Friday, July 13, 2018|3:57 p.m.
PARIS– On the morning of March 19, 2016, Den Katenberg ran a little test with big stakes.
The previous week, Katenberg’s hacking crew had actually been bombarding the Hillary Clinton project’s email accounts with phony Google cautions, trying to get her Brooklyn-based staff to panic, enter their passwords and open their digital lives to Russia’s intelligence services.
However the going was difficult. Even when Clinton staffers clicked the malicious links Katenberg crafted, two-factor authentication– a second, failsafe password test– still kept him out of their accounts.
After a day of screening on March 18, he took a different tack, striking the Clinton’s project staff at their personal– and typically less safe and secure– Gmail addresses. At 10:30 the next early morning he performed one last experiment, targeting himself at his own Gmail address to make sure his messages weren’t being blocked.
An hour later on he sent a barrage of brand-new destructive messages to more than 70 individuals, including one to Clinton project chair John Podesta. By the end of the day, he ‘d won access to one of the most important inboxes in American politics.
On Friday, the United States unique counsel said Katenberg was an alias utilized by Lt. Aleksey Lukashev, an e-mail phishing specialist with System 26165 of Russia’s Main Intelligence Directorate, frequently abbreviated GRU.
Katenberg, who did not return multiple messages looking for remark, has actually remained in The Associated Press’ sights since his email was recognized among a massive hacker struck list handed to the news firm by Secureworks last year.
It was that 19,000-line database that permitted the AP to reconstruct Katenberg’s digital motions, logging every harmful link he and his colleagues developed in between March 2015 and May 2016.
The data show that the destructive e-mails can be found in waves, some 20 or 30 of them at a time, aimed at diplomats, journalists, defense professionals and other Russian intelligence targets across the world. Between the waves, often only an hour or a few minutes before a significant project, the hackers sent test emails to their own accounts to make sure they might still dodge Google’s spam filters.
Katenberg’s GRU hacking group, commonly nicknamed “Fancy Bear,” was locked in an arms race with the email giant. Every couple of months, Google would cotton on to the group’s methods and begin obstructing its messages. The Secureworks list, together with more than 100 other phishing e-mails recuperated from spying victims, showed how the GRU would react by shooting up a new batch of harmful websites, moving on to a brand-new link reducing service, or attempting a brand-new brand name of phishing message meant to tempt its receivers into giving up their qualifications.
“Someone has your password,” was one particularly dire-sounding message sent by the GRU to a DNC staffer on March 25, 2016. Some messages used their targets’ fears of being hacked. One offered Gmail users a harmful “Anti-Phishing Guard App” to protect themselves from cybercriminals. Another particularly twisted message alerted a Russian reporter that “Government-backed enemies might be trying to take your password”– before directing him to a booby-trapped link.
However as excellent as the hackers were at drawing out passwords from their victims, they also made mistakes.
For example, the Gmail address Katenberg used to test-drive his phishing messages on March 19, 2016, was likewise utilized to sign up a Den Katenberg Twitter account, inning accordance with Twitter’s “Discover buddies” function.
It’s by no means clear that the account’s black-and-white photo, which reveals a young man in a black sweater resting his head against his hand and smiling into the cam, comes from Lukashev. As the indictment noted, Fancy Bear consistently swindled the identities of others online. In any case, the Twitter account appears to be inactive.
But Lukashev may not be resting easy. For years he and his colleagues are alleged to have actually hunted America’s secrets.
Now American prosecutors are after his.