Leaked chats show alleged Russian spy seeking hacking tools
MOSCOW (AP) — Six years ago, a Russian-speaking cybersecurity researcher received an unsolicited email from Kate S. Milton.
Milton claimed to work for the Moscow-based anti-virus firm Kaspersky. In an exchange that began in halting English and quickly switched to Russian, Milton said she was impressed by the researcher’s work on exploits — the digital lock picks used by hackers to break into vulnerable systems — and wanted to be copied in on any new ones that the researcher came across.
“You almost always have all the top-end exploits,” Milton said, after complimenting the researcher about a post to her website, where she often dissected malicious software.
“So that our contact isn’t one-sided, I’d offer you my help analyzing malicious viruses, and as I get new samples I’ll share,” Milton continued. “What do you think?”
The researcher — who works as a security engineer and runs the malware-sharing site on the side — always had a pretty good idea that Milton wasn’t who she said she was. Last month, she got confirmation via an FBI indictment.
The indictment , made public on July 13, lifted the lid on the Russian hacking operation that targeted the 2016 U.S. presidential election. It identified “Kate S. Milton” as an alias for military intelligence officer Ivan Yermakov, one of 12 Russian spies accused of breaking into the Democratic National Committee and publishing its emails in an attempt to influence the 2016 election.
The researcher, who gave her exchanges with Milton to The Associated Press on condition of anonymity, said she wasn’t pleased to learn she had been corresponding with an alleged Russian spy. But she wasn’t particularly surprised either.
“This area of research is a magnet for suspicious people,” she said.
The researcher and Milton engaged in a handful of conversations between April 2011 and March 2012. But even their sparse exchanges, along with a few digital breadcrumbs left behind by Yermakov and his colleagues, offer insight into the men behind the keyboards at Russia’s Main Intelligence Directorate, or GRU.
It isn’t unusual for messages like Milton’s to come in out of the blue, especially in the relatively small world of independent malware analysts.
“There was nothing particularly unusual in her approach,” the researcher said. “I had very similar interactions with amateur and professional researchers from different countries.”
The pair corresponded for a while. Milton shared a piece of malicious code at one point and sent over a hacking-related YouTube video at another, but contact fizzled out after a few months.
Then, the following year, Milton got back in touch.
“It’s been all work, work, work,” Milton said by way of apology, before quickly getting to the point. She needed new lock picks.
“I know that you can help,” she wrote. “I’m working on a new project and I really need contacts that can provide information or have contacts with people who have new exploits. I am willing to pay for them.”
In particular, Milton said she wanted information on a recently disclosed vulnerability codenamed CVE-2012-0002 - a critical Microsoft flaw that could allow hackers to remotely compromise some Windows computers. Milton had heard that someone had already cobbled together a working exploit. “I’d like to get it,” she said. The researcher demurred. The trade in exploits — for use by spies, cops, surveillance companies or criminals — can be a seedy one.
“I usually steer clear from any wannabe buyers and sellers,” she told the AP.
She politely declined - and never heard from Milton again.
Milton’s Twitter account whose profile photo features “Lost” star Evangeline Lilly — is long dormant. The last few messages carry urgent, awkwardly worded appeals for exploits or tips about vulnerabilities.
“Help me find detailed description CVE-2011-0978,” one message reads, referring to a bug in PHP, a coding language often used for websites. “Need a work exploit,” the message continues, ending with a smiley face.