WHO WAS BE­HIND THE RUS­SIAN HACK­ING SCAN­DAL?

·

Men's Style (Australia) - - Contents -

It’s a story still be­ing played out in the head­lines – who cy­ber in­fil­trated US pol­i­tics dur­ing the elec­tion, and what does a leggy fe­male Rus­sian hacker have to do with it?

Matthew Hall at­tempts to un­ravel who was re­spon­si­ble for the Rus­sian cy­ber in­fil­tra­tion that over­shad­owed the re­cent US Pres­i­den­tial elec­tion and whether the leggy Rus­sian with her own cy­ber-se­cu­rity busi­ness, later sanc­tioned by the US gov­ern­ment, was ac­tu­ally in­volved… THE MYS­TERY OF ALISHA SHEVCHENKO first came to light three days be­fore the end of 2016. It was then that Pres­i­dent Barack Obama livened up the last month of his pres­i­dency by strik­ing back at Rus­sia for its ef­fort to al­legedly in­flu­ence the tu­mul­tuous Pres­i­den­tial elec­tion. This was an elec­tion that was many things – in­clud­ing one where a bil­lion­aire re­al­ity TV star was de­clared Pres­i­dent of the United States – but also an elec­tion with un­prece­dented med­dling by Rus­sia in the US po­lit­i­cal process.

Rus­sia, ev­i­dence sug­gested, hacked into the com­puter sys­tems of the Demo­cratic Na­tional Com­mit­tee as well as (pos­si­bly) Repub­li­can party ac­counts. Com­pro­mis­ing and em­bar­rass­ing emails had been made pub­lic dur­ing the pres­i­den­tial cam­paign via Wik­ileaks with Don­ald Trump – thought to be Rus­sian Pres­i­dent Vladimir Putin’s pref­er­ence to a Hil­lary Clin­ton vic­tory – the ben­e­fi­ciary. No com­pro­mised Repub­li­can Party emails were ever re­leased.

The Obama ad­min­is­tra­tion’s even­tual re­sponse in­cluded the im­me­di­ate ex­pul­sion of 35 sus­pected Rus­sian spies op­er­at­ing in the US un­der the veiled de­scrip­tion of ‘diplo­mats’. Obama also or­dered the clo­sure of two prop­er­ties owned by the Rus­sian gov­ern­ment – one on Long Is­land in New York and another in Mary­land – that the U.S. said were used for spy­ing.

Then came a twist. In ad­di­tion to the ex­pul­sions (which are con­sid­ered the norm when govern­ments are caught spy­ing) the US an­nounced Pres­i­den­tial Ex­ec­u­tive Or­der #13757 – more for­mally ti­tled “Tak­ing Ad­di­tional Steps To Ad­dress The Na­tional Emer­gency With Re­spect To Sig­nif­i­cant Ma­li­cious Cy­ber-en­abled Ac­tiv­i­ties”. The or­der de­clared a “na­tional emer­gency” based on groups or in­di­vid­u­als that had “ma­te­ri­ally con­trib­uted to a sig­nif­i­cant threat to the na­tional se­cu­rity, foreign pol­icy, or eco­nomic health or fi­nan­cial sta­bil­ity of the United States.”

The in­tent was to ban a short list of or­ga­ni­za­tions and in­di­vid­u­als from do­ing busi­ness with the US. The list in­cluded Rus­sia’s two top in­tel­li­gence ser­vices – the GRU and FSB – which the Amer­i­cans claimed had or­dered the cy­ber at­tacks, as well as four se­nior mil­i­tary in­tel­li­gence of­fi­cers. Also listed were three Rus­sian com­pa­nies the Amer­i­cans ac­cused of be­ing com­plicit in the cy­ber at­tack: Spe­cial Tech­nol­ogy Cen­ter, a sig­nals in­tel­li­gence op­er­a­tion in St. Peters­burg; the Au­ton­o­mous Non­com­mer­cial Or­ga­ni­za­tion Pro­fes­sional As­so­ci­a­tion of De­sign­ers of Data Pro­cess­ing Sys­tems, a group that al­legedly pro­vides hack­ing train­ing; and a com­pany called Zorse­cu­rity, also known as Esage Lab.

“All Amer­i­cans should be alarmed by Rus­sia’s ac­tions,” Pres­i­dent Obama said, an­nounc­ing the sanc­tions.

Pres­i­dent-elect Trump, mean­while, was not con­vinced Rus­sia was in­volved in the hacks. The Rus­sian gov­ern­ment med­dling with Amer­i­can com­puter sys­tems? Nah, said Trump. It could just as eas­ily have been “some­body sit­ting on their bed that weighs 400 pounds.” Trump could not have been more wrong. Which is where we meet Alisa Shevchenko.

“HELLO STRANGER” is the al­lur­ing and fit­ting wel­come mes­sage from Alisa Shevchenko on her web­site. “My name is Alisa,” she de­clares. “I am a hu­man be­ing. Part mis­fit, part mishacker. A busi­ness­woman in the past as well as in a pos­si­ble fu­ture.”

About 33 years old (Shevchenko pre­vi­ously told a re­porter he was a “misog­y­nist” when en­quir­ing about her age), sports tat­toos, a hip side-swept hair­cut, and a feisty Twit­ter ac­count where she posts in Rus­sian and English. She wears an R2D2 t-shirt in pho­tos and de­scribes her­self as an “in­tro­verted com­puter geek”.

Over the past decade, Shevchenko made a name for her­self in Rus­sian hack­ing cir­cles by “white hat hack­ing” – a prac­tice where a hacker will test a busi­ness’s on­line se­cu­rity by try­ing to find any vul­ner­a­bil­i­ties in its web­sites and sys­tems. She learned to code at 15 – self taught – and dropped out of uni­ver­sity be­fore start­ing her own busi­ness. She proved very good at her job – win­ning a hack­ing con­test in Rus­sia in 2014 – and re­ceived in­ter­na­tional recog­ni­tion for her skills. In 2015, the US De­part­ment of Home­land Se­cu­rity’s Cy­ber Emer­gency Re­sponse Team cred­ited her with find­ing holes in a French com­pany’s soft­ware pack­age that pro­vided ser­vices to the en­ergy, food, agri­cul­ture, and IT in­dus­tries around the world.

Don­ald Trump’s idea of a hacker might be an over­weight guy sit­ting on a bed some­where tap­ping away at a lap­top to hack the US po­lit­i­cal sys­tem. Shevchenko, how­ever, could not be more dif­fer­ent. But there she is – the founder of Zorse­cu­rity and the per­son who the US gov­ern­ment said pro­vided Rus­sia’s cy­ber spies “with tech­ni­cal re­search and de­vel­op­ment”. So we send a mes­sage that we would like to talk.

Alisa Shevchenko replies from Bangkok: I would be more in­ter­ested in a de­cent in­ter­view about my work as a woman in tra­di­tion­ally male in­dus­tries (info se­cu­rity, busi­ness, and now I guess, pol­i­tics). As well as my at­ti­tudes as a hu­man be­ing. One or two ques­tions about sanc­tions, sure – there is re­ally not much to say about that.

We quickly re­ply with a list of ques­tions that in­cludes:

Why do you think your com­pany was ac­cused by the US gov­ern­ment of be­ing in­volved in the in­ci­dent? · Does the anonymity of the in­ter­net in­flu­ence be­hav­iour by men to­ward women? · Is there sol­i­dar­ity be­tween women on­line (so­cial me­dia as well as on­line com­mu­ni­ties)? · Does the at­ten­tion the sanc­tions list has brought you make you a role model for young women? · Would you like to be a role model for younger women – both in the It/hack­ing world and gen­er­ally?

Alisa replies:

These are good ques­tions. I will take this week to process them.

The truth be­hind the al­leged hack of the US elec­tion re­mains un­known out­side of those who led the at­tack and the few Amer­i­cans with Top Se­cret clear­ances who think they know what went on. The rest is ed­u­cated guesses from aca­demics and se­cu­rity ex­perts who study this stuff for a liv­ing, or wild spec­u­la­tion from con­spir­acy the­o­rists. The peo­ple who do know aren’t talk­ing pub­licly but what we know is this: For decades, spy agen­cies from Rus­sia have at­tempted and some­times suc­ceeded in break­ing into US gov­ern­ment com­puter sys­tems. Sim­i­lar at­tacks have been launched by Rus­sian agen­cies against the Bri­tish gov­ern­ment. On the other hand, Amer­i­can agen­cies like the Na­tional Se­cu­rity Agency and Bri­tain’s GCHQ have knocked on – and prob­a­bly en­tered – Rus­sian sys­tems. This is what they all do.

In late 2015, how­ever, things went up a notch. The FBI con­tacted the DNC to say it had knowl­edge of a breach of its com­puter sys­tems. The FBI’S in­for­ma­tion was at best poorly com­mu­ni­cated or, at worst, ig­nored by the DNC. There was no ef­fec­tive re­sponse. Six months later, the DNC fi­nally hired cy­ber­se­cu­rity con­sul­tants Crowd­strike to in­ves­ti­gate a po­ten­tial in­tru­sion. Crowd­strike dis­cov­ered two hack­ing groups – us­ing on­line code names “Cozy Bear” and “Fancy Bear” – had stolen thou­sands of files from the DNC’S servers. In June, 2016, Crowd­strike re­leased a re­port that linked Cozy Bear to the FSB and Fancy Bear to the FSU. A mys­te­ri­ous web­site ap­peared on­line with the name “Guc­cifer 2.0” that de­nounced Crowd­strike’s anal­y­sis that Rus­sia’s spy agen­cies were in­volved in the hack and in­stead claimed that it was the work of one per­son. Guc­cifer then pub­lished DNC doc­u­ments in­clud­ing an op­po­si­tion-re­search file on Don­ald Trump and a list of ma­jor DNC donors. It also an­nounced doc­u­ments had been pro­vided to Wik­ileaks.

Re­searchers, other hack­ers, jour­nal­ists, aca­demics, and se­cu­rity ex­perts dug into Guc­cifer and its on­line trail to dis­cover Guc­cifer – like much of the cast in this story – was not telling the truth. Guc­cifer was not a lone wolf. A trail of dig­i­tal fin­ger­prints re­vealed Fancy Bear had pre­vi­ously at­tacked 4,000 email ac­counts across the Ukraine, the Baltics, the US, China, and Iran, in­clud­ing mil­i­tary per­son­nel. Fancy Bear had also ac­cessed sys­tems of the Ger­man par­lia­ment, the Ital­ian mil­i­tary, the Saudi foreign min­istry, and email ac­counts of Hil­lary Clin­ton’s cam­paign chair­man John Podesta and the DNC. It was the lat­ter hack that would cause prob­lems in the US elec­tion.

In July, just days be­fore the Demo­cratic Party’s cam­paign con­ven­tion in Philadel­phia, Wik­ileaks pub­lished over 25,000 files from the DNC. The con­ven­tion is sup­posed to be some­thing of a cel­e­bra­tion that anoints the party’s can­di­date for the Pres­i­dency. In­stead of Hil­lary­ma­nia, how­ever, the event was over­shad­owed by now-pub­lic emails from the Demo­cratic Party’s lead­er­ship that re­vealed damn­ing in­ter­nal bias for Hil­lary Clin­ton over ri­val Bernie San­ders (the lead­er­ship is sup­posed to be even-handed in pro­mot­ing can­di­dates), po­ten­tially em­bar­rass­ing com­mu­ni­ca­tion be­tween the DNC and se­lected me­dia, and per­sonal in­for­ma­tion in­clud­ing credit card and so­cial se­cu­rity num­bers of cam­paign donors. The rev­e­la­tions led to the res­ig­na­tion of Deb­bie Wasser­man Schultz, the party chair, as well as the or­ga­ni­za­tion’s Chief Ex­ec­u­tive Of­fi­cer, Chief Fi­nan­cial Of­fi­cer and Com­mu­ni­ca­tions Di­rec­tor. Wik­ileaks’ founder Ju­lian As­sange said he hoped the leaked emails would “harm Hil­lary Clin­ton’s chances to win the pres­i­dency”.

The US gov­ern­ment’s ev­i­dence has been widely de­scribed as in­suf­fi­cient to nail Rus­sia. On the other hand, cy­ber­se­cu­rity ex­perts say Rus­sia’s in­tel­li­gence agen­cies would have been dumb to not try and in­flu­ence the US elec­tion con­sid­er­ing how easy it ap­pears it was to break into both the Demo­cratic and Repub­li­can Party sys­tems.

For Alisa Shevchenko, who claims she is in­no­cent and had no role in the hack, these are all moot points. In Rus­sian, ZOR

stands for “Dig­i­tal Weapons De­fence” but Shevchenko says she closed the com­pany over a year ago – the pub­lic­ity re­quired to ac­quire clients was ex­pen­sive and dif­fi­cult to do. In­stead, she says she works un­der her own name. Why would the US gov­ern­ment place sanc­tions on a com­pany that didn’t ex­ist?

“What re­ally hap­pened: anony­mous clerk at U. S. trea­sury googled the in­ter­net for ‘cy­ber’ while in­tel an­a­lysts were on their Christ­mas va­ca­tion,” Alisa Shevchenko tweeted af­ter the sanc­tions were an­nounced. “Another ver­sion: a naughty Santa, deep in the Christ­mas night, hacked into Obama’s com­puter and put some ran­dom Rus­sian names in his papers.”

“I never work with douchebags,” Shevchenko was quoted as say­ing by The Guardian in an in­ter­view in Jan­uary (more on this later). She was adamant she had not worked with Rus­sian spies to hack the DNC. “I only work with hon­est and open peo­ple that I feel good about.”

She said the US had reached “a tech­ni­cally in­com­pe­tent mis­in­ter­pre­ta­tion of the facts” or been fooled by “coun­ter­feit in or­der to frame my com­pany”. Busi­ness com­peti­tors, US in­tel­li­gence or Rus­sian in­tel­li­gence could have been in­volved, she sug­gested. She was an easy fall guy, so to speak.

“A young fe­male hacker and her help­less com­pany seems like a per­fect pick for that goal,” she told The Guardian. “I don’t try to hide, I travel a lot, and am a friendly com­mu­nica­tive per­son. And most im­por­tantly, I don’t have any big money, power or con­nec­tions be­hind me to shrug off the blame. So re­ally, it could be any­one.”

Dim­itri Alper­ovitch, the founder of Crowd­strike, the com­pany that in­ves­ti­gated the hack on be­half of the DNC, says his com­pany did not link Shevchenko to the breach.

“This was [an] as­sess­ment by [the] US Gov­ern­ment, not us,” he wrote in an email to Men’s Style. “I have no in­for­ma­tion on Alisa and her busi­ness.”

So how does some­one like Alisa Shevchenko and her com­pany end up con­nected to a hack like this? Few cy­ber­se­cu­rity ex­perts will com­ment on the record, if at all. One lead­ing ex­pert, speak­ing to Men’s Style off the record, says a lot of the con­fu­sion about who did what in the DNC hack and the flim­si­ness of the US ev­i­dence is be­cause what was re­leased was not in­tended for pre­cise at­tri­bu­tion. Reports on the hack re­leased by the US gov­ern­ment were more to help net­work de­fend­ers within the cy­ber­se­cu­rity in­dus­try.

THE MYS­TERY of Alisa Shevchenko be­comes no clearer. Over the course of a week and across sev­eral on­line ex­changes, Alisa Shevchenko punc­tu­ally replies to emails dur­ing Bangkok’s early evening. One time, she writes to say she’s had sec­ond thoughts and doesn’t want to take part in an in­ter­view af­ter all, even if part of the story goes be­yond the Amer­i­can sanc­tions and ex­plores what it is like to be fe­male in the hack­ing world. She says to write a story, any­way, but in a clumsy and bizarre twist, she makes a note about pre­vi­ous me­dia cover­age where she claims she was mis­quoted.

She writes:

Go ahead with the cur­rent work with­out me. Just don’t quote the Guardian’s ti­tle about douchebags: I never said that, and I am re­ally up­set about that (quite un­fair and rep­u­ta­tion-dam­ag­ing) mis­quot­ing me for the sake of pro­mot­ing their piece with a dirty head­line.

She is re­fer­ring to a head­line from The Guardian’s Jan­uary 6, 2016 story: “Young Rus­sian de­nies she aided elec­tion hack­ers: ‘I never work with douchebags’”.

Clumsy be­cause de­spite the smoke and mir­rors of the in­ter­net, it is some­times very easy to check facts.

“Of course she said it or I would not have used it,” writes Shaun Walker, The Guardian’s Moscow cor­re­spon­dent, in re­sponse to a ques­tion from Men’s Style about whether Alisa Shevchenko was mis­quoted in his story. “As it was a writ­ten in­ter­view, I sug­gest you di­rect her to check her sent mes­sages.”

One thing we know for sure: truth, and emails, and the in­ter­net, don’t of­ten mix very well. For her part, Shevchenko still feels there is more to tell. Even­tu­ally.

She signs off:

The sanc­tions story is not over yet. Cheers, Alisa

Newspapers in English

Newspapers from Australia

© PressReader. All rights reserved.