A notorious Russian hacking outfit had more of its operations abroad exposed on Thanksgiving by the British Broadcasting Company (BBC). The outfit, called “Fancy Bear,” apparently works for Russian military intelligence. This group played a key role in attacks on the Democratic National Committee during the 2016 election. As American authorities such as Special Counsel Robert Mueller discover increasing connections between the Trump campaign and Russian hackers, it is important to keep up with just who and what these Russian hackers were – and are.
Fancy Bear, termed by the BBC “Russia’s most notorious hackers,” hired servers three years ago from a firm called Crookservers registered as located in Britain. (Despite the name, the owner denies he is hired by crooks.) Through their use of Crookservers, Fancy Bear left a trove of clues behind that BBC just revealed. Crookservers is what is known as server reseller. Crookservers was previously linked to a cyber-attack on the Bundesrat, the German parliament. Now, it develops that there was a server hired through Crookservers whose IP address appeared in malware used to attack the DNC.
The BBC identified Crookserver’s operator, Usman Ashraf, and persuaded him to provide detailed answers to its questions via email, though many of the answers were just denials of working for hackers. Ashraf may have been in the Oldham area of Great Britain in 2010-2014, and now seems to be based in Packistan.
Also, the BBC secured computer information from Crookservers and had it analyzed by cyber-threat intelligence company Secureworks. Over three years, Fancy Bear rented computers through Crookservers, covering its tracks using bogus identities, virtual private networks and hard-to-trace payment systems. Secureworks had previously studied Fancy Bear and said then that the group was sponsored by the Russia government. Now, Secureworks said the Crookservers information helped them connect several Fancy Bear operations.
The BBC identified, from its fresh information, that Fancy Bear used computers to attack the German parliament, hijack traffic meant for a Nigerian government website and target Apple devices. This fits with previous information collected from public sources in Wikipedia. There, it was stated that “[t]he group [Fancy Bear] serves the political interests of the Russian government, which includes helping foreign candidates that are favored by it to win elections (such as when they leaked Hillary Clinton’s emails to help gain traction for Donald Trump during the United States 2016 Elections).” An online persona, “Guccifer 2.0,” claimed public responsibility for the DNC hacks, and briefly received much publicity. However, there is some reason to doubt that claim, including Fancy Bear’s vastly stronger credentials.
As far as the international breadth of Fancy Bear’s operations, this fresh British information further elucidates what was already believed. “Fancy Bear is thought to be responsible for cyber attacks on the German parliament, the French television stations TV5Monde, the White House, NATO, the Democratic National Committee, Organization for Security and Co-operation in Europe and the campaign of French presidential candidate Emmanuel Macron,” according to Wikipedia’s compilation.
Some conclusions may be drawn from this. When President Trump says he believes Vladimir Putin’s denials of Russian hacking interference in 2016, Trump not only pits himself against all the extensive and persuasive information agreed to by all the United States intelligence information as of 2016, but also the further and increasingly worrisome information that keeps on mounting. There can be no doubt the Russian government worked via hacking to help Trump win. Furthermore, the elucidation of Fancy Bear’s broad international scale makes it all but inevitable that the Russian hackers will continue to target elections, including the American elections (if hacking is not prevented) of 2018 and 2020.