Cyber experts finds evidence of Russian link behind Democratic party hack

22 Dec 2016

Security firm CrowdStrike claimed today that it had uncovered convincing evidence that tied Russia's GRU intelligence to the hack of the Democratic National Committee (DNC). It claimed the evidence formed part of a bizarre tale of an Android app developed by a Ukrainian military officer.

CrowdStrike, which helped the DNC with the investigation of its notorious breach earlier this year, said it had uncovered Android malware used by the so-called Fancy Bear crew in June 2016. Fancy Bear is widely suspected to be the group behind the hacks on the DNC as also Democratic Congressional Campaign Committee hacks.

CrowdStrike added that the spyware was hiding inside an app developed by Yaroslav Sherstuk, a Ukrainian artillery officer. The spyware was designed to help expedite the processing of targeting data for the Soviet-era D-30 Howitzers that he was using, CrowdStrike said.

Since it was not an official government project, Sherstuk shared the app across forums visited by fellow army personnel, according to CrowdStrike CTO and co-founder Dmitri Alperovitch. 

He added that Fancy Bear inserted its malware into the apps, which would reveal the location of the host Android phone and allowed Fancy Bear to snoop on infected devices. 

Alperovitch said ''we have high confidence'' it was a unit of the Russian intelligence agency GRU, The Washington Post reported. The unit had been dubbed ''Fancy Bear'' by CrowdStrike.

Though the FBI, which had been investigating Russia's hacks of political, government, academic and other organisations for several years, had privately drawn the same conclusion without publicly linking them to the GRU.

How the Russian hackers got into the DNC's networ

''The GRU is used for both tactical intelligence collection in the battlefield in support of Russian military operations and also strategic active measures or psychological warfare overseas,'' said Alperovitch, who is an expert on Russia and a senior fellow at the Atlantic Council, The Washington Post reported. ''The fact that they would be tracking and helping the Russian military kill Ukrainian army personnel in eastern Ukraine and also intervening in the US election is quite chilling.''