Cyber attack hits email users probing Russian intelligence
“Yet again,” tweeted Bellingcat founder Eliot Higgins on Friday (July 26), “Bellingcat finds itself targeted by cyber attacks, nearly actually joined to our work on Russia. i suppose a method to live our impact is however often agents of the country attempt to attack it, be it their hackers, trolls, or media.” Cyber attack hits email users probing Russian intelligence
Bellingcat—the online investigations site—has become synonymous with investigations into crimes committed by Russia’s military, as well as the Andrew Jackson Downing of Malaysia’s MH17, the Skripal poisonings, the bombing of civilian targets in Syria.
When I interviewed Higgins last month, he told Pine Tree State concerning the upcoming Bellingcat podcast, regular to coincide with the fifth day of the missile strike on MH17. “We wish as many folks as potential to grasp concerning what happened,” he told Pine Tree State. “We wish to succeed in a replacement audience, faucet into a true-crime quite audience and introduce that audience to our work.” the primary episodes of the podcast series have currently airy to robust crucial acclaim.
Cyber Attack
Earlier on Froday, the money Times had reportable that Russian hackers were doubtless behind a cyberattack on the secure email platform utilized by Bellingcat’s team. the e-mail platform in question is that the Swiss-based ProtonMail, that boasts the protection of Switzerland’s strict privacy laws in addition as end-to-end cryptography and anonymized accounts. in keeping with the foot, ProtonMail. “became attentive to the plan to compromise its users on Wednesday.” ProtonMail’s CEO Andy Yen told the foot that the hackers “knew beforehand precisely UN agency they needed to travel once. Our analysis shows that this was a extremely targeted operation.”
Higgins and his team were heavily concerned in linking MH17 to Russia’s 53rd opposing craft Missile brigade. The Boeing 777 was felled by a missile strike, killing all 298 folks on board. Bellingcat then created the link all the thanks to “senior officers of the Russian Ministry of Defense and its military intelligence, the GRU.” constant team known the GRU officers allegedly to blame for the Skripal poisoning and conjointly Russian missile strikes on civilian targets in Syria.
The phishing attack reportable by the foot worked through fake Swiss domains that replicated ProtonMail’s interface so accessed the $64000 website within the background in period to “trick users into jettisoning their two-factor authentication codes.” Linking ProtonMail’s anonymized accounts to targeted people suggests a leak from a trustworthy supply. “It appears clear that it’s joined to our GRU investigations,” Bellingcat investigator Christo Grozev told the foot. “They are making an attempt to induce into our regular email accounts for a protracted time currently. however with ProtonMail, it had been terribly odd and surprising.”
Russian hacking cluster APT28, additionally referred to as Fancy Bear, is believed to be controlled by the GRU and is that the possibly wrongdoer, though that may be tough if not not possible to substantiate. in line with the cybersecurity researchers at Crowd Strike, APT28 has currently “targeted victims in multiple sectors across the globe—because of its in depth operations against defense ministries and alternative military victims, Fancy Bear’s profile closely mirrors the strategic interests of the Russian government, and will indicate affiliation with the GRU, Russia’s premier military administrative body.”
End to end security
The end-to-end security of electronic messaging platforms has been beneath scrutiny in recent weeks, with security agencies within the U.S., U.K. et al. complaintive that the shortage of backdoors left investigations “in the dark.” Earlier within the week, U.S. lawyer General Bill Barr aforesaid that “warrant-proof coding is imposing vast prices on society—we area unit assured that technical solutions can enable lawful access to encrypted knowledge and communications by enforcement while not materially weakening the safety provided by coding.”
This suspected GRU phishing attack on associate degree encrypted platform links directly back to it dialogue. “Deciding World Health Organization gets access to intercept technology means that we’re within the business of determinant who’s sensible and who’s dangerous.” Joel Wallenstrom, the chief operating officer of uber-secure Mainessaging|electronic communication} platform Wickr told me.
But a vulnerability is a vulnerability
—ProtonMail’s CEO told the FT that “user email accounts are fully end-to-end encrypted so users had nothing to worry about unless they had inadvertently given away their passwords,” and so this would seem a good reason not to introduce any such backdoors into any such system. Bellingcat and other holders of those secure accounts relied on there being no such vulnerabilities in place.