While the intelligence community continues to look into Fancy Bear, the hacking group widely believed to have broken the Democratic National Committee’s cybersecurity last year, authorities are reportedly getting help from Ukraine. The New York Times reports that a hacker credited with developing one of the tools used during the DNC infiltration has been speaking with police (just writing malicious code is not criminal, so he hasn’t been charged) and been made available to the FBI.
Profexer, as he is known online, created the P.A.S. web shell, though Serhiy Demediuk, head of the Ukrainian Cyber Police, told the Times that “he told us he didn’t create it to be used in the way it was.” The software was freely available online.
Also newly reported in the Times report is that the FBI is in possession of evidence of a Russia-linked electoral hack that happened in Ukraine in 2014. Traces of the same code from that hack were found by researchers investigating the DNC.
What’s interesting is that the Ukrainian election cyberattack revealed damning connections between the Russian government. Here’s how it played out:
Intriguingly, in the cyberattack during the Ukrainian election, what appears to have been a bungle by Channel 1, a Russian state television station, inadvertently implicated the government authorities in Moscow.
Hackers had loaded onto a Ukrainian election commission server a graphic mimicking the page for displaying results. This phony page showed a shocker of an outcome: an election win for a fiercely anti-Russian, ultraright candidate, Dmytro Yarosh. Mr. Yarosh in reality received less than 1 percent of the vote.
The false result would have played into a Russian propaganda narrative that Ukraine today is ruled by hard-right, even fascist, figures.
The fake image was programmed to display when polls closed, at 8 p.m., but a Ukrainian cybersecurity company, InfoSafe, discovered it just minutes earlier and unplugged the server.
State television in Russia nevertheless reported that Mr. Yarosh had won and broadcast the fake graphic, citing the election commission’s website, even though the image had never appeared there. The hacker had clearly provided Channel 1 with the same image in advance, but the reporters had failed to check that the hack actually worked.
The DNC hack shared code with the 2014 Ukrainian hack, in which circumstantial evidence points to Russia government collaboration. As has often been the case throughout this process, the evidence falls short of conclusive, though the similarities in tools and tactics during both hacks are tough to ignore.
