Meet The Ukrainian Hackers Targeting The Kremlin's Master Manipulator

KIEV, Ukraine -- As Russia stands accused of meddling with the U.S. election and waging war in the east of Ukraine, Americans, Brits and others have discussed, and threatened, retaliation. In Ukraine, hackers have long been biting back in earnest.


Russian Prime Minister Vladimir Putin, right, speaks to Vladislav Surkov.

Over the last two weeks, a group of hackers calling themselves The Cyber Alliance claim to have accessed significant tranches of emails linked to Vladislav Surkov, believed to be the mastermind of Russia’s misinformation tactics and one of Putin’s more surreptitious aides.

Surkov was, in 2014, placed on a U.S. sanction list for his role in Russia’s dealings in Ukraine.

In his recent documentary Hypernormalization, Adam Curtis described Surkov’s ability to create instability by simultaneously spinning contradictory stories, pointing to the West’s befuddlement over Russia’s support of the Syrian regime.

Curtis previously called him “a ruthless manipulator of modern politics.”

The Alliance is made up of various groups, going by the names CyberJunta, Falcons Flame, Trinity and RUH8.

One of Cyber Alliance’s members, from RUH8, spoke with FORBES over encrypted chat on Thursday morning, shortly after they leaked the contents of an email account they claimed belonged to Maria Vingradova, an assistant to Surkov.

To date, the Alliance has claimed breaches of at least two accounts of individuals associated with Surkov.

The Kremlin, which hadn’t responded to a request for comment at the time of publication, previously stated Surkov does not use email.

The hacks look real 

To prove the Vingradova hack was genuine, RUH8 asked me to send an email to Vingradova’s personal address (pochta_mg@mail.ru), which I duly did.

The hacktivist then returned a screenshot showing a copy of my email hitting Vingradova’s email address, before linking to emails the group had leaked stored in Google Drive.

The Cyber Alliance still had access to Vingradova’s account then?

“We changed all credentials and contacts of the mailbox, including recovery options. Since it’s not an official mailbox in the gov.ru zone it is easier for them to create new mailboxes instead of recovering the hacked one,” RUH8 said.

RUH8 was reluctant to say just how Vingradova’s account, or those belonging to other Kremlin officials, were breached in the first place.

“Generally speaking we used everything we could – software exploits, bruteforce, phishing, vulnerabilities on servers and other stuff. Does it really matter which particular tool was used against Surkov?”

The group had previously leaked emails from an @gov.ru account, prm_surkova@gov.ru, supposedly belonging to Surov’s reception office.

So far, the Alliance has released 1.4GB of data from inboxes of people linked to the master manipulator, RUH8 said.

They are yet to find anything especially egregious, however.

Aric Toler, who has been looking at the leaks for open source journalism outfit Bellingcat (itself a target of Russia’s hackers), believes RUH8 and the Alliance really did breach those email accounts.

But he isn’t sure about the quality of information being leaked.

“The leaks seem credible. We haven’t verified every piece of information in there, but from the emails I have looked at, there are no signs of forgery,” Toler told me.

Many of the folks who were in the last inbox have confirmed their correspondence.

The mails do at least appear to discuss separatist Russian republics in Ukraine, believed to be sponsored by the Kremlin.

And as the BBC noted, one document contained an image of a Ukraine divided into three parts: New Russia in the east, Lesser Russia in the center and Galicia to the west.

“[It's] probably not damaging at all. Most of the info in here is stuff that we already knew, or suspected. There are no real bombshells… there are maybe some possible corruption cases to dig up from pay-to-play and such. But, if I had to say, I’d predict that no real change will come from these, outside of some embarrassment for Surkov,” added Toler.

Perhaps the most bizarre file to have leaked thus far is a script written by Yury Bykov, a reputed screenwriter and director.

The film was titled Volunteers and focused the war in the Donbass region of Ukraine.

‘We want to win the war’ 

The Alliance doesn’t want the war to just stop, said RUH8, it wants Ukraine to force Russia out.

“It’s written in our Constitution: ‘protecting sovereignty and territorial integrity of Ukraine is a duty of every citizen.’ It sounds like a slogan, but it’s true. We want victory in the war. “We [want to] force Russia to leave Donbass, return Crimea, build a 10 meter-high wall on the border with Russian Federation and cover losses.” 

But will hacks aimed at Surkov help?

“We uncover plans of pro-Russian separatists (including military and police), we track the traitors on our side, we passed on intel to the law enforcement agencies (though we never cooperate directly). There are a lot of things to do,” RUH8 said.

“One thing then you knew that Russia is backing the unrest here in Ukraine, and the other one is to prove it. We share the proofs. We gather intel. I think it helps.”

As for what’s next for RUH8 and its co-hackers, the Alliance spokesperson claimed to have access to emails of a top Putin communications staffer, Dmitry Peskov.

“We have other interesting stuff from the president’s administration of Russia, tons of stuff,” RUH8 added.

Meanwhile, Russia has another threat to contend with: U.S. hackers.

A report from NBC Friday cited senior intelligence officials, who indicated America’s cyber specialists have already compromised Russia’s critical infrastructure, including its electric grid and telecoms networks, in preparation for any necessary retaliation to the targeting of the election.

Fears that Russia will interfere with the election were stoked by a hacker going by the name of Guccifer 2.0, who on Friday encouraged others to target the vote on Tuesday.

Source: Forbes

Comments