President-elect Donald Trump may dispute the fact that Russia had a hand in the DNC hacks, or that these hacks helped him win the election, but more and more sources indicate that it was Russia who accessed the DNC’s network. A new report suggests that the same spy tools that may have been used to infiltrate Ukrainian army Android devices and turned them into tracking beacons may have been employed in the DNC hack.
Cybersecurity firm CrowdStrike which investigated the DNC hack linked the malware used to attack the Democratic party to a malware used on Android phones utilized by the Ukrainian army while fighting pro-Russian separatists in eastern Ukraine.
CrowdStrike’s co-founder Dmitri Alperovitch says the company has “high confidence,” that a unit of the GRU attacked the DNC. The findings match the FBI’s conclusion, although the bureau did not publicly mention the link to the GRU.
“The GRU is used for both tactical intelligence collection in the battlefield in support of Russian military operations and also strategic active measures or psychological warfare overseas,” the exec told The Washington Post. “The fact that they would be tracking and helping the Russian military kill Ukrainian army personnel in eastern Ukraine and also intervening in the U.S. election is quite chilling.”
The GRU team who crack the DNC’s network is dubbed Fancy Bear and a variant of this malware was used to attack an Android app developed by the Ukrainian army.
Said app was supposed to help artillery troops better train gun positioning and targeting. The Ukrainian military still uses D-30 towed guns dating back to the Soviet era, which require several minutes to reposition when calculations are done by hand. With the Android app, that time is reduced to 15 seconds.
But Fancy Bear hacked the Android app and then accessed the phone’s GPS coordinates to track movements of the Ukrainian troops. The D-30 guns became easy targets for the Russian forces. Ukrainian artillery forces lost more than 50% of their weapons in the two years of fighting, and more than 80% of their D-30 guns.
What’s impressive about the malware is that the GRU found a way to infect it. Obviously, the app is not available from the Google Play store, and it was distributed through the social media of the developer to trusted devices. It could be activated only after the developer was contacted and a code was issued to the individual who got the app.