author photo
By Bruce Sussman
Thu | Oct 4, 2018 | 10:50 AM PDT

We always hear that Russia is trying to hack the rest of the world.

But intelligence agencies are intentionally short on cyber attack details until they have to reveal them.

And that's what happened here: the U.S. government just indicted seven Russian military officers for hacking those it viewed as Moscow's Olympic adversaries.

And as a result of the indictment, officials revealed chilling details of Russian agents traveling the globe to track and then hack their targets.

It's exactly the kind of thing Hollywood would put on the big screen or Netflix would put onto every screen. And it is actually happening.

The cyber attack setup: Russian Olympic athletes banned for doping

In July 2016, just before the Summer Olympic Games in Rio, something called the McLaren report came out. It detailed Russia's "Institutionalised Doping Conspiracy and Cover Up" that helped Russian athletes hide doping efforts and appear clean even though they were not. 

[Related: See the final McLaren report on athlete doping]

After arbitration, 111 Olympic athletes from Russia quickly found themselves banned from competing in the summer games in Rio.

Russia was embarrassed, denied the allegations, and apparently was out for revenge.

The Russian military's intelligence division, the GRU, began hunting the world for those who had made it look bad.

Russian cyber attacks aimed at anti-doping agencies and experts

Russia's GRU launched cyber attacks against anti-doping experts and agencies involved, including the World Anti-Doping Agency, the United States Anti-Doping Agency, and the Canadian Centre for Ethics in Sport, which is the Canadian anti-doping organization.

The Russian hackers also targeted anti-doping officials at sporting federations like the IAAF and FIFA.

At first, the indictment says, the seven Russian intelligence officers applied typical tools of the cyber spy and hacking trade:

  • they used fictitious personas to hide their true identities
  • used proxy servers to hide their true location
  • researched victim details
  • sent spearphishing emails that tried to get people to click fake links or open documents that would install malware
  • where this worked, they then "compiled, used, and monitored malware command and control servers" which could help them track and steal information

When remote hacking fails, Russian hacking teams travel to their targets

The only problem with these traditional hacking methods is that they typically require the target to take action, to fall for an impostor. And as we've heard at our cybersecurity conferences across the U.S., users are getting smarter and many hackers are having to get more creative in their attacks.

In this case, the U.S. indictment says, Russian intelligence officers traveled the globe to track their targets, watched for them to connect to a Wi-Fi network, and then hacked them when they thought everything was secure.

Russian intelligence agents hack attendee at an anti-doping conference

What better place could there be to find your anti-doping enemies than the World Anti-Doping Association (WADA) conference?

So that's where two of the Russian intelligence officers traveled, and just like a movie, they were likely within walking distance of their cyber target. Perhaps they were in the hotel lobby at the same time. But the target did not know they were being hacked.

"In mid-September 2016, WADA hosted an anti-doping conference in Lausanne, Switzerland.  On September 18, 2016, defendants Morenets and Serebriakov traveled to Lausanne with equipment used in close access Wi-Fi compromises.  On or about September 19, 2016, Morenets and Serebriakov compromised the Wi-Fi network of a hotel hosting the conference and leveraged that access to compromise the laptop and credentials of a senior CCES official staying at the hotel. Other conspirators thereafter used the stolen credentials to compromise CCES’s networks in Canada...."

The same style of attacks happened as Russian intelligence traveled to be near anti-doping experts in other parts of the world, including Rio, where Russia was so badly embarrassed by the doping scandal.

Federal officials say once that phase of the attack was successful, access details were transferred to Russia for others to exploit.

What Russian hackers stole in these anti-doping cyber attacks and hacks

So what did Russia want besides usernames, passwords, and the ability to hack into email accounts of anti-doping experts and the networks of their organizations?

The U.S. indictment says they wanted and stole information on medical records, athlete drug test results, and other data, including information regarding therapeutic use exemptions (TUEs), which allow athletes to use otherwise prohibited substances for approved reasons.

Russia launches a disinformation campaign with stolen data

Russian intelligence then took that data and launched a disinformation campaign.

Wait a minute, where have we heard about this strategy before? During the 2016 U.S. elections.

Only this time, it was an effort to exonerate Russian athletes and undermine the world's anti-doping efforts:

"From 2016 through 2018, the conspirators engaged in a proactive outreach campaign, using Twitter and e-mail to communicate with approximately 186 reporters about the stolen information. After articles were published, conspirators used the Fancy Bears’ Hack Team social media accounts to draw attention to the articles in an attempt to amplify the exposure and effect of their message."

So it appears that reporters were socially engineered to publish stolen information, which in turn, allowed Russian-created social media accounts to share those reports as fact.

It all sounds like the plot to a movie, doesn't it? Now, it could be a documentary.

[Related: "20 Tricks the Russians Used in the DNC Hack"]

Final note

Like all indictments against Russian hackers still in Russia, the charges mean nothing for the individuals involved as long as they stay in their homeland. Perhaps they're even having a party to celebrate their indictments, who knows?

But these charges and another recent hacking indictment against Russian intelligence are part of a shift by the United States and a warning to digital foes.

Comments