- service. The Treasury Department sanctioned the company for creating and selling fake identities to Russian intelligence, including documents to help companies and individuals evade sanctions. Since at least 2012, Second Eye Solution, also known as Forwarderz, provided digital copies of fake passports, drivers licenses and bank statements to help verify social media and financial services accounts, according to a Treasury Department statement.

An archived version of the Second Eye Solution website advertised the sale of illicit documents to support verification for banned or suspended accounts on sites including Facebook, Amazon.com, Google Wallet and CoinBase. “We provide high-quality, real-looking documents through which many of our clients get restored their accounts,” reads the now defunct website.

The site, accessed using the Wayback Machine web archive, now reads, “coming soon.”

©2021 Bloomberg L.P.

No comments:

Post a Comment