Russia Is Losing a War Against Hackers Stealing Huge Amounts of Data – The Intercept

Russia isknown for itsarmy of hackers, but sincethe start of itsinvasion of Ukraine, dozens of Russian organizations including government agencies, oil and gas companies, and financial institutions have been hacked,with terabytes of stolen data leaked onto the internet.

Distributed Denial of Secrets, the transparency collective thats best known for its 2020release of 270gigabytes of U.S. law enforcement data (in the midst of racial justice protests following the murder of George Floyd),has become the de facto home of the hacked datasets from Russia.The datasets are submitted to DDoSecretsmostly by anonymous hackers, and those datasets are then made available to the public on the collectives website and distributed using BitTorrent. (I am an adviser to DDoSecrets).

The flood of Russian data has meant a lot of sleepless nights, and its truly overwhelming, Emma Best, co-founder of DDoSecrets, told The Interceptvia an encrypted messaging app. In its first 10 years, WikiLeaks claimed to publish 10 million documents. In the less than two months since the invasion began, weve published over 6 million Russian documents and it absolutely feels like it.

After receiving a dataset, DDoSecrets organizes and compresses the data; it then starts distributingthe data using BitTorrent for public consumption, publicizes it, and helps journalists at a wide range of newsrooms access and report on it. DDoSecrets has published about 30 hacked datasets from Russia sinceits invasion of Ukraine began in late February.

The vast majority of sources who provided the hacked Russian data appear to be anonymous individuals, many self-identifying as part of the Anonymous hacktivist movement. Some sources provide email addresses or other contact information as part of the dumped data, and some, like Network Battalion 65, have their own social media presence.

Still, with so many datasets submitted by anonymous hackers, its impossible to be certain about their motives or if theyre even truly hacktivists. For instance, in 2016 hackers compromised the network of the Democratic National Committee and leaked stolen emails to WikiLeaks in an attempt to hurt Hillary Clintons presidential campaign. Guccifer 2.0, the hacker persona responsible, claimed to be a loneactor but was later revealed to be an invention of the GRU, Russias military intelligence agency.

For this reason, the recent Russian datasets published by DDoSecrets includea disclaimer: This dataset was released in the buildup to, in the midst of, or in the aftermath of a cyberwar or hybrid war. Therefore, there is an increased chance of malware, ulterior motives and altered or implanted data, or false flags/fake personas. As a result, we encourage readers, researchers and journalists to take additional care with the data.

On February 26, two days after Russias invasion started, DDoSecrets published 200 gigabytes of emails from the Belarus weapons manufacturer Tetraedr, submitted by the hacktivist persona Anonymous Liberland and the Pwn-Br Hack Team. Belarus is a close ally to Russia in its war against Ukraine. A message published with the dataset announced #OpCyberBullyPutin.

OnFebruary 25, the notorious Russian ransomware gang known as Conti publicly expressed its support for Russias war, and two days later, onFebruary 27, an anonymous Ukrainian security researcher who had hacked Contis internal infrastructure leaked two years of Conti chat logs,along withtraining documentation, hacking tools, and source code from the criminal hackers. I cannot shoot anything, but I can fight with a keyboard and mouse, the anonymous researcher told CNN on March 30 before he safely slipped out of Ukraine.

In early March, DDoSecrets published 817 gigabytes of hacked data from Roskomnadzor, the Russian federal agency responsible for monitoring, controlling, and censoring Russian mass media. This data specifically came from the regional branch of the agency in the Republic of Bashkortostan. The Intercept made this dataset searchable and shared access with independent Russian journalists from Meduza who reported that Roskomnadzor had been monitoring the internet for antimilitarism since at least 2020. In early March, Roskomnadzor began censoring access to Meduza from inside Russia due to systematic spread of fakes about the special operation in Ukraine, a spokesperson for the agency told the Russian news site RIA Novosti.

Thehacks continued. In mid-March, DDoSecrets published 79 gigabytes of emails from the Omega Co., the research and development wing of the worlds largest oil pipeline company, Transneft, which is state-controlled in Russia.In the second half of March, hacktivism against Russia began to heat up. DDoSecrets published an additional five datasets:

On the last day of March, the transparency collective also published 51.9 gigabytes of emails from the Marathon Group, an investment firm owned by sanctioned Russian oligarch Alexander Vinokurov.

On the first day of April, DDoSecrets published 15 gigabytes of emails from the charity wing of the Russian Orthodox Church. Because the emails might include sensitive and privateinformation from individuals, DDoSecrets isnt distributing thisdatato the public. Instead, journalists and researchers can contact DDoSecrets to request a copy of it.

On April 3, DDoSecrets published 483 gigabytes of emails and documents from Mosekspertiza, a state-owned corporation that provides expert services to the business community in Russia.On April 4, DDoSecrets published 786 gigabytes of documents and emails from the All-Russia State Television and Radio Broadcasting Co., referred to with the English acronym VGTRK. VGTRK is Russias state-owned broadcaster; itoperates dozens of television and radio stations across Russia, including regional, national, and international stations in several languages. Former employees of VGTRK told thedigital publication Colta.ru that the Kremlin frequently dictated how the news should be covered.Network Battalion 65 is the source for both the VGTRK and Mosekspertiza hacks.

Russias legal sector also got hacked. On April 8, DDoSecrets published 65 gigabytes of emails from the law firm Capital Legal Services. The persona wh1t3sh4d0wsubmitted the data to the transparency collective.

In the following days, DDoSecrets published three more datasets:

By April 11, DDoSecrets had published another three datasets:

In mid-April, DDoSecrets published several datasets from the oil and gas industries:

On April 16, DDoSecrets published two more datasets:

Just during the last week, DDoSecrets published these datasets:

Earlier today, DDoSecrets published 342 gigabytes of emails from Enerpred, the largest producer of hydraulic tools in Russia that works in the energy, petrochemical, coal, gas and construction industries.

Despite the massive scale of these Russian data leaks, very few journalists have reported on them so far. Since the war began, Russia has severely clamped down onits domestic media, introducing penalties of years in prison for journalistswho use the wrong words when describingthe war in Ukraine like calling it a war instead of a special military operation. Russia has also ramped up its censorship efforts, blocking Twitter and Facebook and censoring access to international news sites, leaving the Russian public largely in the dark when it comes to views that arent sanctioned by the state.

One of the barriers for non-Russian news organizations is language: The hacked data is principally in Russian. Additionally, hacked datasets always come with considerable technical challenges. The Intercept, which was founded in part to report on the archive of National Security Agency documents leaked by Edward Snowden, has been using our technical resources to build out tools to make these Russian datasets searchable and then sharing access to these tools with other journalists. Russian-speaking journalists from Meduza which is forced to operate in Latvia to avoid the Kremlins reach have already published a story based on one of the datasets indexed by The Intercept.

More here:
Russia Is Losing a War Against Hackers Stealing Huge Amounts of Data - The Intercept