The first real evidence of Russian involvement in the alleged US election hacking may have come from Ukraine – the very same country that the Kremlin reportedly made its testing ground for cyberwarfare techniques such as attacks on power grids and phishing campaigns. The data stolen from such attacks were allegedly used later to influence public opinion.
The FBI is said to have interviewed the very first "witness" of the alleged US election hacking, a Ukranian malware expert known only by the pseudonym Profexer.
According to US authorities, one of the malware samples created by Profexer, called the P.A.S web shell, was reportedly used by Kremlin hackers in their cyberespionage campaigns targeting the 2016 US elections.
Profexer reportedly released the malware freely on a website, only asking for donations ranging from $3 to $250. However, the Ukrainian shut down his site after the US DHS (Department of Homeland Security), in its report on election hacking, identified Profexer's malware as the one used in the US election hacking campaign.
"I'm not interested in excessive attention to me personally," Profexer wrote on an exclusive hacker forum called Exploit, after shutting down his site. "If U.S. law enforcement wants to take me down, they will not wait for me in some country's airport. Relations between our countries are so tight I would be arrested in my kitchen, at the first request."
"I don't know what will happen," the Ukrainian malware developer wrote in one of his last messages. "It won't be pleasant. But I'm still alive."
The New York Times reported that Profexer voluntarily went to the authorities and in a show of cooperation, went dark on hacker forums in January. The Ukranian police have not arrested the man said Serhiy Demediuk, chief of the Ukrainian Cyber Police, adding that he made Profexer available to be interviewed as a witness to the FBI.
The Times reported that the FBI is yet to comment on the matter, although the bureau has posted a full-time cybersecurity expert in Kiev along with three other agents stationed at the US embassy in the capital city.
Demediuk said that Profexer wasn't arrested because he didn't use the malware, despite having created it. "He told us he didn't create it to be used in the way it was," Demediuk said.
The Times cited Ukranian parliamentary member Anton Gerashchenko as saying that Profexer was paid to develop the malware and only later discovered its use in Russian hacking. "He was a freelancer and now he is a valuable witness," Gerashchenko said, confirming that Profexer turned himself to the authorities and was cooperating in the DNC hacking probe.
However, it remains unclear whether the malware created by Profexer was used in the cyberattack against the DNC.
The emergence of Profexer and his malware indicate that Kremlin-linked hackers, including Fancy Bear and Cozy Bear may have used and repurposed hacking tools from underground cybercrime communities, instead of developing customised tools themselves. Experts have previously also indicated, using the Yahoo hack as an example, Moscow's propensity to hire cybercriminals to conduct attacks, instead of directing a specific state-sponsored unit.
Meanwhile, as US authorities continue to investigate the 2016 presidential hacking, WikiLeaks founder Julian Assange reportedly met US Republican lawmaker, Representative Dana Rohrabacher of California. Assange allegedly indicated that he was open to providing further information about the DNC leak to US authorities.