US experts: Gas firm key to impeachment hacked
Russians blamed in email breach of Ukraine’s Burisma
BOSTON — A U.S. cybersecurity company says Russian military agents have successfully hacked the Ukrainian gas company at the center of the scandal that led to President Donald Trump’s impeachment.
Russian agents launched a phishing campaign in early November to steal the login credentials of employees of Burisma Holdings, the gas company, according to Area 1 Security, a Silicon Valley company that specializes in email security.
Hunter Biden, son of former vice president and Democratic presidential hopeful Joe Biden, previously served on Burisma’s board.
It was not clear what the hackers were looking for or may have obtained, said Area 1’s CEO, Oren Falkowitz, who called the findings “incontrovertible” and posted an eight-page report. The timing of the operation raises the possibility that Russian agents could be searching for material damaging to the Bidens or scheming to plant forged data and sow misinformation online.
The House of Representatives impeached Trump in December for abusing the power of his office by enlisting the Ukrainian government to investigate Biden, a political rival, ahead of the 2020 election. A second charge accused Trump of obstructing a congressional investigation into the matter.
“Our report doesn’t make any claims as to what the intent of the hackers were, what they might have been looking for, what they are going to do with their success. We just point out that this is a campaign that’s going on,” said Falkowitz, a former National Security Agency offensive hacker whose company’s clients include candidates for U.S. federal elected offices.
In an earlier interview, he said the campaigns of top candidates for the U.S. presidency and House and Senate races in 2020 have in the past few months each been targeted by about a thousand phishing emails. Falkowitz did not name the candidates. Nor would he name any of his company’s clients.
Burisma did not respond to a request for comment. A spokesman for Biden said in a statement that the incident shows that not just Trump but also Russian President Vladimir Putin “sees Joe Biden as a threat.”
Some cybersecurity experts cautioned against blaming Russian military agents without more evidence, however, saying the report indicates Area 1 investigators didn’t have access to Burisma’s internal logs and compromised email accounts in making the determination.
“That’s problematic,” tweeted Thomas Rid of Johns Hopkins. “Caution advised based on what we currently know.”
And while many experts said it’s a good bet the phishing amounts to a Kremlin attempt to smear the Bidens, there are other possibilities.
Michael Connell, a former Army intelligence officer and researcher at the government-funded Center for Naval Analyses, notes that Russian agents have previously attacked energyrelated computer systems in other countries, most notably Germany.
“The goal of the hackers was probably information gathering, but it also likely included creating backdoors to allow future access (for intel or destructive cyberattacks),” he wrote in an email.
Russian hackers from the GRU, the same military unit that Area 1 said was behind the operation targeting Burisma, have been indicted on a charge of hacking emails from the Democratic National Committee and the chairman of Hillary Clinton’s campaign during the 2016 presidential race.
Stolen emails were released online at the time by Russian agents and WikiLeaks in an effort to favor Trump, special counsel Robert Mueller determined in his investigation.
Area 1 discovered the phishing campaign by the Russian military intelligence unit on New Year’s Eve, said Falkowitz, who would not discuss whom he notified before going public or whether Burisma shared information with his company. He said he followed the industry standard process of responsible disclosure, which would include notifying Burisma.
Joan Donovan, a Harvard University disinformation expert, said one of the most dangerous possibilities would be data theft spiced with forgeries — and subsequently leaked. That reportedly happened in 2017 when emails related to the campaign of President Emanuel Macron of France were stolen and published online — with some fakes included— just ahead of his election.
She called the Burisma incident “testament to the fact that we have not paid enough attention to email security” when the consequences of a leak are so high for businesses, politicians and journalists in particular.
“Email is unfortunately the way that we’ve come to do business but email has become a serious, serious vulnerability,” she said.