Julian Assange said that he considers Hillary Clinton his personal enemy. So he helped Fancy Bear hackers publish stolen documents from the National Democratic Party Committee.

Conspiracyologists from among Western officials and security experts have recently been actively discussing the topic of Russian hackers, who allegedly fulfill the orders of the Russian government. Is there really a cyber army in Russia or is it an invention? Who is engaged in cyber espionage and gets compromising on American politicians?

Start cyber war. Stuxnet

Cyber ​​war as opposition in cyberspace is one of the varieties of information warfare. Traditionally, Americans are strong on this front. It is considered almost certain fact that the famous computer worm Stuxnet was part of a secret hacker operation that was launched by Western countries. She was sanctioned at the highest level, that is, by the US president.

In June 2012, David Sanger 's book " Confront and Conceal: Obama's Secret Wars and Surprising Use of American Power " was published, which is called mandatory to read as a detailed description of how the United States uses its power outside the country. David Sanger is a well-known journalist, a two-time Pulitzer Prize winner, the chief of the New York Times Washington bureau, a member of the Council on International Relations, so you can trust his sources.
')
In the book, the author reveals the details of the operation "Olympic Games" , which was conducted by the United States and Israel against the Iranian nuclear program. Part of this operation was the Stuxnet worm, which was supposed to prevent Iran from developing nuclear weapons.

Stuxnet is the first known computer worm that intercepts and modifies the information flow between programmable logic controllers of the Simatic S7 brand and the workstations of the Simatic WinCC SCADA system from Siemens. The uniqueness of the program lies in the fact that for the first time in the history of cyber attacks, the virus physically destroyed the infrastructure, making small changes in the mode of operation of centrifuges to enrich uranium.

The virus used four vulnerabilities of the Windows system, including one 0day, spreading with the help of USB-drives. The presence of real digital signatures (two valid certificates issued by Realtek and JMicron) helped to go unnoticed.

The book "Confront and Conceal: Obama's Secret Wars and Surprising Use of American Power" describes how meetings were held with President Obama, who reported in detail about the progress of Stuxnet implementation. The president kept his finger on the pulse, he was informed about the progress and he approved each new stage. The author describes the meetings in the so-called control room according to the witnesses who were directly involved in the meetings.

Operation "Olympic Games" could forever remain unknown to the general public, probably, like many other secret US cyber operations, if not for one mistake. As sometimes happens, trouble happened due to a developer error. In the summer of 2010, due to a programming error, the program went beyond the Iranian systems and began to spread in the sky in search of Siemens P-1 centrifuges, and on June 17, 2010, it was first reported in the press. This was done by experts from the Belarusian antivirus company VirusBlokAda. According to the available information, the error was in the second version of the program, which, regardless of the Americans, was written by Israeli colleagues.

The author of the book writes that the first version of Stuxnet was written under former President George W. Bush by American experts in close cooperation with the specialists of the Israeli army. The program had a specific goal: to search for Siemens P-1 centrifuges, which are used to enrich nuclear fuel, and physically disable them. This was due to an unexpected decrease or increase in the speed of rotation of the centrifuges, so that in the end they broke. Reportedly, the operation was crowned with considerable success: the number of uranium enrichment centrifuges temporarily decreased from 5,000 to 4,000, and Iran’s nuclear program slowed down by a half to two years. At the same time, the authors of Stuxnet were able to replace the followers, so that Iranian experts wrote off the incident on mechanical problems of the equipment.

The purpose of the creation of Stuxnet was a peaceful solution to the problem - the Americans were very afraid that Israel would decide to bomb Iran’s nuclear facilities, and then the conflict could get out of control.

After the discovery of Stuxnet, the Iranian authorities significantly tightened the protection of the IT infrastructure and started talking about the country's complete isolation from the Internet. After capturing the American drone, they even pointedly stated that they were able to hack it - this was done in retaliation to the Americans in order to demonstrate to them the capabilities of the local Iranian hackers.

Apparently, the operation "Olympic Games" is the first time that the United States purposefully carried out an attack on the infrastructure of another state with the help of cyber weapons. This case can be officially considered the beginning of the current global cyberwar, in which many large countries have joined.

Chinese army

China does not hide the presence of hacker units in the state, which are no secret to anyone. In 2015, a new military doctrine of China was published, in which three types of existing divisions are directly spelled out:

1. Specialized military forces for network combat: defensive and offensive operations are called upon.
2. Groups of specialists from civil organizations authorized by the military leadership of the network operations. Among the “civil organizations” are the Ministry of State Security and the Ministry of Public Security.
3. “External actors” that can be organized and mobilized for network operations.

Earlier, public access was published details of the work of the so-called units 61398 (Shanghai), which is part of the People’s Liberation Army of China. This is one of the divisions that specializes in cyber operations. It is engaged in computer espionage and sabotage, mainly in English-speaking countries.

The study confirmed that the hacker group APT1 probably acts with government support, during the monitoring period APT1 systematically stole information from corporate servers of 141 organizations, hundreds of terabytes of files were stolen. In 97% of the 1905 reported attacks, hackers used Shanghai IP addresses and computers with the Simplified Chinese layout. The size of the hacker organization APT1 assumes tens or hundreds of participants. Mandiant specialists were able to identify three of them. There were several cases when Chinese hackers logged into their Facebook and Twitter accounts, which is impossible to do inside the Chinese firewall, and this facilitated the identification of individuals.

Below is a screencast from the computer of one of the Chinese hackers under the name of Doda, where you can see the contents of his mailbox and the programs used.


Another employee of the hacker unit 61398, whom the specialists of the company Mandiant deanonimized, says in their personal blog that they recruited immediately after the graduation from the university in 2006. One of the first tasks was the adaptation of the Back Orifice 2000 RAT program so that it would not be detected by antivirus programs. He successfully managed to circumvent the protection of McAfee, Symantec and Trend Micro, but he could not cope with Kaspersky.

Van Dun described another task: to write a virus that automatically detects any USB device connected to the computer and secretly copies all files from it. We managed to successfully cope with this task, and the commander was privileged, Wang writes.

“These are not elite superhackers,” said IT security specialist Richard Mogull in a commentary for the LA Times. “Someone wants to demonize these guys, but they are just soldiers of the first line of attack who do work for their country, they are not villains.”

Russia protects its hackers

It would be strange to assume that with the active actions of the American and Chinese cyber subdivisions, the Russian hackers will stand aside. According to some experts, the most advanced, numerous and professional hacker scene was formed in Eastern Europe. The problem is that for a long time its representatives were interested in money, but not in politics .

It began in the 90s, when millions of highly educated programmers simply had nothing to do with their strengths. There was no high-paying job in the country that matches their qualifications. At the same time, there were very favorable factors in order to earn good money by carding, extortion and hacking of western online stores. Here are the conditions:

• Computer illiteracy of the national police (in the 90s).
• The absence of relevant articles in the criminal code (after their appearance - the softness of sentences for computer crimes).
• Security from extradition.

About extradition. Russia has never betrayed the United States of its hackers, even after the most high-profile crimes. So the Americans had to lure them out in cunning ways, allegedly inviting them to work as a programmer Dmitry Sklyarov from the hacker company Elcomsoft, who hacked into protecting e-books in Adobe PDF format.

Or spending arrests in friendly countries, where a hacker rashly drove, as it was on October 5, 2016 in Prague during the arrest of Yevgeny Nikulin , who hacked LinkedIn in 2012 with 167 million user accounts, which later hit the Internet.

Detention Nikulin. A live survey of the Prague police

It is important to note that even after the detention of Russian hackers abroad, Russia is taking diplomatic and not only diplomatic steps to release them. For example, right after Nikulin’s arrest in Russia, LinkedIn was blocked — ironically, it was the leakage of private data that was chosen as the reason for blocking, although it was caused by a Russian hacker. But at least the Americans should take the hint. LinkedIn makes it easier to drop claims to Nikulin than to be blocked in a country with tens of millions of users.

“In general, the situation around Evgeny Nikulin confirms the line of Washington, which arranged a“ hunt ”for Russian citizens all over the world and imposing its jurisdiction on other states. We insist on the transfer of Nikulin to the Russian Federation. The Russian side hopes that Prague will take all possible measures to resolve the issue impartially, ”said Alexey Kolmakov, representative of the Russian Embassy in the Czech Republic.

According to the experience of previous cases, when a powerful state machine of the Russian Federation was involved in the struggle to prevent the extradition of Russian hackers, we can assume that this time the Russian diplomats will succeed. Moreover, the company LinkedIn itself should already be on their side.

At the service of the state

In recent years, the Russian hacker scene has undergone some changes. Anti-American propaganda has some success.

According to some security experts, it is Russian “state” hackers who are involved in many major recent hacks, including cyber attacks on the National Committee of the US Democratic Party .


Fancy Bear Symbol

An investigation of cyber attacks on the National Committee of the US Democratic Party was conducted by independent experts from CrowdStrike. In their opinion, the two groups of Russian hackers, Cozy Bear (CozyDuke or APT29) and Fancy Bear (Sofacy Group or APT28), managed to crack the information system. Cozy Bear Group received unauthorized access to the information system in the summer of 2015, and Fancy Bear - in April 2016.

Julian Assange agreed to post the stolen data on the Wikileaks website. According to him , in this way he wanted to prevent Hillary Clinton from interfering with winning the presidential election.

The impact of hacker attacks on the results of presidential elections? Assange's statements were considered eccentric. Hillary Clinton was in the lead in polls, and it was completely impossible to imagine that breaking mailboxes would weaken her position so much that a person like Donald Trump could be elected president.

Nobody believed in it ...