WHO WAS BEHIND THE RUSSIAN HACKING SCANDAL?
It’s a story still being played out in the headlines – who cyber infiltrated US politics during the election, and what does a leggy female Russian hacker have to do with it?
Matthew Hall attempts to unravel who was responsible for the Russian cyber infiltration that overshadowed the recent US Presidential election and whether the leggy Russian with her own cyber-security business, later sanctioned by the US government, was actually involved… THE MYSTERY OF ALISHA SHEVCHENKO first came to light three days before the end of 2016. It was then that President Barack Obama livened up the last month of his presidency by striking back at Russia for its effort to allegedly influence the tumultuous Presidential election. This was an election that was many things – including one where a billionaire reality TV star was declared President of the United States – but also an election with unprecedented meddling by Russia in the US political process.
Russia, evidence suggested, hacked into the computer systems of the Democratic National Committee as well as (possibly) Republican party accounts. Compromising and embarrassing emails had been made public during the presidential campaign via Wikileaks with Donald Trump – thought to be Russian President Vladimir Putin’s preference to a Hillary Clinton victory – the beneficiary. No compromised Republican Party emails were ever released.
The Obama administration’s eventual response included the immediate expulsion of 35 suspected Russian spies operating in the US under the veiled description of ‘diplomats’. Obama also ordered the closure of two properties owned by the Russian government – one on Long Island in New York and another in Maryland – that the U.S. said were used for spying.
Then came a twist. In addition to the expulsions (which are considered the norm when governments are caught spying) the US announced Presidential Executive Order #13757 – more formally titled “Taking Additional Steps To Address The National Emergency With Respect To Significant Malicious Cyber-enabled Activities”. The order declared a “national emergency” based on groups or individuals that had “materially contributed to a significant threat to the national security, foreign policy, or economic health or financial stability of the United States.”
The intent was to ban a short list of organizations and individuals from doing business with the US. The list included Russia’s two top intelligence services – the GRU and FSB – which the Americans claimed had ordered the cyber attacks, as well as four senior military intelligence officers. Also listed were three Russian companies the Americans accused of being complicit in the cyber attack: Special Technology Center, a signals intelligence operation in St. Petersburg; the Autonomous Noncommercial Organization Professional Association of Designers of Data Processing Systems, a group that allegedly provides hacking training; and a company called Zorsecurity, also known as Esage Lab.
“All Americans should be alarmed by Russia’s actions,” President Obama said, announcing the sanctions.
President-elect Trump, meanwhile, was not convinced Russia was involved in the hacks. The Russian government meddling with American computer systems? Nah, said Trump. It could just as easily have been “somebody sitting on their bed that weighs 400 pounds.” Trump could not have been more wrong. Which is where we meet Alisa Shevchenko.
“HELLO STRANGER” is the alluring and fitting welcome message from Alisa Shevchenko on her website. “My name is Alisa,” she declares. “I am a human being. Part misfit, part mishacker. A businesswoman in the past as well as in a possible future.”
About 33 years old (Shevchenko previously told a reporter he was a “misogynist” when enquiring about her age), sports tattoos, a hip side-swept haircut, and a feisty Twitter account where she posts in Russian and English. She wears an R2D2 t-shirt in photos and describes herself as an “introverted computer geek”.
Over the past decade, Shevchenko made a name for herself in Russian hacking circles by “white hat hacking” – a practice where a hacker will test a business’s online security by trying to find any vulnerabilities in its websites and systems. She learned to code at 15 – self taught – and dropped out of university before starting her own business. She proved very good at her job – winning a hacking contest in Russia in 2014 – and received international recognition for her skills. In 2015, the US Department of Homeland Security’s Cyber Emergency Response Team credited her with finding holes in a French company’s software package that provided services to the energy, food, agriculture, and IT industries around the world.
Donald Trump’s idea of a hacker might be an overweight guy sitting on a bed somewhere tapping away at a laptop to hack the US political system. Shevchenko, however, could not be more different. But there she is – the founder of Zorsecurity and the person who the US government said provided Russia’s cyber spies “with technical research and development”. So we send a message that we would like to talk.
Alisa Shevchenko replies from Bangkok: I would be more interested in a decent interview about my work as a woman in traditionally male industries (info security, business, and now I guess, politics). As well as my attitudes as a human being. One or two questions about sanctions, sure – there is really not much to say about that.
We quickly reply with a list of questions that includes:
Why do you think your company was accused by the US government of being involved in the incident? · Does the anonymity of the internet influence behaviour by men toward women? · Is there solidarity between women online (social media as well as online communities)? · Does the attention the sanctions list has brought you make you a role model for young women? · Would you like to be a role model for younger women – both in the It/hacking world and generally?
These are good questions. I will take this week to process them.
The truth behind the alleged hack of the US election remains unknown outside of those who led the attack and the few Americans with Top Secret clearances who think they know what went on. The rest is educated guesses from academics and security experts who study this stuff for a living, or wild speculation from conspiracy theorists. The people who do know aren’t talking publicly but what we know is this: For decades, spy agencies from Russia have attempted and sometimes succeeded in breaking into US government computer systems. Similar attacks have been launched by Russian agencies against the British government. On the other hand, American agencies like the National Security Agency and Britain’s GCHQ have knocked on – and probably entered – Russian systems. This is what they all do.
In late 2015, however, things went up a notch. The FBI contacted the DNC to say it had knowledge of a breach of its computer systems. The FBI’S information was at best poorly communicated or, at worst, ignored by the DNC. There was no effective response. Six months later, the DNC finally hired cybersecurity consultants Crowdstrike to investigate a potential intrusion. Crowdstrike discovered two hacking groups – using online code names “Cozy Bear” and “Fancy Bear” – had stolen thousands of files from the DNC’S servers. In June, 2016, Crowdstrike released a report that linked Cozy Bear to the FSB and Fancy Bear to the FSU. A mysterious website appeared online with the name “Guccifer 2.0” that denounced Crowdstrike’s analysis that Russia’s spy agencies were involved in the hack and instead claimed that it was the work of one person. Guccifer then published DNC documents including an opposition-research file on Donald Trump and a list of major DNC donors. It also announced documents had been provided to Wikileaks.
Researchers, other hackers, journalists, academics, and security experts dug into Guccifer and its online trail to discover Guccifer – like much of the cast in this story – was not telling the truth. Guccifer was not a lone wolf. A trail of digital fingerprints revealed Fancy Bear had previously attacked 4,000 email accounts across the Ukraine, the Baltics, the US, China, and Iran, including military personnel. Fancy Bear had also accessed systems of the German parliament, the Italian military, the Saudi foreign ministry, and email accounts of Hillary Clinton’s campaign chairman John Podesta and the DNC. It was the latter hack that would cause problems in the US election.
In July, just days before the Democratic Party’s campaign convention in Philadelphia, Wikileaks published over 25,000 files from the DNC. The convention is supposed to be something of a celebration that anoints the party’s candidate for the Presidency. Instead of Hillarymania, however, the event was overshadowed by now-public emails from the Democratic Party’s leadership that revealed damning internal bias for Hillary Clinton over rival Bernie Sanders (the leadership is supposed to be even-handed in promoting candidates), potentially embarrassing communication between the DNC and selected media, and personal information including credit card and social security numbers of campaign donors. The revelations led to the resignation of Debbie Wasserman Schultz, the party chair, as well as the organization’s Chief Executive Officer, Chief Financial Officer and Communications Director. Wikileaks’ founder Julian Assange said he hoped the leaked emails would “harm Hillary Clinton’s chances to win the presidency”.
The US government’s evidence has been widely described as insufficient to nail Russia. On the other hand, cybersecurity experts say Russia’s intelligence agencies would have been dumb to not try and influence the US election considering how easy it appears it was to break into both the Democratic and Republican Party systems.
For Alisa Shevchenko, who claims she is innocent and had no role in the hack, these are all moot points. In Russian, ZOR
stands for “Digital Weapons Defence” but Shevchenko says she closed the company over a year ago – the publicity required to acquire clients was expensive and difficult to do. Instead, she says she works under her own name. Why would the US government place sanctions on a company that didn’t exist?
“What really happened: anonymous clerk at U. S. treasury googled the internet for ‘cyber’ while intel analysts were on their Christmas vacation,” Alisa Shevchenko tweeted after the sanctions were announced. “Another version: a naughty Santa, deep in the Christmas night, hacked into Obama’s computer and put some random Russian names in his papers.”
“I never work with douchebags,” Shevchenko was quoted as saying by The Guardian in an interview in January (more on this later). She was adamant she had not worked with Russian spies to hack the DNC. “I only work with honest and open people that I feel good about.”
She said the US had reached “a technically incompetent misinterpretation of the facts” or been fooled by “counterfeit in order to frame my company”. Business competitors, US intelligence or Russian intelligence could have been involved, she suggested. She was an easy fall guy, so to speak.
“A young female hacker and her helpless company seems like a perfect pick for that goal,” she told The Guardian. “I don’t try to hide, I travel a lot, and am a friendly communicative person. And most importantly, I don’t have any big money, power or connections behind me to shrug off the blame. So really, it could be anyone.”
Dimitri Alperovitch, the founder of Crowdstrike, the company that investigated the hack on behalf of the DNC, says his company did not link Shevchenko to the breach.
“This was [an] assessment by [the] US Government, not us,” he wrote in an email to Men’s Style. “I have no information on Alisa and her business.”
So how does someone like Alisa Shevchenko and her company end up connected to a hack like this? Few cybersecurity experts will comment on the record, if at all. One leading expert, speaking to Men’s Style off the record, says a lot of the confusion about who did what in the DNC hack and the flimsiness of the US evidence is because what was released was not intended for precise attribution. Reports on the hack released by the US government were more to help network defenders within the cybersecurity industry.
THE MYSTERY of Alisa Shevchenko becomes no clearer. Over the course of a week and across several online exchanges, Alisa Shevchenko punctually replies to emails during Bangkok’s early evening. One time, she writes to say she’s had second thoughts and doesn’t want to take part in an interview after all, even if part of the story goes beyond the American sanctions and explores what it is like to be female in the hacking world. She says to write a story, anyway, but in a clumsy and bizarre twist, she makes a note about previous media coverage where she claims she was misquoted.
Go ahead with the current work without me. Just don’t quote the Guardian’s title about douchebags: I never said that, and I am really upset about that (quite unfair and reputation-damaging) misquoting me for the sake of promoting their piece with a dirty headline.
She is referring to a headline from The Guardian’s January 6, 2016 story: “Young Russian denies she aided election hackers: ‘I never work with douchebags’”.
Clumsy because despite the smoke and mirrors of the internet, it is sometimes very easy to check facts.
“Of course she said it or I would not have used it,” writes Shaun Walker, The Guardian’s Moscow correspondent, in response to a question from Men’s Style about whether Alisa Shevchenko was misquoted in his story. “As it was a written interview, I suggest you direct her to check her sent messages.”
One thing we know for sure: truth, and emails, and the internet, don’t often mix very well. For her part, Shevchenko still feels there is more to tell. Eventually.
She signs off:
The sanctions story is not over yet. Cheers, Alisa