- The charges include conspiring to access computers without authorization, wire fraud, aggravated identity theft, and money laundering.
- The cyberespionage campaign began in December 2014 and continued till at least May 2018.
The US Department of Justice (DoJ) has indicted seven members of the Russian Main Intelligence Directorate (GRU) for hacking computers associated with 250 athletes and anti-doping sports organizations in the USA and around the world.
The charges include conspiring to access computers without authorization, wire fraud, aggravated identity theft, and money laundering. Five of the seven Russian officers were charged with identity theft, while one officer was charged with wire fraud.
"Today we are indicting seven GRU officers for multiple felonies each, including the use of hacking to spread the personal information of hundreds of anti-doping officials and athletes as part of an effort to distract from Russia’s state-sponsored doping program," Attorney General Jeff Sessions said in a statement.
The charges were brought forth after Dutch officials announced that they disrupted a cyber operation conducted by Russian military intelligence service in the Netherlands. The officials also said that they expelled four individuals involved in the attacks.
According to the 41-page indictment, the hacking began in December 2014 and continued until at least May 2018. The accused military officers had intruded into computers and networks of US citizens and corporate entities around the world.
“Beginning in or around December 2014 and continuing until at least May 2018, the conspiracy conducted persistent and sophisticated computer intrusions affecting U.S. persons, corporate entities, international organizations, and their respective employees located around the world, based on their strategic interest to the Russian government,” the Department of Justice said.
The US government accused the Russian Intelligence officers of stealing information from computers that belonged to entities that were involved in the investigation of a massive Russian state-sponsored doping program.
250 athletes from 30 countries were targeted
The accused Russian intelligence officers targeted 250 athletes from 30 countries. According to Eric Welling, the FBI’s deputy assistant director for the cyber division, the alleged Russian intelligence officers released the stolen personal information in a selective and misleading format which appears eerily similar to the infamous Fancy Bear threat actor group.
The targeted Anti-Doping agencies include the US Anti-Doping Agency headquartered in Colorado Springs, the World Anti-Doping Agency in Montreal; the Canadian Centre for Ethics in Sports in Ottawa, the International Association of Athletes Federations in Monaco, and the Court of Arbitration for Sports in Lausanne, Switzerland.
The main aim of the attack was to disclose stolen information in public and tarnish the reputations of athletes across the world
“Among the goals of the conspiracy was to publicize stolen information as part of an influence and disinformation campaign designed to undermine, retaliate against, and otherwise delegitimize the efforts of international anti-doping organizations and officials who had publicly exposed a Russian state-sponsored athlete doping program and to damage the reputations of athletes around the world by falsely claiming that such athletes were using banned or performance-enhancing drugs,” the Justice Department said.
“All of this was done to undermine those organizations’ efforts to ensure the integrity of the Olympic and other games," John Demers, assistant attorney general for national security said, USA Today reported.
Apart from conspiring against the anti-doping officials and athletes, the alleged Russian agents were also charged with targeting a chemical weapons lab in the Hague, Netherlands, and Westinghouse Electric, a nuclear power company in Pennsylvania.
Most of the malicious activities involved spear-phishing emails. In situations where remote attacks failed on targeted computers, a team of four intelligence officers would travel to the locations where the targets were physically located to conduct close access attacks via Wi-Fi networks.
“We are fighting back to protect U.S. citizens and organizations from criminal cyberattacks funded by the Russian government,” Scott Brady, US attorney for western Pennsylvania, said. “These seven defendants are charged with the pervasive campaign of hacking, stealing private and sensitive information and publicizing that information to retaliate against Russia’s detractors and sway public opinion in Russia’s favor."