Fancy Bear may have a new target.
The Russian hacking ring alleged to have leaked internal emails from the Democratic National Committee and Hillary Clinton’s presidential campaign has turned its sights on upcoming European elections, a top cybersecurity expert says.
"The script that they’ve been able to successfully execute in the U.S. election I believe will be repeated in European elections," warns Dmitri Alperovitch, CTO of CrowdStrike, the Irvine, Calif., security company that was among the first to attribute the DNC hacks to Russia. "There’s no question that they’d been able to cause a lot of chaos in the course of the election and get people to believe that the system has been rigged."
The Democratic Party hacks, attributed to a Russian hacking group dubbed "Fancy Bear", resulted in a leak of emails over the summer that seemed to imply DNC senior officials favored Clinton over primary rival Sen. Bernie Sanders. During the general election, leaks from the email account of Clinton campaign chairman John Podesta exposed further rifts in the party and evidence suggesting debate questions were leaked to the Clinton campaign.
National Security Agency chief Michael Rogers has denied that the hacks swayed the election, but did say the intrusions appear to have had nefarious intentions.
"This was a conscious effort by a nation-state to attempt to achieve a specific effect," Rogers said in a panel discussion hosted by the Wall Street Journal’s CEO Council.
The Washington Post has reported that the Russians helped spread propaganda and fake news that favored Donald Trump on social media. The report drew some criticism for attributing part of the report to an anonymous group called PropOrNot.
Alperovitch declined to comment on suggestions the leaks may have helped deliver the election to President-elect Donald Trump but told Fast Company that Fancy Bear, believed to be linked to Russian military intelligence, appears to be shifting its attacks toward political and governmental systems in Europe.
"Right now we’re only seeing intrusions," he says. "First they break into these networks, they steal data over a period of time—months sometimes—and then they decide whether they want to weaponize that data by leaking it in some fashion or else distorting it."
Alperovitch didn’t identify specific governments or parties that have been targeted, and representatives from major European parties facing upcoming elections didn’t reply to requests for comment, but Alperovitch says it’s likely Russian hackers would target hacks and leaks in an effort to boost parties and candidates challenging the European Union.
European leaders have said Russia would be happy to see a weaker or more divided EU amid conflicts over the war in Syria and Russia's entry into Ukraine. The United Kingdom's surprising Brexit vote earlier this year, and the possibility of other countries pulling out of the bloc, could lead to a smaller EU less able to impose economic sanctions or other serious consequences on Russia.
In the United States, it’s likely that Republican Party systems were also attacked by the Russian hackers, says Kenneth Geers, senior research scientist at security firm Comodo. But the hackers probably preferred to release information critical of the Democratic Party, given that Trump showed greater sympathy for Russia and President Vladimir Putin than Clinton did, he says.
"Trump almost stood alone, against everyone, in saying Putin is a great leader and Russian troops are not in Ukraine, for example," Geers says. "He’s the only person on the planet who seems to have had that position."
At the same time, a second group of Russian hackers, nicknamed "Cozy Bear" and believed to be tied to a separate, civilian intelligence agency, have begun using tactics such as targeted phishing emails in attempting to hack influential U.S. think tanks, particularly those working on areas tied to Russia, Alperovitch says.
"They’re trying to do what any nation state would be interested in doing, which is figuring out potential policy pronouncements from various organizations that could be close to the administration," he says.