U.S. Charges 7 Russian Intelligence Officers With Hacking 40 Sports And Doping Groups
Updated at 2 p.m. ET
A federal grand jury in Pennsylvania has indicted seven Russian military intelligence officers, accusing them of hacking into U.S. and international anti-doping agencies and sports federations and of accessing data related to 250 athletes from about 30 countries.
Announcing the charges Thursday morning, the Justice Department also said the hackers' targets included Westinghouse Electric Corporation, the Organization for the Prohibition of Chemical Weapons, and a Swiss lab that was testing for an exotic poison used in the attempted assassinations of former KGB agent Sergei Skripal and his daughter.
The officers, part of Russia's foreign military intelligence agency GRU, allegedly published stolen information under the phony auspices of a group called the Fancy Bears' Hack Team.
A U.S. magistrate judge in the Western Pennsylvania district ordered arrest warrants to be issued for the officers, all of whom are currently believed to be in Russia.
Moscow is denying the accusations, with the Russian foreign ministry saying, "The West's spy mania is gaining momentum," according to state-run Tass media.
The U.S. investigators say the hackers acquired the data through cyberattacks on networks and officials at roughly 40 anti-doping agencies and sporting organizations. The alleged victims range from the International Olympic Committee and the World Anti-Doping Agency to the IAAF (the International Association of Athletics Federations) and FIFA, soccer's governing body.
In some cases, the hackers modified data before releasing it. And in addition to their surreptitious operations, the Justice Department says, the hackers who released athletes' data "exchanged e-mails and private messages with approximately 186 reporters in an apparent attempt to amplify the exposure and effect of their message."
The GRU officers worked hard to obscure their tracks. According to the indictment, they mainly used bitcoin to pay for technical equipment and to register domain names, and they used "hundreds of different email accounts, in some cases using a new account for each purchase."
The DOJ says Russia began its Olympics operation in retaliation for a damning World Anti-Doping Agency's report released one month before the 2016 Rio Olympics, which found the country had used a systematic campaign to cheat doping tests, in actions that centered on the 2014 Sochi Winter Olympics. Within days of that report, Russia began trying to hack into WADA, the U.S. Anti-Doping Agency and other agencies, according to the Justice Department.
The charges include conspiracy, wire fraud conspiracy, wire fraud, aggravated identity theft and conspiracy to commit money laundering. The case directly relates to Thursday's announcement by Dutch authorities who say they disrupted at least one cyber operation aimed at the OPCW.
Some of the hackers had been "caught red-handed" trying to infiltrate the OPCW in the Netherlands earlier this year, said Assistant Attorney General John Demers of the DOJ's National Security Division.
Three of the seven defendants who were charged on Thursday had been charged in indictments by the office of special counsel Robert Mueller in July. The two sets of indictments share conspirators and methods, Demers said, along with what he called the same strategic goal: Russia's "disinformation operations aimed at muddying or altering perceptions of the truth."
Once Russia was exposed, Demers added, the embarrassed country "fought back by retaliating against the truth tellers, and against the truth itself."
In July, the Justice Department indicted 12 GRU officers, accusing them of crimes related to the hacking of the Democratic National Committee's emails, state election systems and other targets in 2016.
In Thursday's press release, the Justice Department listed the seven Russians' names and ages: Aleksei Sergeyevich Morenets, 41; Evgenii Mikhaylovich Serebriakov, 37; Ivan Sergeyevich Yermakov, 32; Artem Andreyevich Malyshev, 30; and Dmitriy Sergeyevich Badin, 27 — whom the Justice Department says were assigned to Military Unit No. 26165 — along with GRU officers Oleg Mikhaylovich Sotnikov, 46, and Alexey Valerevich Minin, 46.
Federal prosecutors say that Yermakov, Malyshev, Badin and others used fake identities and proxy servers as they "researched victims, sent spearphishing emails, and compiled, used and monitored malware command and control servers."
If the networks and data that the officers wanted couldn't be cracked remotely, the Justice Department says, the Russian officers would travel to other countries, where they hacked into Wi-Fi networks — and shared access with their conspirators in Russia.
Russian officers traveled to Brazil for the 2016 Summer Olympics in Rio de Janeiro — and they succeeded in infiltrating vital accounts, the DOJ says, adding that the hackers captured the credentials of an Olympics anti-doping official and used them to get into the WADA database.
The hackers also used a Wi-Fi network to steal the credentials of "a senior USADA anti-doping official," allowing them to read emails that included "summaries of athlete test results and prescribed medications."
Some of the activity is from nearly four years ago: One of the Russians charged, Yermakov, traveled to the U.S. in November 2014, when he "performed reconnaissance of Westinghouse Electric Company's ... networks and personnel" in Pennsylvania, the Justice Department said.
The Russians were interested in the Pittsburgh nuclear power company because it was supplying nuclear fuel to the Ukraine, according to the indictment.
The U.S. announced the criminal charges on the same day Britain's National Cyber Security Centre and the Dutch Defense Ministry laid out new charges against the GRU, accusing the service of attacks with targets ranging from the U.S. election to the World Anti-Doping Agency and an international chemical weapons watchdog.
Russia's military intelligence agency, the GRU, used a trunkful of electronics to attack the Organization for the Prevention of Chemical Weapons in April, Dutch officials said on Thursday.
Dutch authorities escorted four Russian intelligence officers out of the country hours after the car they had rented was found parked near the OPCW's building in The Hague, its trunk full of gear for hacking Wi-Fi networks. A large antenna was sitting on top of the equipment, which was on and running, using a battery that had been placed in the trunk.
The four officers had entered the Netherlands on diplomatic passports, according to the Dutch Defense Ministry, which said the British intelligence service had worked with it to disrupt the operation.
"This cyber operation against the OPCW is unacceptable," said Dutch Defense Minister Ank Bijleveld. "By revealing this Russian action, we have sent a clear message: Russia must stop this."
Russia's ambassador to the Netherlands was summoned to underline that message, she said.
Dutch and British officials laid out the charges against the GRU on Thursday, listing the group's attempts to steal information, disrupt or otherwise influence a number of high-profile targets, from the International Olympic Committee to Russia's central bank and two Russian media outlets.
"Bringing the concrete findings of intelligence services into the public arena is an unusual step," Bijleveld said. But the Dutch government was exposing the officers, she said, "since this will hamper any further attempts at international operations."
The U.S. contacted law enforcement in the Netherlands about the case in August, the Dutch defense ministry said.
The attack on the OPCW took place in April, as the organization was working to analyze the Novichok attack on Sergei Skripal in England, the officials said. At the time, the group was also poised to study a chemical weapons attack in Syria, the officials said.
"This was not an isolated act," British Ambassador to the Netherlands Peter Wilson said at a briefing about the espionage on Thursday. "The unit involved, known in the Russian military as Unit 26165, has sent officers around the world to conduct brazen close-access cyber operations."
Citing the OPCW's mission of combating some of the world's most horrible weapons, Wilson said Russia's attack reflects "complete disregard for this vital mission."
Britain says Russia's military intelligence agency, the GRU, attacked a wide range of civilian and political targets in what it calls a "flagrant violation of international law."
In response, the Russian Embassy in London, which has embraced an adversarial relationship with the British government, said that U.K. accusations of GRU cyberattacks "are nothing but crude disinformation, aimed at confusing the British and world public opinion."
A laptop that was confiscated from the officers held a trove of information about their past activities, including a record of connecting to a Wi-Fi network at a hotel in Lausanne, Switzerland, in September 2016, as the World Anti-Doping Agency was holding a conference at the hotel. A laptop was compromised, and the APT 28 malware infection that resulted spread widely, eventually compromising the IP addresses of the International Olympic Committee, Wilson said.
And Wilson added, in a chilling note, one of the officers had "also conducted malign activity in Malaysia," in an operation that targeted the inquiry into Malaysia Airlines Flight MH17, the airliner that crashed in eastern Ukraine after being hit by a missile. Hours earlier, it had taken off from Amsterdam.
Both the Netherlands and Australia say Russia is to blame for the deaths of the nearly 300 people who were aboard MH17. Wilson said that the operation in Malaysia targeted the police as well as the attorney general's office.
Copyright 2021 NPR. To see more, visit https://www.npr.org.