Russian Hackers Indicted

GRU Military Intelligence Officers Targeted Anti-Doping Organizations, Other International Agencies

FBI Cyber Division Deputy Assistant Director Eric Welling speaks at an October 4, 2018 press conference at the Department of Justice announcing charges against seven Russian hackers.

During a press conference today at the Department of Justice in Washington, D.C., FBI Cyber Division Deputy Assistant Director Eric Welling discusses computer intrusion and related charges against seven Russian GRU officers as Western District of Pennsylvania U.S. Attorney Scott W. Brady (left) and Royal Canadian Mounted Police Director General Mark Flynn look on.

Seven Russian government operatives have been charged with hacking into the computer networks of organizations working to investigate and stop Russian athletic doping, just after Russia was banned from the Olympics due to state-sponsored doping revelations. The hackers also allegedly targeted other international entities seen as thwarting Russia’s strategic interests.

According to an indictment unsealed today in federal court in Pittsburgh, beginning in 2014, the defendants, who worked in Russia’s Main Intelligence Directorate (GRU), engaged in “persistent and sophisticated criminal cyber intrusions.” The GRU operatives hacked U.S. and international anti-doping agencies, anti-doping officials, other international organizations, and one major corporation. The charges against the defendants include conspiracy to commit computer fraud, conspiracy to commit wire fraud, wire fraud, aggravated identity theft, and conspiracy to commit money laundering.

After Russia was found to have engaged in state-sponsored doping during the 2014 Sochi Winter Games, the International Olympic Committee limited Russian athletes’ participation in the 2016 Games. The IOC also banned Russia from the 2018 Olympics, though some Russian athletes, who were not doping, were allowed to participate under the Olympic flag.

When anti-doping organizations began investigating and speaking out publicly against Russia’s actions, the hackers began intruding into their networks, according to the indictment. The FBI investigation found that these hackers worked remotely from Russia as well as on the ground in several other countries.

For example, during the 2016 Summer Games in Rio de Janeiro, Brazil, the GRU agents sent spear-phishing e-mails that enabled them to find the credentials of an anti-doping official, providing access to sensitive databases. Additionally, coordinating with hackers back in Russia, two members of the group traveled to Rio on another occasion to engage in “close access” cyber operations on a hotel Wi-Fi network that anti-doping officials were using. This gave them access to an anti-doping official’s e-mail account with sensitive information in it.

The hacks were conducted as part of an influence and disinformation campaign designed to undermine and delegitimize organizations that exposed Russia’s state-sponsored doping, expose private health information about athletes from other countries, and damage the reputations of other international athletes by falsely claiming they were using banned substances.

“The GRU is breaking traditional international norms—and the law—in using cyber tools and resources in the fashion that they have.”

Eric Welling, deputy assistant director, FBI Cyber Division

After the 2016 Olympics, according to the indictment, the Russians published the private information they stole—including nearly 250 athletes’ personal medical information—using the Fancy Bears hacktivist group website and social media accounts. In some cases, the Russians modified the information to make it look as though non-Russian athletes were doping who were not actually doing so.

“This began with a disclosure of a Russian state-sponsored doping program for its athletes. In other words, Russia cheated,” said U.S. Attorney Scott W. Brady of the Western District of Pennsylvania at a news conference today at the Department of Justice in Washington, D.C. “They cheated; they got caught. They were banned from the Olympics. They were mad, and they retaliated. And in retaliating, they broke the law—so they are criminals.”

The indictment describes a variety of tactics used by the Russian hackers during this campaign, including spear-phishing, distributed denial of service attacks, spoofing legitimate web domains, and using cryptocurrencies to cover their tracks.

As a result of the indictment, the operatives, all of whom are Russian citizens and are believed to be living in Russia, will no longer have the benefit of anonymity—which is prized among state-sponsored cyber criminals. Publicly identifying the hackers in an indictment, known as “naming and shaming,” hampers their ability to operate, particularly in traveling outside Russia.

Screenshot of Wanted Poster for seven Russian GRU agents wanted for their efforts to undermine anti-doping efforts through hacking.

Select image to access poster and related information.

“These activities by Russian GRU officers move well beyond acceptable government intelligence operations. The GRU is breaking traditional international norms—and the law—in using cyber tools and resources in the fashion that they have,” said FBI Cyber Division Deputy Assistant Director Eric Welling. “The FBI considers any criminal activity conducted by nation-state actors, especially those leading to the violation of Americans’ privacy or interference in our economy, to be a matter of national security.”

In addition to the sports-related hacking, beginning in 2014, the Russian conspirators allegedly targeted, via spear-phishing attacks, a Pittsburgh-based nuclear energy company that provides nuclear fuel to Ukraine. The Russians also allegedly targeted an anti-chemical weapons organization in the Netherlands, and later planned to target a Swiss chemical laboratory, but they were disrupted by Dutch authorities.

The FBI investigated the intrusions in close partnership with the United Kingdom National Security and Intelligence Agencies, the Defense Intelligence and Security Service of the Netherlands, the Royal Canadian Mounted Police, and the Office of the Attorney General of Switzerland.