Cybercrime

In Ukraine, more evidence of a hacking group's Kremlin ties

A plan to create a 9/11-type commission to investigate

 

For those searching for stronger evidence of Russia's connection to the hack of the Democratic National Committee, the tale of an infected Ukrainian Android cellphone app may help, according to a cybersecurity firm.

A report released Thursday by CrowdStrike describes how a widely used cellphone application developed by a Ukrainian artillery officer to conduct strikes more quickly may have become the means by which the Russian government gained intelligence such as the whereabouts of Ukraine's military forces.

The app, developed in 2013 and distributed initially over social media, was ultimately hijacked by the Fancy Bear hacking group — believed to be affiliated with Russian military intelligence agency or the GRU. In 2014, Fancy Bear created a malicious variation of the Android application for download and posted it on a Ukrainian military forum. Officers using the infected application on the battlefield provided the Russian hackers with their general location as well as potentially valuable intelligence, such as access to their contacts, text messages, call logs and internet data, the report states.

The malicious software known as X-Agent, which was used to help turn the clash with Ukrainian forces to Russia's advantage, is the same malicious software that was used to hack the DNC, said Dmitri Alperovitch, co-founder and chief technology officer of CrowdStrike. His company was hired to investigate the DNC hack and over the summer publicly attributed it to Fancy Bear.

Alperovitch said the Ukrainian example demonstrates an even stronger connection between Fancy Bear operators and the Russian military.

"For them to use this on the battlefield, they need a closely integrated connection," Alperovitch said. "It's exactly the mission of the GRU...We think this is very convincing evidence that links the two (Fancy Bear and the GRU) together."

Russian President Vladimir Putin has repeatedly rejected the Obama administration's accusation that the highest-levels of the Russian government were involved in trying to influence the U.S. presidential election. U.S. intelligence agencies concluded that Russia's goal was to help President-elect Donald Trump win. Trump has called the intelligence assessment ridiculous.

President Barack Obama has ordered intelligence officials to conduct a broad review of election-season cyberattacks.