Click to Skip Ad
Closing in...

Hacking the DNC and the Ukrainian army have one thing in common: Russia

Published Dec 22nd, 2016 7:45AM EST
BGR

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

President-elect Donald Trump may dispute the fact that Russia had a hand in the DNC hacks, or that these hacks helped him win the election, but more and more sources indicate that it was Russia who accessed the DNC’s network. A new report suggests that the same spy tools that may have been used to infiltrate Ukrainian army Android devices and turned them into tracking beacons may have been employed in the DNC hack.

Cybersecurity firm CrowdStrike which investigated the DNC hack linked the malware used to attack the Democratic party to a malware used on Android phones utilized by the Ukrainian army while fighting pro-Russian separatists in eastern Ukraine.

CrowdStrike’s co-founder Dmitri Alperovitch says the company has “high confidence,” that a unit of the GRU attacked the DNC. The findings match the FBI’s conclusion, although the bureau did not publicly mention the link to the GRU.

“The GRU is used for both tactical intelligence collection in the battlefield in support of Russian military operations and also strategic active measures or psychological warfare overseas,” the exec told The Washington Post. “The fact that they would be tracking and helping the Russian military kill Ukrainian army personnel in eastern Ukraine and also intervening in the U.S. election is quite chilling.”

The GRU team who crack the DNC’s network is dubbed Fancy Bear and a variant of this malware was used to attack an Android app developed by the Ukrainian army.

Said app was supposed to help artillery troops better train gun positioning and targeting. The Ukrainian military still uses D-30 towed guns dating back to the Soviet era, which require several minutes to reposition when calculations are done by hand. With the Android app, that time is reduced to 15 seconds.

But Fancy Bear hacked the Android app and then accessed the phone’s GPS coordinates to track movements of the Ukrainian troops. The D-30 guns became easy targets for the Russian forces. Ukrainian artillery forces lost more than 50% of their weapons in the two years of fighting, and more than 80% of their D-30 guns.

What’s impressive about the malware is that the GRU found a way to infect it. Obviously, the app is not available from the Google Play store, and it was distributed through the social media of the developer to trusted devices. It could be activated only after the developer was contacted and a code was issued to the individual who got the app.

Chris Smith Senior Writer

Chris Smith has been covering consumer electronics ever since the iPhone revolutionized the industry in 2008. When he’s not writing about the most recent tech news for BGR, he brings his entertainment expertise to Marvel’s Cinematic Universe and other blockbuster franchises.

Outside of work, you’ll catch him streaming almost every new movie and TV show release as soon as it's available.