Our servers and hacker attack on US Democrats: the continuation of the story

Our servers and hacker attack on US Democrats: the continuation of the story.

Last year, the Web talked a lot about the fact that the servers of the US Democratic Party were attacked by hackers who left a “Russian mark”. Recall that the attack was quite successful, with the result that hackers received gigabytes of data related to the political activities of a number of famous people. This is personal correspondence, party documents and everything else. James Klapper, director of national intelligence for the United States, said that behind this attack are hackers working in the interests of states such as Russia and China.
')
As it turned out, the “Russian trace” was discovered only because hackers used our servers (located, by the way, in the Netherlands) to work. Well, since we are a Russian company, hackers have become Russian. This month, we were approached by Forbes representatives with a request to tell us about what really happened. By the way, before this interview with Vladimir Fomenko, the head of the King-Servers, the journalists of the New York Times took. Some details of the interview are sure that Habra will be interesting.

Initially, Forbes journalists wondered what we thought about the situation voiced by the FBI. Then the representatives of the Bureau stated that six of the eight IP addresses used by the attackers belonged to our servers. After it became known about the “Russian trail”, NYT journalist Andrew Kramer came to us and asked about it in detail. He was provided with all the information on the case, in general, the interview was constructive.

But when the article was ready and published, it turned out that Kramer turned the words of Vladimir Fomenko against himself. The article, in particular, said that the head of the King Servers was connected with the attackers, and in general turned out to be almost the inspiration for all Russian cybercriminals. It is clear that the publication needs views of the material, but it turned out somehow very very ugly.

After that, we decided to contact the ThreatConnect organization, which helps various organizations to avoid various cyber threats or to determine who is behind this or that attack. Initially, it was ThreatConnect experts who determined that the hackers who attacked the servers of a political party in the United States used the King Servers server. The response from the management of this company was received fairly quickly. It said the following: “Based on the nature of the activities (of the perpetrators) and the fact that your resources were used by unidentified criminals, we offer to provide all the information to the Russian and US authorities so that we can begin a constructive and transparent dialogue. As for the article in the New York Times, the term "informational link" - the words of the author, not ours. We suggest you contact the author to resolve the problem. As for our published study, we simply determined that the IP addresses from which the attack was carried out are registered to you and your company. Please let us know if we can help you with anything else. ”

In general, everything is logical, unlike the NYT article. In fact, how can the use of our company's servers serve as evidence that Russian hackers are behind the burglary? The hosting company must operate in accordance with the business interests of customers and the laws of the countries where they operate. Well, yes - would it really have been experienced hackers who managed to carry out a successful attack on the servers of a political party, would not try to cover their tracks, working, in fact, directly? In addition, NYT pays attention to the "Russian servers" and does not mention the other two that are not related to the King Servers.



By the way, the Forbes journalist asked Vladimir Fomenko what he thinks about the burglars 'nationality, as well as about some other details of the hackers' identity. The answer was as follows: “We are not able to find out their nationality, nor are we aware of whether they really are hackers, since no one is investigating. All we know is that hackers have no nationality. ”

By the way, the company ThreatConnect, which conducted analysis regarding the source of the attack, said that after studying the situation, there are “more questions than answers”. The most interesting thing is that no one wants to get answers. None of the representatives of foreign companies and organizations that might be interested in a real investigation, requested anything that would clarify the situation with the source of the attack. Logs were not requested, no one asks to share payment information, which the attackers indicated when renting servers. Nothing.

In general, this is what happens when hacking is investigated not by technical specialists, but by journalists. I would like to hope that in the future the situation will become clearer - we ourselves are very interested in what happened in reality.

In conclusion, I just want to repeat that the King Servers works exclusively in accordance with the business interests of clients and the laws of the countries where they operate. And always will be. I would also like to quote comments from the head of King Servers in an interview: “We cannot be held responsible for the actions of third parties. It is the same as accusing Ilona Mask that Tesla has shot down some of the Democrats ... ”

PS: if someone is interested, the so-called “Russian footprint” used dedicated servers with Intel E3 processors, 8Gb RAM .