Long-hidden hackers unmasked by US special counsel




  • In World
  • 2018-07-14 02:54:31Z
  • By Associated Press
 

PARIS (AP) - On the morning of March 19, 2016, Den Katenberg ran a little test with big stakes.

The previous week, Katenberg's hacking crew had been bombarding the Hillary Clinton campaign's email accounts with fake Google warnings, trying to get her Brooklyn-based staff to panic, enter their passwords and open their digital lives to Russia's intelligence services.

But the going was tough. Even when Clinton staffers clicked the malicious links Katenberg crafted, two-factor authentication - a second, failsafe password test - still kept him out of their accounts.

After a day of testing on March 18, he took a different tack, striking the Clinton's campaign staff at their personal - and generally less secure - Gmail addresses. At 10:30 the next morning he carried out one last experiment, targeting himself at his own Gmail address to make sure his messages weren't being blocked.

An hour later he sent out a barrage of new malicious messages to more than 70 people, including one to Clinton campaign chair John Podesta. By the end of the day, he'd won access to one of the most important inboxes in American politics.

On Friday, the U.S. special counsel said Katenberg was an alias used by Lt. Aleksey Lukashev, an email phishing specialist with Unit 26165 of Russia's Main Intelligence Directorate, often abbreviated GRU.

Katenberg, who did not return multiple messages seeking comment, has been in The Associated Press' sights ever since his email was identified among a massive hacker hit list handed to the news agency by Secureworks last year.

It was that 19,000-line database that allowed the AP to reconstruct Katenberg's digital movements, logging every malicious link he and his colleagues created between March 2015 and May 2016.

The data show that the malicious emails came in waves, some 20 or 30 of them at a time, aimed at diplomats, journalists, defense contractors and other Russian intelligence targets across the world. Between the waves, sometimes only an hour or a few minutes before a major campaign, the hackers sent test emails to their own accounts to make sure they could still dodge Google's spam filters.

Katenberg's GRU hacking group, widely nicknamed "Fancy Bear," was locked in an arms race with the email giant. Every few months, Google would cotton on to the group's tactics and begin blocking its messages. The Secureworks list, along with more than 100 other phishing emails recovered from spying victims, showed how the GRU would respond by firing up a new batch of malicious websites, moving on to a new link shortening service, or trying a new brand of phishing message meant to lure its recipients into giving up their credentials.

"Someone has your password," was one particularly dire-sounding message sent by the GRU to a DNC staffer on March 25, 2016. Some messages played on their targets' fears of being hacked. One offered Gmail users a malicious "Anti-Phishing Guard App" to protect themselves from cybercriminals. Another particularly twisted message warned a Russian journalist that "Government-backed attackers may be trying to steal your password" - before directing him to a booby-trapped link.

But as good as the hackers were at extracting passwords from their victims, they also made mistakes.

For example, the Gmail address the GRU used to test-drive its phishing messages on March 19, 2016, was also used to register a Den Katenberg Twitter account , according to Twitter's "Find friends" feature. The AP also found a Facebook page using the same name and picture, although it's by no means clear that the accounts' black-and-white photograph of a young man in a dark sweater really belongs to Lukashev.

Both social media pages appeared dormant, but Lukashev and his colleagues may not be resting easy. Katenberg's Facebook profile vanished within minutes of the publication of this article. Across the internet, journalists were picking up traces of the once-anonymous hackers' digital trail, like the document posted to the website of a Moscow secondary school that identified Viktor Netyshko as the head of Unit 26165 - just as the U.S. indictment alleged.

For years men like Netyshko and Lukashev are alleged to have hunted America's secrets.

Now the world's media is after theirs.

__

Jim Heintz in Moscow contributed to this report.

___

Online:

Raphael Satter can be reached at: http://raphaelsatter.com

More AP reporting on Russian hacking: https://www.apnews.com/tag/Russianhacking

COMMENTS

More Related News

Trump Jr. Escapes Mueller Probe Despite the Trump Tower Meeting
Trump Jr. Escapes Mueller Probe Despite the Trump Tower Meeting

A key episode in Mueller's 22-month probe into Russian election meddling was a secret meeting that the president's eldest son took at Trump Tower in Manhattan in 2016 with a Russian lawyer connected to the Kremlin on the promise of being given dirt on Democrat Hillary Clinton. Now, one of the inquiry's most intriguing unanswered questions is why Trump Jr. remained largely untouched by Mueller despite his participation in the meeting and questions about whether he tried to cover it up. Also left unscathed was Jared Kushner, the president's son-in-law and senior adviser.

Hillary Clinton replied to AOC
Hillary Clinton replied to AOC's take down of Jared Kushner and we all need a minute

Brace yourself: AOC and Hillary Clinton have joined forces on Twitter to create a clapback so powerful that you may need to take a some deep breaths to compose yourself.It went down on Thursday night, when Alexandria Ocasio-Cortez tweeted a very straightforward "But his WhatsApp," after it was alleged that Jared Kushner had been communicating with foreign officials using WhatsApp. > But his WhatsApp https://t.co/kLO3ZHvdbO> > -- Alexandria Ocasio-Cortez (@AOC) March 22, 2019Kushner's behavior is obviously problematic on any number of levels, not least of which is that his father-in-law, President Donald Trump, ran his campaign against Hillary Clinton almost exclusively...

Cummings concerned about Jared, Ivanka private emails, texts
Cummings concerned about Jared, Ivanka private emails, texts

WASHINGTON (AP) - Ivanka Trump, the president's daughter and a powerful White House aide, did not preserve all of her official emails as required by federal law, and her husband, Jared Kushner, used a messaging application to conduct U.S. business outside government channels, the chairman of the House Oversight and Reform Committee said on Thursday.

'Change Is Closer Than We Think.' Inside Alexandria Ocasio-Cortez's Unlikely Rise
'Change Is Closer Than We Think.' Inside Alexandria Ocasio-Cortez's Unlikely Rise

Rep. Alexandria Ocasio-Cortez has become the second-most talked-about politician in America, after President Trump. Here's how she ascended.

Mueller Laid Out the Dots. His Report May Show If They Connect
Mueller Laid Out the Dots. His Report May Show If They Connect

During Mueller's two-year investigation, Americans have learned that Trump's associates repeatedly interacted with Russians and their conduits. Now, the special counsel could connect any dots -- if they exist -- and determine if the campaign worked with Russia to get Trump elected.

Leave a Comment

Your email address will not be published. Required fields are marked with *

Cancel reply

Comments

Top News: World

facebook
Hit "Like"
Don't miss any important news
Thanks, you don't need to show me this anymore.