The FBI last year used a dossier of allegations of Russian ties to Donald Trump’s campaign as part of the justification to win approval to secretly monitor a Trump associate, according to US officials briefed on the investigation.The dossier has also been cited by FBI Director James Comey in some of his briefings to members of Congress in recent weeks, as one of the sources of information the bureau has used to bolster its investigation, according to US officials briefed on the probe.This includes approval from the secret court that oversees the Foreign Intelligence Surveillance Act (FISA) to monitor the communications of Carter Page, two of the officials said. Last year, Page was identified by the Trump campaign as an adviser on national security. More here from CNN.
Bogachev was a case from 2014 investigated by CrowdStrike and then later offered help to the FBI office in Omaha and later the FBI office in Pittsburgh finally after countless months, ran a global cyber operation and succeeded in stopping international bank thefts in the millions of dollars. Many Russian immigrants located in Brighton Beach were recruited to be mules going to domestic banks, opening accounts and later withdrawing funds, cleaning all traces of the stolen millions. It should be noted that CrowdStrike was the same firm the Hillary campaign hired to investigate intrusions.
Now it gets even more interesting.
The matter of Bogachev with his named operation of ‘Business Club’ and his global cyber operatives hacking with sophisticated bots, malware and remote servers came to the attention of the Russian Federation. They liked what the Bogachev Zeus operation had the ability to do. So, top Kremlin officials allowed the operation to continue without prosecution if they would work to gather intelligence on the global reaction to Putin annexing Crimea and moving in on Ukraine.
All of this came to the attention also of U.S. based private cyber professional where they studied the code, the IP addresses, the servers, the patterns, names and other common cyber traits. The DNC hack attributions are a dovetail to the ‘Business Club’ operation due to style, coding, networks, language and server locations.
In 2015, the Obama State Department issued sanctions and a $3 million dollar bounty on Bogachev who operated with the alias of ‘Slavik’. Russia of course is not only not cooperating but refuses to admit any such action was real and the evidence is not vetted. This is a usual response by top Russian officials.
An estimated $100 million was stolen via cyber operations by Slavik and computers infected with various versions of Zeus still exist while the FBI was able to seized all those known to their sting operation.
The FBI described the cyber sting operation as hand to hand combat with Bogachev and his operation on the Zeus case was deemed successful. It is unknown at this time who and where is he still operating. The summary of this operation was taken from the full article published by ‘Wired’ under the title ‘The Hunt for Russia’s Most Notorious Hacker’
Late last year, the DHS released a joint statement which read in part:
This activity by Russian intelligence services is part of a decade-long campaign of cyber-enabled operations directed at the U.S. Government and its citizens. These cyber operations have included spearphishing, campaigns targeting government organizations, critical infrastructure, think tanks, universities, political organizations, and corporations; theft of information from these organizations; and the recent public release of some of this stolen information. In other countries, Russian intelligence services have also undertaken damaging and disruptive cyber-attacks, including on critical infrastructure, in some cases masquerading as third parties or hiding behind false online personas designed to cause victim to misattribute the source of the attack. The Joint Analysis Report provides technical indicators related to many of these operations, recommended mitigations and information on how to report such incidents to the U.S. Government.
A great deal of analysis and forensic information related to Russian government activity has been published by a wide range of security companies. The U.S. Government can confirm that the Russian government, including Russia’s civilian and military intelligence services, conducted many of the activities generally described by a number of these security companies. The Joint Analysis Report recognizes the excellent work undertaken by security companies and private sector network owners and operators, and provides new indicators of compromise and malicious infrastructure identified during the course of investigations and incident response. The U.S. Government seeks to arm network defenders with the tools they need to identify,, detect and disrupt Russian malicious cyber activity that is targeting our country’s and our allies’ networks.