Bears with keyboards: Russian hackers snoop on West

By Andrei Soshnikov
BBC Russian

Image source, Screenshot - fancy bears
Image caption,
The hackers boast about their campaign on their website

The hackers' group Fancy Bear - believed to be Russian - has published more Olympic athletes' medical files, including those of British gold medallists Mo Farah and Helen Glover.

They hacked into the World Anti-Doping Agency (Wada) database, and began revealing athletes' confidential details on 13 September.

The records mostly detail therapeutic use exemptions (TUEs), which allow athletes to take banned substances for verified medical needs.

US Olympic stars were targeted in the first hack, including tennis champions Venus and Serena Williams, gymnast Simone Biles and basketball player Elena Delle Donne.

The chain of politically-motivated attacks from Russia on Western electronic systems dates back to the mid-2000s. The hackers responsible compete with each other, sometimes repeating the same attacks.

Dmitri Alperovitch, chief technical director of cyber security company CrowdStrike, said: "We've seen how two Russian espionage groups hack the same systems to steal the same data. Western secret services don't usually do this, as they are anxious not to harm each other's operations."

Cyber security specialists also know Fancy Bear by other names - CozyDuke, Sofacy, Pawn Storm, APT 28, Sednit and Tsar Team.

'Excellent devices'

In July Mr Alperovitch accused Fancy Bear of hacking the computer networks of the American Democratic National Committee (DNC), although publicly a previously unknown hacker called Guccifer 2.0 had claimed the hack.

Image source, AP
Image caption,
With the US presidential election looming the Democrats' computers in Washington were hacked

"We have a lot of experience of fighting these groups," Mr Alperovitch wrote. "They are some of our most powerful enemies among all the many government and criminal activists and terrorist hacker groups we encounter on a daily basis. They have excellent devices and their operational security is second to none."

He believes the group's actions, like a hack on the German parliament (Bundestag) network, or publishing Islamist propaganda on France's TV5Monde news website, fit in with the Kremlin's strategy.

Mr Alperovitch thinks Russia's Federal Security Service (FSB) and Russian Military Intelligence (formerly the GRU) compete with each other where their areas of responsibility overlap in cyber warfare.

In the attack on the DNC's systems CrowdStrike did not find any evidence of co-operation between Fancy Bear and another suspected Russian group - Cozy Bear.

Cyber security companies Fidelis Cybersecurity, SecureWorks, ThreatConnect and others have all, like CrowdStrike, reported links between Fancy Bear, Cozy Bear and the Russian secret services.

But Russian presidential spokesman Dmitry Peskov declared that Moscow was ready to help Wada fight hacking if requested to do so.

The line between criminal hackers and political activist hackers is fuzzier in Russia than in the West.

Cyber warfare

Image source, AFP
Image caption,
Estonia's relocation of a WW2 Soviet statue infuriated Russian patriots in 2007

Links between Russian hackers and security services were first mentioned in 2007 when the websites of the Estonian government and governing Reform Party were deliberately crashed, during a row over the removal of a bronze statue of a Soviet Red Army soldier from a square in Tallinn.

On 20 July 2008, about two weeks before Russia's military intervention in South Ossetia, former Georgian President Mikheil Saakashvili's site went down for 24 hours.

During the brief August war a collage of photos of Mr Saakashvili and Adolf Hitler appeared on the site.

Cyber security analyst Jart Armin noticed that the servers used for the cyber attack on Georgia were connected to a group of St Petersburg hackers going by the strange name "Rossiiskaya Biznes Set" (Russian Business Network). In 2000 that group was infamous for cybercrime, spamming, spreading viruses, child pornography and phishing emails.

Not all Russian hackers choose targets outside the country. Anonymous International was infamous for publishing Russian government documents and private correspondence between Russian officials, businessmen and politicians.

Some hackers focus on crime. In June 2016 the FSB and Russian interior ministry stopped a group of 50 hackers suspected of stealing nearly 1.7bn roubles ($26m; £20m) from Russian banks.

Organised crime

Image source,
Image caption,
This Russian wanted in the US is reported to be living comfortably in a Russian Black Sea resort

Experience shows groups involved in crime who do not co-operate with Russia's special services are at great risk of punishment, especially if they fail to keep physically distant from their target countries.

In April 2016, a former resident of Tver, Alexander Panin, was sentenced to nine-and-a-half years in prison in the US for creating the SpyEye virus which infected 50 million computers.

His Algerian accomplice, Hamza Bendelladj, was sentenced to 15 years. Using a Trojan virus, they managed to steal $3.2m in six months.

Panin ended up in court in July 2013 when he flew to see a friend in the Dominican Republic. After his arrest he was quickly extradited to the US.

In late 2015 Alexei Burkov from St Petersburg was detained in Israel after an arrest warrant was issued by Interpol. He was suspected of hacking into payment systems and stealing several million dollars from US citizens' credit cards.

On the other hand, Yevgeny Bogachev is officially wanted by the FBI for creating a botnet - a computer zombie network - called GOZ, and causing $100m worth of damage, according to the Telegraph.

Yet he lives in an apartment in the Black Sea resort of Anapa, drives an old Volvo with a sticker saying "computer repairs" and occasionally goes sailing on a yacht. His neighbours admire him for his "achievements" and the Russian authorities have no intention of handing him over.

The four countries reckoned to have the most cyber criminals are the US, Russia, China and India. Hackers in Iran and North Korea have also made their mark internationally.

A survey at an international conference on cybersecurity in 2014 by the British company MWR InfoSecurity showed that 34% considered Russian hackers the most powerful in the world, while 18% rated Chinese hackers as the most powerful.

Around the BBC