EXETER State Sen. Jon Morgan has unique insight into the Ukrainian energy company at the center of the ongoing impeachment trial against President Donald Trump.
In his professional life, Morgan, a Brentwood Democrat, is a senior director of security operations for Area 1, a California-based cyber security company. Area 1 recently released a report detailing a hacking operation of Burisma Holdings, a Ukrainian natural gas company, by Russian military intelligence better known by the acronym, GRU.
Morgan said his original responsibilities include developing relations with internet service providers (ISPs) and hosting providers for small- to medium-sized companies. He said his company has the ability to catalog the entire internet every 10 days by using a high-speed web crawler.
Morgan said Area 1 monitors 150 to 190 known organized hacking groups, some of which are state-sponsored and others that are typically part of organized crime syndicates. He said by cataloging the entire web, Area 1 employs various methods to identify the typical tools, tactics and procedures, or TTPs, employed by sophisticated hacking groups, such as the use of phishing, which the Area 1 report states is the genesis of nine out of 10 cyber attacks.
According to Area 1’s report, beginning in 2019, GRU began a phishing campaign targeting the servers of subsidiary companies belonging to Burisma Holdings. The report states GRU phished credentials to permit hackers to appear as specific Burisma email users by creating a lookalike domain login. In several instances, the GRU fake domain was near identical to the legitimate one.
For example, the Burisma subsidiary KUB-Gas LLCs legitimate domain is kub-gas.com.ua. The suspected malicious domain was kub-gas[.]com. The brackets are inserted around the dot in the report so people reading it know not to visit on a phishing domain, Morgan said.
Morgan declined to state what Area 1s connection is to Burisma, only saying his company has a policy of not specifically discussing possible or potential clients.
The report states, Like all phishing campaigns, we observe the GRU was successful because they found a way to appear authentic to their targets, rather than using any technical sophistication. However, Morgan said its difficult to draw conclusions on what the Russians may have been searching for.
This report is a very conservative analysis and due to the sensitivity surrounding Burisma, we dont want to draw any conclusions, he said. We wouldnt release a report like this unless we feel its necessary to inform the public that there is a malicious hacking campaign underway.
So how did Area 1 conclude Russias GRU was responsible for the Burisma attack?
Morgan said the timing of the hacking operation was similar to past Russian-tied hacking efforts beginning in 2015 in the run up to the U.S. 2016 general election. Area 1 refers to GRU hackers as RUS-1, or Fancy Bear, and Morgan said his company has monitored GRU since it was suspected of hacking the Democratic National Committee in 2016 and stealing incendiary emails from party insiders, which were published by Wikileaks.
We can say there is a correlation between the timing of the start of the Burisma hack with the impeachment trial, Morgan said. Its following the same timeline, traditional playbook that began in 2015-2016. The GRU is attempting to insert itself into the confusion of the 2020 election cycle and it cant be ignored.
Burisma is at the center of the impeachment trial because Democrats are accusing Trump and his administration of holding up military aid to Ukraine until its government announced a formal investigation against presidential candidate and former Vice President Joe Biden and his son, Hunter.
Burisma once employed Hunter Biden as a board member, paying him a reported $50,000 a month beginning in 2014 while his father was still vice president. Hunter Bidens stint on Burismas board began shortly after he was discharged from the Navy for testing positive for cocaine. Conservatives believe Joe Biden as vice president exerted influence on the Ukrainian government to fire a prosecutor who vowed to investigate Burisma.
Theres a belief among voters political elites will take care of their own and Burisma officials are on record saying they hired Bidens son because thats simply what it takes to do business with the West, said Dr. Dean Spiliotes, a Southern New Hampshire University professor and founder of NHPoliticalCapital.com. Hunter Bidens checkered history is well-documented and thats him, not Joe Biden. In the past, family issues like Billy Carters or Roger Clintons drinking problems were not considered fair game as much as they are now.
Spiliotes said if Biden becomes the Democratic nominee for president, his past work in Ukraine will be a double-edged sword that is awarding him a personalized campaign talking point. However, Ukraine will likely be a point Trump hammers in the general election, regardless of how much or how little the accusations against Biden are grounded in reality, he said.
Certainly, the personal connection Biden has to Ukraine gives him the sole opportunity to attack the Republicans and Trump for trying to target him, Spiliotes said. But Biden never has given a good explanation for this and just thought by ignoring it, it would go away. Thats not how its going to work going against Trump. We also dont know what was uncovered through the hack, and if its something damaging, were not going to learn about it until after hed become the nominee.
Morgan did not want to comment on how the Burisma hack would affect the Democratic primary field.
Politics is ugly business,” he said. “At that level, its no holds barred and both sides are using extraordinarily divisive information to lob attacks at each other. Our report has nothing to do with politics. We work with Republicans, Democrats, Green Party; they all deserve the highest level of (cyber) protection and privacy, which we seek to provide in the best way we can.”