DOJ Unveils More Sweeping Cyber-Charges Against Russian Intelligence Officers

Oct 19, 2020
Originally published on October 20, 2020 11:36 am

Updated at 2:33 p.m. ET

The Justice Department unsealed charges against six alleged Russian government hackers on Monday and said they were behind a rash of recent cyberattacks — from damaging Ukraine's electrical grid to interfering in France's election to spying on European investigations and more.

The men work for the Russian military intelligence agency GRU — which also led Russian cyber-interference in the 2016 U.S. presidential election. Justice Department officials said Moscow has only sustained or heightened its intensity of effort since then.

"No country has weaponized its cyber capabilities as maliciously or irresponsibly as Russia, wantonly causing unprecedented damage to pursue small tactical advantages and to satisfy fits of spite," said John C. Demers, assistant attorney general for national security.

"Today the department has charged these Russian officers with conducting the most disruptive and destructive series of computer attacks ever attributed to a single group. ... No nation will recapture greatness while behaving in this way."

The defendants are charged with conspiracy to conduct computer fraud and abuse, conspiracy to commit wire fraud, wire fraud, damaging protected computers and aggravated identity theft in an indictment returned by a federal grand jury in Pittsburgh.

One alleged GRU cyber-operative in Monday's case, Anatoliy Sergeyevich Kovalev, also has been charged once before in a case under former special counsel Robert Mueller.

The consequences

The men, who are in Russia, are unlikely to see the inside of an American courtroom. But U.S. officials believe that preparing criminal cases like this one contributes to a deterrent strategy.

For one thing, the level of detail included in the indictment suggests that American authorities are so confident about their insight into the workings of Russia's cyber-operations that the U.S. intelligence community didn't mind revealing how much it knows.

The charges also impose at least some some theoretical inconvenience on the defendants by making it more difficult for them to travel to a country in which they could potentially be arrested on an American warrant.

"For more than two years we have worked tirelessly to expose these Russian GRU Officers who engaged in a global campaign of hacking, disruption and destabilization, representing the most destructive and costly cyberattacks in history," said U.S. Attorney Scott W. Brady of the Western District of Pennsylvania, which worked with the Pittsburgh grand jury.

"The crimes committed by Russian government officials were against real victims who suffered real harm. We have an obligation to hold accountable those who commit crimes – no matter where they reside and no matter for whom they work – in order to seek justice on behalf of these victims."

Huge breadth to alleged global hacking

The Justice Department detailed seven examples of what it called the malign work done by the six Russians charged on Monday.

First, starting in December 2015, were cyberattacks that damaged Ukraine's electrical grid. Then, in the spring of 2017 were election interference targeted at France's elections. In the summer of that same year, U.S. authorities linked the defendants to the spread of malware called NotPetya, which hurt hospitals and other targets in western Pennsylvania, putting the matter within Brady's jurisdiction.

A fourth example of cyber-mischief were months' worth of spear-phishing campaigns and other cyberattacks targeting South Koreans in connection with the 2018 Winter Olympics, and a fifth, an attack on the Olympics' opening ceremony. In the spring of 2018 the Russians allegedly attacked European and British officials investigating the nerve agent poisoning by Russian would-be assassins of Sergei Skripal and others in the United Kingdom.

Last, in the indictment unsealed Monday, is the example of a spear-phishing campaign that targeted a media company and political leaders in the European nation of Georgia, which ran into last year.

"Cybersecurity researchers have tracked the conspirators and their malicious activity using the labels 'Sandworm Team,' 'Telebots,' 'Voodoo Bear,' and 'Iron Viking,' " the Justice Department said in a statement Monday.

Resonance for U.S. elections context

Although the allegations in the charges revealed Monday involve activity focused outside the United States, the indictments brought a reminder about the cyber-threat that continues to pose risks to American elections.

The FBI and Cybersecurity and Infrastructure Security Agency have been releasing a stream of bulletins about what they call prospective cyber-perils in the final weeks of election season, including the possibility for attempts to compromise a number of election-adjacent targets, if not the actual counting of votes.

Attackers might try to shut down or spoof websites that show tallies, for example, authorities say, or try to make it appear as though important databases such as voter rolls had been compromised, whether or not they actually had been.

Attackers' goals are as much to sow doubt and uncertainty as they are to bring about specific political consequences within the United States, authorities say.

Cyber experts also observed on Monday that the French election interference referenced in the GRU indictment means that Americans should be on guard for similar attacks in the United States — specifically, the release of stolen, altered or wholly fraudulent materials intended to change an election by embarrassing their targets.

"This [GRU unit's] involvement in election interference in France is especially important as we near the end of elections in the US," said John Hultquist, senior director of analysis for Mandiant Threat Intelligence.

"One possible scenario we are anticipating is a very late-game hack-and-leak operation, such as the one that was carried out in France. This incident is a reminder that dramatic late-game operations are possible in the eleventh hour. Additionally, leaked information included fabricated materials, a reminder that actors may mix legitimate, stolen materials with items they have fabricated themselves."

Copyright 2020 NPR. To see more, visit https://www.npr.org.

NOEL KING, HOST:

The Justice Department has charged six Russian intelligence officers in connection with hacking computer systems around the world. The U.S., France and Ukraine were all affected, other countries and some companies, too. NPR justice correspondent Ryan Lucas is here with details. Good morning, Ryan.

RYAN LUCAS, BYLINE: Good morning, Noel.

KING: How significant were these attacks?

LUCAS: These attacks are a big deal. Officials and experts say that they're some of the most damaging cyberattacks that we've seen in recent years. And the indictment spells them all out. It starts with cyberattacks that targeted Ukraine's electricity grid back in the winters of 2015 and 2016. Here's how the head of the Justice Department's national security division, John Demers, described those.

(SOUNDBITE OF ARCHIVED RECORDING)

JOHN DEMERS: These attacks turned out the lights and turned off the heat in the middle of the Eastern European winter as the lives of hundreds of thousands of Ukrainian men, women and children went dark and cold.

LUCAS: Now, the defendants are also accused of a really nasty cyberattack known as NotPetya that initially targeted Ukraine but very quickly spread across the globe. It caused billions of dollars in damages including in the United States. The indictment says that it knocked a hospital system in Pennsylvania offline, including its critical systems. And one company in the U.S., according to the indictment, spent half a billion dollars dealing with the fallout from that attack.

KING: OK. So that's a lot of money and also, in the case of Ukraine, a lot of people hurt.

LUCAS: Absolutely. Absolutely. And there's more in the indictment, more attacks. They allegedly conducted a hack and leak operation in the run up to France's 2017 election. That targeted the campaign of the now president of France, Emmanuel Macron. Then there are cyberattacks targeting the 2018 Winter Olympics in South Korea. There's an interesting thing in the indictment here saying that the Russians tried to leave digital fingerprints behind to frame North Korea for that one. And finally, there are hacks that targeted the investigations that British and international authorities were conducting into the poisoning of a former Russian spy in the U.K. with a nerve agent.

KING: Who are these guys that the Justice Department is charging?

LUCAS: So the department says that all six men who are facing charges are current or former members of Russia's military intelligence agency. That's the GRU. It's the same Russian intelligence service that was responsible for some of the hacks that we saw targeting the U.S. election back in 2016. Interestingly, one of the defendants here was also charged as part of special counsel Robert Mueller's investigation back in 2018. But this new indictment and the allegations that are in it, it shows what Justice Department officials say is, really, Russia's reckless use of cyberattacks. Here, again, is the Justice Department's John Demers.

(SOUNDBITE OF ARCHIVED RECORDING)

DEMERS: No country has weaponized its cyber capabilities as maliciously and irresponsibly as Russia - wantonly causing unprecedented collateral damage to pursue small tactical advantages in fits of spite.

LUCAS: Now, the DOJ says these attacks pursued Russia's geopolitical goals. Take Ukraine, for example - Ukraine and Russia have been locked in a war now for several years in eastern Ukraine. Now, the hacks targeting the 2018 Olympics could be seen more as a fit of spite, as Demers put it there. Russian athletes were banned from competing under the Russian flag because of a massive, state-sponsored doping scandal in Russia.

KING: Really runs the gamut. Let me ask you lastly - so the GRU meddled in the 2016 election. Does this indictment say or suggest that they're interfering in this election?

LUCAS: There's nothing related to that in this indictment. And U.S. officials said in announcing these charges that the timing was not tied at all to the political schedule. That said, this is a good reminder of what Russian state hackers are capable of. And it also makes clear that they didn't tone it down after the U.S. called the Russians out for election interference back in 2016. In this case, none of the defendants is in U.S. custody. It's unlikely that any of them ever will be. Still, U.S. officials say it is worth putting the weight of the U.S. government behind these allegations and calling Russia out.

KING: Justice correspondent Ryan Lucas.

Thanks, Ryan.

LUCAS: Thank you. Transcript provided by NPR, Copyright NPR.