The Details of Russian Interference
As of now, per the last Mueller indictment, Fancy Bear is identified as two cyber units of the GRU, Units 26165 and 74455. They are responsible for infiltrating the DCCC, DNC, and the Hillary Campaign, in particular, the Campaign Manager, Joe Podesta. The initial attacks were through directed emails (called spear phishing by us techies) that can trick the receiver into revealing his password or installing malware. Among the malware, X-Agent was used which was also used in several other Russian operations. X-Agent was used to moved documents to a GRU-based computer in Arizona. According to the indictment, X-Agent was developed, customized, and monitored" by a GRU officer.
One of the clues that Russian was involved was that similar attacks had been made against other countries, including Georgia and Ukraine. In fact, these states have been a “proving ground” for the hacking techniques that are later used against the US and other countries.
As you may remember the emails and other stolen from the DCCC and DNC were strategically released around the Democratic Convent create chaos and anger among Democratic supporters. The Podesta emails were release right after the Hollywood Tapes were revealed to create a distraction for Trump
To create authority, the emails were released in mass through Wikileaks. This meant that reporters were who selectively released the emails. It also allowed the Russians to rewrite and a few false emails mixed with the legitimate.
To create anonymity, the false account, Guccifer 2.0, was established as the front to release the information. The name Guccifer has a history within the hacking community, which assisted in the fiction that it was a lone hacker, not the Russian government, that had stolen and released the data. The real source was later discovered, possibly as expected, but by that time the propaganda had done its intended effect. In this persona, the Guccifer 2.0 team continued to post, at one point being tracked to a Moscow-based server managed buy Unit 74455. They also used a network of virtual private networks (VPNs) in Malaysia which were purchased with the same pool of bitcoins used by the Guccifer 2.0 account.
The Mueller Indictment does not refer to Cozy Bear. The CrowdStrike (and other) security groups identified their profile in hacking the DNC a year earlier than Fancy Bear and went undiscovered until Fancy Bear was detected. Cozy Bear has also been linked to Russian activities, their connection with Fancy Bear was not discussed in the indictment.
In the previous post, I detailed how you can fake popularity (and authority for some readers) by using multiple accounts either by computer or cheap labor. The previous Mueller indictment links these efforts to “front companies” that were associated with the Russian Government. The most well-known is the Internet Research Agency. Fake posts and stories were fabricated using decades of espionage techniques Russia acquired in the Cold War to coop governments, radicalize people, and create disruptions.
In other words, Russia launched a skill marketing campaign that would have won awards on 5th Avenue if it had been for money.
There were more traditional means of infiltrations. Agents traveled to the US to gather intelligence and become part of political movements that could be cooped to Russian goals or encouraged to create social disorder. In addition to several persons listed in Mueller’s 2nd indictment, Marina Butina was arrested, becoming the most famous example.
So, that is a lot of information, and if you read the last post, you can see how this all confirms that we know it was Russians. Let me take a moment to point out the details that let us know the Russian Government was responsible.
- Only nation-state actors can do hacks and propaganda campaigns that require this level of skill and coordination with only politics as a goal.
- The hacks of the DNC and Hillary Campaign match the Fancy Bear profile. This profile also matches several pro-Russian attacks. NATO, Georgia, and Ukraine were some of the targets.
- Tools and resources used by Fancy Bear tie them directly to GRU cyber units, Unit 26165 and 74455.
- The use of emails for spear phishing and fake accounts such as Guccifer 2.0 were traced back to Unit 26165 and 74455 of the GRU.
- A server in Arizona was used can be linked to front companies maintained by the GRU.
- A server in Moscow was used that is own by the GRU Unit 74455.
- There is a financial trail of bitcoins that link different aspects of the operation.
- Several companies with ties to the Russian Government were responsible for manipulating false stories and post through social media.
- Human agents have been identified as entering the US that were part of the propaganda campaign.
Behind, this we must assume that there are classified sources and computer forensics technique proving all this, and we will never know them, at least not for a while. However, the information that is public should be damning in of itself. Perhaps if you squint your eyes and abandon all critical thought, you could create some convoluted logic to explain it away. But, let me put it this way. What if this had been Iraq, who we have hacked and where we have interfered in their elections? If it had been Iraq, we’d be dropping bombs.
