The hackers who upended the 2016 U.S. presidential election had ambitions nicely past Hillary Clinton’s marketing campaign, concentrating on the emails of Ukrainian officers, Russian opposition figures, U.S. protection contractors and 1000’s of others of curiosity to the Kremlin, in accordance with a beforehand unpublished digital hit record obtained by The Related Press.
The record gives essentially the most detailed forensic proof but of the shut alignment between the hackers and the Russian authorities, exposing an operation that stretched again years and tried to interrupt into the inboxes of four,700 Gmail customers throughout the globe — from the pope’s consultant in Kiev to the punk band Pussy Riot in Moscow.
READ MORE: Russian navy hacked U.S. voting software program provider simply earlier than election
“It’s a want record of who you’d need to goal to additional Russian pursuits,” stated Keir Giles, director of the Battle Research Analysis Middle in Cambridge, England, and one in every of 5 exterior consultants who reviewed the AP’s findings.
He stated the information was “a grasp record of people whom Russia wish to spy on, embarrass, discredit or silence.”
The AP findings draw on a database of 19,000 malicious hyperlinks collected by cybersecurity agency Secureworks, dozens of rogue emails, and interviews with greater than 100 hacking targets.
WATCH: Putin says hackers will be anyplace, might have shifted blame to Russia
Secureworks stumbled upon the information after a hacking group often called Fancy Bear by chance uncovered a part of its phishing operation to the web. The record revealed a direct line between the hackers and the leaks that rocked the presidential contest in its remaining levels, most notably the personal emails of Clinton marketing campaign chairman John Podesta.
The problem of who hacked the Democrats is again within the nationwide highlight following the revelation Monday Donald Trump marketing campaign official, George Papadopoulos, was briefed early final 12 months that the Russians had “dust” on Clinton, together with “1000’s of emails.”
Kremlin spokesman Dmitry Peskov referred to as the notion that Russia interfered “unfounded.” However the record examined by AP gives highly effective proof that the Kremlin did simply that.
“That is the Kremlin and the final workers,” stated Andras Racz, a specialist in Russian safety coverage at Pazmany Peter Catholic College in Hungary, as he examined the information.
“I’ve no doubts.”
The brand new proof
Secureworks’ record covers the interval between March 2015 and Might 2016. A lot of the recognized targets have been in the USA, Ukraine, Russia, Georgia and Syria.
In the USA, which was Russia’s Chilly Warfare rival, Fancy Bear tried to pry open no less than 573 inboxes belonging to these within the high echelons of the nation’s diplomatic and safety companies: then-Secretary of State John Kerry, former Secretary of State Colin Powell, then-NATO Supreme Commander, U.S. Air Pressure Gen. Philip Breedlove, and one in every of his predecessors, U.S. Military Gen. Wesley Clark.
WATCH: NSA contractor named ‘Actuality Winner’ charged with leaking paperwork on Russia
The record skewed towards staff for protection contractors reminiscent of Boeing, Raytheon and Lockheed Martin or senior intelligence figures, distinguished Russia watchers and — particularly — Democrats. Greater than 130 occasion staff, marketing campaign staffers and supporters of the occasion have been focused, together with Podesta and different members of Clinton’s internal circle.
The AP additionally discovered a handful of Republican targets.
Podesta, Powell, Breedlove and greater than a dozen Democratic targets moreover Podesta would quickly discover their personal correspondence dumped to the net. The AP has decided that every one had been focused by Fancy Bear, most of them three to seven months earlier than the leaks.
“They received two years of electronic mail,” Powell just lately advised AP. He stated that whereas he couldn’t know for positive who was accountable, “I all the time suspected some Russian connection.”
In Ukraine, which is preventing a grinding struggle towards Russia-backed separatists, Fancy Bear tried to interrupt into no less than 545 accounts, together with these of President Petro Poroshenko and his son Alexei, half a dozen present and former ministers reminiscent of Inside Minister Arsen Avakov and as many as two dozen present and former lawmakers.
The record contains Serhiy Leshchenko, an opposition parliamentarian who helped uncover the off-the-books funds allegedly made to Trump marketing campaign chairman Paul Manafort — whose indictment was unsealed Monday in Washington.
WATCH: 126 million People fed faux information from Russian trolls
In Russia, Fancy Bear centered on authorities opponents and dozens of journalists. Among the many targets have been oil tycoon-turned-Kremlin foe Mikhail Khodorkovsky, who spent a decade in jail and now lives in exile, and Pussy Riot’s Maria Alekhina. Together with them have been 100 extra civil society figures, together with anti-corruption campaigner Alexei Navalny and his lieutenants.
“Every thing on this record suits,” stated Vasily Gatov, a Russian media analyst who was himself among the many targets. He stated Russian authorities would have been significantly all for Navalny, one of many few opposition leaders with a nationwide following.
Most of the targets have little in frequent besides that they’d have been crossing the Kremlin’s radar: an environmental activist within the distant Russian port metropolis of Murmansk; a small political journal in Armenia; the Vatican’s consultant in Kiev; an grownup training group in Kazakhstan.
“It’s merely laborious to see how some other nation can be significantly all for their actions,” stated Michael Kofman, an skilled on Russian navy affairs on the Woodrow Wilson Worldwide Middle in Washington. He was additionally on the record.
“In the event you’re not Russia,” he stated, “hacking these folks is a colossal waste of time.”
Working 9 to six Moscow time
Allegations that Fancy Bear works for Russia aren’t new. However uncooked knowledge has been laborious to return by.
Researchers have been documenting the group’s actions for greater than a decade and plenty of have accused it of being an extension of Russia’s intelligence companies. The “Fancy Bear” nickname is a none-too-subtle reference to Russia’s nationwide image.
Within the wake of the 2016 election, U.S. intelligence companies publicly endorsed the consensus view, saying what American spooks had lengthy alleged privately: Fancy Bear is a creature of the Kremlin.
However the U.S. intelligence group offered little proof, and even media-friendly cybersecurity firms usually publish solely summaries of their knowledge.
That makes the Secureworks’ database a key piece of public proof — all of the extra exceptional as a result of it’s the results of a careless mistake.
Secureworks successfully stumbled throughout it when a researcher started working backward from a server tied to one in every of Fancy Bear’s signature items of malicious software program.
WATCH: Trump says he talked joint cybersecurity unit with Putin
He discovered a hyperactive Bitly account Fancy Bear was utilizing to sneak 1000’s of malicious hyperlinks previous Google’s spam filter. As a result of Fancy Bear forgot to set the account to personal, Secureworks spent the subsequent few months hovering over the group’s shoulder, quietly copying down the main points of the 1000’s of emails it was concentrating on.
The AP obtained the information just lately, boiling it right down to four,700 particular person electronic mail addresses, after which connecting roughly half to account holders. The AP validated the record by working it towards a pattern of phishing emails obtained from folks focused and evaluating it to comparable rosters gathered independently by different cybersecurity firms, reminiscent of Tokyo-based Pattern Micro and the Slovakian agency ESET.
The Secureworks knowledge allowed reporters to find out that greater than 95 % of the malicious hyperlinks have been generated throughout Moscow workplace hours — between 9 a.m. and 6 p.m. Monday to Friday.
The AP’s findings additionally monitor with a report that first introduced Fancy Bear to the eye of American voters. In 2016, a cybersecurity firm often called CrowdStrike stated the Democratic Nationwide Committee had been compromised by Russian hackers, together with Fancy Bear.
Secureworks’ roster reveals Fancy Bear making aggressive makes an attempt to hack into DNC technical staffers’ emails in early April 2016 — precisely when CrowdStrike says the hackers broke in.
WATCH: Canadian cyber safety present process assessment, says Trudeau amid Russian hacking
And the uncooked knowledge enabled the AP to talk on to the individuals who have been focused, lots of whom pointed the finger on the Kremlin.
“We have now no doubts about who’s behind these assaults,” stated Artem Torchinskiy, a undertaking coordinator with Navalny’s Anti-Corruption Fund who was focused 3 times in 2015. “I’m positive these are hackers managed by Russian secret companies.”
The parable of the 400-pound man
Even when solely a small fraction of the four,700 Gmail accounts focused by Fancy Bear have been hacked efficiently, the information drawn from them might run into terabytes — simply rivaling the most important identified leaks in journalistic historical past.
For the hackers to have made sense of that mountain of messages — in English, Ukrainian, Russian, Georgian, Arabic and plenty of different languages — they’d have wanted a considerable workforce of analysts and translators. Merely figuring out and sorting the targets took six AP reporters eight weeks of labor.
The AP’s effort gives “just a little really feel for the way a lot labor went into this,” stated Thomas Rid, a professor of strategic research at Johns Hopkins College’s Faculty of Superior Worldwide Research.
He stated the investigation ought to put to relaxation any theories just like the one then-candidate Donald Trump floated final 12 months that the hacks could possibly be the work of “somebody sitting on their mattress that weighs 400 kilos.”
“The notion that it’s only a lone hacker someplace is totally absurd,” Rid stated.