Russians used U.S.’s own online tools for hacking
WASHINGTON — Exactly seven months before the 2016 presidential election, Russian government hackers made it onto a Democratic committee’s network.
One of their carefully crafted fraudulent emails had hit pay dirt, enticing an employee to click a link and enter her password.
That breach of the Democratic Congressional Campaign Committee was the first significant step in gaining access to the Democratic National Committee network.
To steal politically sensitive information, prosecutors say, the hackers exploited some of the United States’ own computer infrastructure against it, using servers they leased in Arizona and Illinois. The details were included in an indictment released last week by special counsel Robert Mueller, who accused the GRU, Russia’s military intelligence agency, of taking part in a wide-ranging conspiracy to interfere in the 2016 presidential election. The companies operating the servers were not identified in the court papers.
The Russians are accused of exploiting their access to inexpensive, powerful servers worldwide — conveniently available for rental — that can be used to commit crimes with impunity.
The indictment painstakingly reconstructs the hackers’ movements using web servers and a complex bitcoin financing operation.
Two Russian hacking units were charged with tasks, including the creation and management of a hacking tool called “X-agent” that was implanted onto computers. The software allowed them to monitor activity on computers by individuals, steal passwords and maintain access to hacked networks. It captured each keystroke on infected computers and took screenshots of activity displayed on computer screens, including an employee viewing the DCCC’s online banking information.
From April to June 2016, the hackers installed updated versions of their software on at least 10 Democratic computers. The software transmitted information from the infected computers to a GRU-leased server in Arizona, the indictment said. The hackers also created an overseas computer to act as a “middle server” to obscure any connections.
In emails, the hackers embedded a link that purported to be a spreadsheet of Clinton’s favourability ratings, but instead it directed the computers to send its data to a GRU-created website.
Meanwhile, around the same time, the hackers broke into 33 DNC computers and installed their software on their network.
The indictment also shows the reliance of Russian government hackers on American technology companies such as Twitter, to spread its stolen documents.
The hackers also accessed DNC data in September 2016 by breaking into DNC computers hosted on the Amazon Web Services’ cloud.