Evidence of Russian hacking in Ukraine linked back to US election, says new report

A cybersecurity firm embroiled in claims by American intelligence agencies that Russian hacking influenced the election says new evidence shows Russia's hand behind cyberattacks on the US.

The "same Fancy Bear hackers that hacked the DNC also tracked [the] location of Ukrainian artillery units, making them easier to target," said Dmitri Alperovitch, co-founder of cybersecurity firm Crowdstrike. His firm released a new report presenting those findings yesterday (21 December).

Crowdstrike investigated the Democratic National Committee (DNC) security breach in the spring and a later breach of Democratic campaign computer systems in July. The internal emails of both groups were leaked by WikiLeaks throughout the later days of the 2016 campaign.

Fancy Bear is the name Crowdstrike has given to a group of hackers it claims to have tied back to Russia's GRU — an intelligence wing of the Russian military.

From late 2014 through 2016, the report states, a piece of malware created by Fancy Bear called X-Agent infected an app developed by Ukrainian artillery officer Yaroslav Sherstuk for Android and Apple mobile phones. The app was meant to help Ukrainian artillery forces target their D-30 Howitzers.

These weapons were used by Ukraine in an ongoing battle with Russia over the Ukrainian region of Crimea that Russia annexed in 2014.

The malware, Crowdstrike said, allowed Russia to collect communications and location data to identify the positions of Ukrainian artillery and take them out. This "further supports Crowdstrike's previous assessments that Fancy Bear is likely affiliated with the Russian military intelligence (GRU)," the report said. They point to the fact that 80% of Ukraine's D-30 Howitzers have been lost. This is "the highest percentage of loss of any other artillery pieces in Ukraine's arsenal", the report said.

In the autumn Crowdstrike shared the evidence it collected with the FBI after investigating the hacks on Democrat Hillary Clinton's election campaign and the DNC. Since then, the Intelligence Community in the US has claimed it has evidence that Russia is behind the intrusions. In October a statement by the US Director of National Intelligence, James R Clapper, identified Russia as the source of the cyber-intrusions.

President Barack Obama launched a bipartisan review of the Intelligence Community's findings on 9 December. He has vowed to publish it before the inauguration of President-elect Donald Trump on 20 January. The CIA and FBI have both confirmed they believe the hacking was carried out to get Trump elected.

Yet "no accusations should be accepted until there is actual convincing evidence to substantiate those accusations", according to Glenn Greenwald, a co-founding editor of The Intercept who helped break the Edward Snowden leaks story.

In an interview on MSNBC on 21 December Greenwald charged that the CIA has "constantly disseminated claims that turned out to be false" and accused Democrats of promoting "Russia conspiracy theories" and using fear as a "potent weapon" to cast doubt over the election.

Russian state-funded media has also said claims about hacking amounts to a "coup" against Trump. However, a bipartisan group of American politicians is backing the US intelligence agencies' claims. Will Hurd, a Republican Representative for Texas — and former undercover CIA agent — called out the Obama administration for not doing enough about the hacks in a CNN interview on 21 December.

"I've been calling for months – at a minimum, we should have kicked the Russian ambassador out of the United States or the senior intelligence officer," Hurd said. The same day, New York Democratic Representative Nydia M Velazquez also called for Attorney General Loretta Lynch to appoint a Special Counsel to investigate the role cyberattacks played in the 2016 election.

"The information to be released in January by the intelligence community and the White House," she said in a statement, "will be a starting point for additional investigation, not the conclusion of this matter."