A Ukrainian hacker who authored malware used in last year’s hack on the Democratic National Committee is now a witness for the FBI.
The hacker, known as Profexer, sold the malware online, allegedly without realizing the purchaser was the Russian intelligence hacking group known as Fancy Bear, said to be behind the hack. As The New York Times reports, Profexer turned himself into Ukrainian police earlier this year after the U.S. Dept. of Homeland Security identified his software. The head of the country’s cybersecurity police said he let FBI agents interview the hacker, but have declined to disclose other details publicly, including his name.
“P.A.S. web shell,” the malware, was available to download free from a website that asked only for donations, but Profexer’s real business was in selling customized versions and assisting his hacker clients in its use—something he reportedly did for a client who investigators say was Fancy Bear.
“He was a freelancer and now he is a valuable witness,” Anton Gerashchenko, a member of Ukraine’s Parliament with ties to the security services, told the Times.
Profexer is the first known witness in the DNC attack investigation, which has primarily relied on technical evidence, according to the Times. The use of third-party malware code has at times made it harder to definitively attribute attacks to any Russian government agency. As a result of a dearth of physical evidence, President Trump has waffled on whether he believes U.S. intelligence assessments attributing the hacks to Russia.
Among its cache of evidence, the FBI is also reviewing copies of hard drives from Ukraine’s Central Election Commission, which were targeted by hackers during the May 2014 presidential election. The bureau, reports the Times, has posted a full-time cybersecurity expert in Kiev as one of four agents stationed at the U.S. Embassy there.
Meanwhile, The Nation magazine is currently reviewing a controversial article this month that suggested, contrary to U.S. intelligence reports, that Russia might not be behind the attack, The Hill reports.
I wrote more about the post-election activities of Fancy Bear here.