Czech police arrest Russian with alleged connections to hacking in U.S.
WashingtonPost: A Russian man thought to have connections to hacking in the United States has been arrested in the Czech Republic, authorities there said Tuesday.
Czech police worked with the FBI to detain the man at a hotel in Prague, according to a statement published online Tuesday evening.
The arrest is not related to the Russian hacks of the Democratic National Committee and other political organizations or the ongoing probe of Russian interference in the U.S. election, federal law enforcement officials said.
“As cyber crime can originate anywhere in the world, international cooperation is crucial to successfully defeat cyber adversaries,” the FBI said in a press statement Wednesday. The arrest, the bureau noted, was made pursuant to an INTERPOL red notice, highlighting the collaboration between U.S. law enforcement and international partners.
Immediately after his arrest, authorities said, the man collapsed. He was provided first aid and was later hospitalized.
Czech courts will decide whether to extradite the man to the United States.
It was unclear what hacking attacks the man was suspected of participating in. A police spokesman declined to provide Reuters with additional information about the arrest. In Moscow, a Russian Foreign Ministry official said the Kremlin opposed the extradition.
Konstantin Dolgov, whose group monitors legal and rights issues at the Foreign Ministry, called the plans to move the suspect to the United States an “unacceptability,” according to the Interfax news agency.
Dolgov said Russian officials were monitoring the case and ready to provide the suspect with assistance, including legal help. “We expect that his procedural rights won’t be violated,” Dolgov was quoted as saying.
Although there are no apparent links between the arrest and hacking of U.S. political groups, the case is certain to draw closer attention to data infiltration tactics with suspected Russian fingerprints.
Nearly two weeks ago, the Obama administration officially accused Russia of attempting to interfere with the 2016 U.S. election, a claim that had been reported widely for months but not formally alleged by the federal government.The alleged hacks have included digital intrusions into systems at the Democratic National Committee this summer that was followed by a major leak of emails that, in turn, led to the resignation of the committee’s chairwoman, Rep. Debbie Wasserman Schultz (Fla.). Russia has also been blamed for hacking and, later, leaking emails of the Democratic Congressional Campaign Committee. In the October statement officially accusing Russia of the hacking attacks, the federal government said an online persona calling himself Guccifer 2.0 had claimed responsibility for the intrusions and said that it thinks only top Russian officials could have authorized them.
“This is some sort of nonsense,” Dmitry Peskov, press secretary for Russian President
Vladimir Putin, told The Washington Post earlier this month. “Every day, Putin’s site gets attacked by tens of thousands of hackers. Many of these attacks can be traced to U.S. territory. It’s not as though we accuse the White House or Langley of doing it each time it happens.”
****
Russian National Charged in Largest Known Data Breach Prosecution Extradited to United States
Defendant Brought From Netherlands
After Fighting Extradition for Over Two Years
****
Russian Hackers of DNC Said to Nab Secrets From NATO, Soros
Bloomberg: Weeks before the Democratic convention was upended by 20,000 leaked e-mails released through WikiLeaks, another little-known website began posting the secrets of a top NATO general, billionaire George Soros’ philanthropy and a Chicago-based Clinton campaign volunteer.
Security experts now say that site, DCLeaks.com, with its spiffy capitol-dome logo, shows the marks of the same Russian intelligence outfit that targeted the Democratic political organizations.
The e-mails and documents posted to the DCLeaks site in early June suggest that the hackers may have a broader agenda than influencing the U.S. presidential election, one that ranges from the Obama administration’s policy toward Russia to disclosures about the hidden levers of political power in Washington.
It also means the hackers may have much left in their grab bag to distribute at will. The subjects of the DCLeaks site include a former ranking intelligence official who now works for a major defense contractor and a retired Army officer whose wife serves on the USS Nimitz, the nuclear-powered aircraft carrier. Some of the e-mails go back years.
Open Society Foundations, the Soros group, reported the breach to the Federal Bureau of Investigation in June, said spokeswoman Laura Silber, who added that an investigation by a security firm found the intrusion was limited to an intranet system used by board members, staff and foundation partners.
NATO Commander
The biggest revelation on DCLeaks involves U.S. Gen. Philip Breedlove, who retired in May and was formerly the top military commander of the North Atlantic Treaty Organization. E-mails from Breedlove’s personal account show him complaining that the Obama administration wasn’t paying enough attention to European security. (“I do not see this WH really ’engaged’,” he writes at one point, later wondering “how to work this personally with the POTUS.”) The Intercept subsequently wrote a story about the e-mails, picked up by some cable news channels, inflaming tensions between the U.S. and its European allies.
Breedlove told CNN in July that the e-mails were stolen as part of a state-sponsored intelligence operation and didn’t respond to a request for comment this week.
The leaks highlight the effectiveness of some of the hackers’ tricks, including the targeting of private e-mail accounts to gather sensitive military and political intelligence. DCLeaks also offers some insight for investigators on what appears to be the hackers’ early missteps and ad hoc approach.
Harried Schedule
A cache of hacked Google e-mails from a Clinton volunteer, for example, doesn’t add up to much: They purport to be from the account of Sarah Hamilton, who works for a public relations firm in Chicago and volunteers for Hillary for America, and show little but the harried schedule of the campaign staff. Hamilton didn’t respond to a request for comment.
Similarly, a trove of “redacted” documents from the William J. Clinton Library were declassified and have been publicly available on the library’s website for several years, a spokeswoman for the library said.
“It really looks like the hackers tried a couple of things that just weren’t really working before they hit on using WikiLeaks,” said John Hultquist, the manager of cyberespionage intelligence at FireEye Inc. “With this earlier stuff, it looks like they were experimenting.”
Describing itself as the work of American hacktivists, DCLeaks.com was registered in April, and many of the documents were posted in early June. A DCLeaks administrator, who identified himself by e-mail as Steve Wanders, didn’t respond to written questions, including why much of the material focuses on Russia or Russian foreign-policy interests.
Voracious Appetites
The site seems designed to cater to the U.S. media’s voracious appetites for leaks. It has related Twitter and Facebook accounts that push out nuggets from purloined documents and that suggest angles journalists might pursue.
The Russian government has dismissed the idea that it was involved in the hack of the Democratic National Committee, and WikiLeaks founder Julian Assange said there’s “no proof whatsoever” that Moscow was involved.
Security experts see links to a larger Russian information operation. That’s in part, according to two people familiar with the probe, because the e-mail addresses of Breedlove and Hamilton were among thousands targeted in a several-month campaign that began last fall by a Russian hacking group that cybersecurity firms have referred to by monikers including Fancy Bear, APT28 and the Sofacy Group.
Cyberintelligence firms have linked that hacking group to the GRU, Russia’s military intelligence service, whose Moscow headquarters is nicknamed the Aquarium. Three private security groups have linked the DNC incursion to that group and another Russian hacking group associated with the FSB, the country’s civilian intelligence agency. U.S. intelligence agencies have told officials they believe the DNC hack was orchestrated by the Russian government.
Guccifer 2.0
A hacker calling himself Guccifer 2.0 and purporting to be Romanian initially took credit for the DNC hack. That claim was viewed skeptically, in part because the hacker didn’t appear to speak Romanian. Guccifer 2.0 provided the Smoking Gun with leaked e-mails from Sarah Hamilton’s account, according to a story posted on that site on June 28. FireEye believes Guccifer 2.0 is a cover identity for APT28, Hultquist said.
In the case of Soros’s Open Society, hackers stole a trove of documents after accessing the foundation’s internal intranet, a system called Karl, according to a person familiar with its internal investigation. On August 3, the DCLeaks.com Twitter account tweeted “Check George Soros’s OSF plans to counter Russian policy and traditional values,” attaching a screenshot of a $500,000 budget request for an Open Society program designed to counter Russian influence among European democracies.
The hackers may have had access the foundations’ network for nearly a year, according to another person familiar with the investigation. Although Open Society has about 800 full-time staff, as many as 7,000 people have access to Karl, which is used to circulate draft program proposals, budgets and other internal documents.
DCLeaks.com provides a possible outline of the successful tactics used by the suspected Russian hackers, like targeting personal e-mail accounts to scoop up sensitive information.
The hackers were apparently reading Breedlove’s personal e-mails that went back to at least 2012, a period when he was among the highest-ranking U.S. military officers and was commander of the U.S. European Command and NATO Allied Command Operations.
Among Breedlove’s correspondents, according to DCLeaks.com, were former Secretary of the Air Force James Roche, former presidential candidate Wesley Clark and former Secretary of State Colin Powell. Efforts to contact Clark and Powell weren’t immediately successful.
Roche, in an e-mail, said Breedlove is a thoughtful officer who has worked hard for the betterment of the Air Force and his country. Of the Russians, Roche added: “I hope they learned that there are many dedicated officers who are thinking of the best ways to ensure that our country’s leaders can’t be bullied by Mr. Putin and his associates.”