The murky world of highly competitive international sport means that some individual nation state players – and national intelligence agencies will go to extraordinary lengths (and illegal means such as a well-funded and highly effective disinformation campaigns) in order to maintain their positions as world class competitors and players on the global stage. Nations are not averse to bending or even breaking the rules. This is especially true when it comes to the use of performance enhancing drugs. Major transgressors have traditionally included countries from the former Soviet Union – including Russia, as well as China. But these campaigns only remain effective if the hackers are not caught. Recently the United States has exposed state sponsored Russian hackers and accused them of posing a persistent threat across a number of areas – including ‘Black Hat’ operations to engage in disinformation campaigns and discredit anti-doping officials (and U.S. athletes themselves) following negative reporting on the use of illegal performance enhancing drugs during the Sochi Olympics of 2014.
Justice Department allegations against Russian hackers
The American Justice Department claims that GRU officials were hard at work undermining the advocacy actions (aimed at investigating and putting an end to Russian doping) of anti-doping organizations for an extended period. Targets included officials and athletes. The GRU is known as the Main Directorate of the General Staff of the Armed Forces of the Russian Federation – one of the most influential players in the Russian intelligence services and a hotbed of Russian hacker activity and major supporter of the persistent threat that is posed by Russian intelligence operations.
It is claimed that the activities of the GRU are a reaction to the exposure of state sponsored doping campaigns in 2015. According to the U.S. Department of Justice indictment, the defendants stole and disseminated the personal information of several prominent anti-doping officials and 250 athletes following the 2014 Sochi Olympics.
The GRU-trained hackers stand accused of identity theft, including the theft of login credentials via traditional phishing techniques. These login credentials were then supplied to hackers who used the cover of a hacktivist group named the ‘Fancy Bears’. The login credentials could then be used to gain access to the medical profiles of certain athletes.
The hacking activity began just after Russia was banned from the Olympics due to state sponsored doping revelations. The International Olympic Committee limited Russian athletes’ participation in the 2016 Games. The IOC also banned Russia from the 2018 Olympics, though some Russian athletes, who were cleared of doping charges were allowed to participate under the Olympic flag. It was after this embarrassment that the hackers began to target U.S. and international entities (and at least one corporation) seen as being hostile to Russia’s strategic interests.
A campaign of distraction
The purpose of the hacking campaign seems clear. Take the case of four-time Olympic gold medalist runner Mo Farah. The ‘Fancy Bears had gained access to his “biological passport.” This set of information tracks the blood data of athletes in order to monitor the possibility of doping. The group then posted the contents of Farah’s profile over social media, pointing to results that claimed he was “likely doping.” By use of this method, the hackers were able to turn media attention away from accusations of Russia’s structured and well planned campaign of doping. The GRU was focused on pointing the finger at other countries as well. The DoJ indictment claims that the hackers spoke to 186 different reporters in order to “amplify the exposure” of their message. This is only one of the examples of the persistent threat posed by hackers supported by a number of intelligence operations across the globe.
According to Attorney General Jeff Sessions, “State-sponsored hacking and disinformation campaigns pose serious threats to our security and to our open society, but the Department of Justice is defending against them.”
Department of Justice announces further charges
The charges against the seven Russian GRU members have now moved beyond accusations of hacking. The seven GRU operatives now face charges relating to “persistent and sophisticated criminal cyber intrusions.” The additional charges include wire fraud, money laundering and identity theft.
The Russian hackers used a variety of tactics during the extended campaign, including spear-phishing, distributed denial of service attacks, spoofing legitimate web domains, and using cryptocurrencies to cover their tracks. Three of the defendants were also charged as part of the Mueller investigation regarding hacking the Democratic National Convention in an attempt to compromise the U.S. election infrastructure in 2016.
In other activities the hackers also targeted a Pittsburgh based nuclear energy company that provides fuel to Ukraine. The GRU operatives also allegedly targeted an anti-chemical weapons organization in the Netherlands, and later planned to target a Swiss chemical laboratory, but they were disrupted by Dutch authorities. International security cooperation has also revealed that the Russian hackers have also posed a persistent threat in other countries across the globe.
A laptop belonging to one of the four was also linked to Brazil, Switzerland and Malaysia — while the activities in Malaysia were related to the investigation into the 2014 shooting down of flight MH17 over Ukraine.
It also revealed that the Russian hackers had also made searches for the Organization for the Prohibition of Chemical Weapons (OPCW) affiliated Spiez laboratory in Switzerland — which the Swiss last month said had been targeted by Russia.
U.S. Attorney Scott W. Brady of the Western District of Pennsylvania commented to the Department of Justice, “They cheated; they got caught. They were banned from the Olympics. They were mad, and they retaliated. And in retaliating, they broke the law—so they are criminals.”
Russian hackers identities exposed
As a result of the indictment, the Russian hackers, all of whom are Russian citizens and are believed to be living in Russia have been identified by name in an FBI bulletin – emphasizing that they are wanted by the FBI. In part that bulletin reads:
“These individuals should be considered armed and dangerous and international flight risk and an escape risk.”
The Netherlands also took the “unusual and powerful” step of releasing details of an intelligence sting (including the names of four of the Russian hackers) in order to bring Russia to account after Dutch agents found electronic equipment in a boot of a car on April 13 of 2018 – equipment that was designed to intercept the OPCW’s Wifi and login codes, gaining access to extremely sensitive information about the use of chemical weapons. Included in the hi-tech haul was an antenna hidden in the back of the car, facing the chemical weapons watchdog.
“I do not think that Moscow has a nice day, because it is impossible for them to deny what has come out,” the Dutch PM told a local broadcaster.
It is clear that the Russian hackers will no longer have the benefit of anonymity which state-sponsored cyber criminals prize. The persistent threat posed by these cyber criminals has led to the public identification the Russian hackers in an move, known as “naming and shaming,” which hampers their ability to operate in a state of anonymity, particularly in traveling outside Russia.
Vigilance and cooperation are required
It appears that the international community, including the United States is under no illusion regarding the persistent threat that is posed by state sponsored hacking activity. The deteriorating relationship between the U.S. and both China and Russia may very well have contributed to the ongoing Russian hacker activity. What appears to be clear is that all of these players are jostling for influence on the global stage. It is also apparent that nations states will continue to launch attacks designed to undermine the activities of both governments and private enterprise.
The challenge is for organizations – and government to reign in these activities. However, it may be may be beyond the capacity of a government – even one as proactive and powerful as the United States to handle the persistent threat on its own. The scale and sophistication, as well as the geographic location and the extended periods of activity of those involved in state sponsored hacking activities will mean that an international approach to enhanced security measures is required – and this is an approach that seems to be bearing fruit judging from the multinational efforts that have resulted in the revelations concerning Russian hackers.