US indicts Russians in hacking of nuclear company Westinghouse

John Demers announces criminal charges against seven Russian Federation intelligence officers. PHOTO: EPA-EFE

WASHINGTON (REUTERS) - The United States on Thursday (Oct 4) charged seven Russian intelligence officers with conspiring to hack computers and steal data from the nuclear energy company Westinghouse Electric, as well as anti-doping watchdogs, sporting federations and an international agency probing the use of chemical weapons.

The charges of conspiracy to commit computer fraud and abuse and to commit wire fraud and money laundering came hours after Dutch authorities said they had disrupted an attempt by Russian intelligence agents to hack into the Hague-based Organisation for the Prohibition of Chemical Weapons in April.

That organisation is tasked with probing the use of chemical weapons in Syria and the March 2018 poisoning of a former Russian military intelligence officer in the United Kingdom.

The Justice Department said one of the Russian officers researched Westinghouse and its employees online and stole log-in credentials of Westinghouse workers for servers in the United States, including staff that work at its advanced nuclear reactor development and new reactor technology units.

Westinghouse, which is located outside Pittsburgh, provides fuel, services and nuclear power plant design to customers, including Ukraine.

"We have found no evidence that the phishing campaigns against employees to breach Westinghouse's systems were successful," the company said in a statement.

It added that it is cooperating with the Justice Department, but could not go into specifics because the investigation is ongoing.

Three of the seven Russian military officers indicted on Thursday were charged in a separate case brought by Special Counsel Robert Mueller's office for their role in hacking activities designed to influence the 2016 presidential election.

John Demers, the head of the Justice Department's National Security Division, said while the defendants overlap, the case brought on Thursday did not involve Mueller's office.

In the indictment, prosecutors alleged that one of the Russian officers, Ivan Sergeyevich Yermakov, who was also charged by Mueller in the election-related hacking, performed "technical reconnaissance" on Westinghouse to gain access to IP addresses, domains and network ports starting in November 2014.

In December 2014, the hackers registered a fake domain and website designed to mimic the company's website and sent phishing emails to at least five employees. Once people clicked on the spoofed domain and provided their log-ins, they were rerouted to the original network.

On other occasions, according to the indictment, the conspirators also sent spear-phishing emails to the personal emails of employees at Westinghouse. Two account users clicked on the malicious links.

The indictment alleges that the seven defendants, all of whom are members of Russia's military intelligence agency, sought to sow disinformation and create an influence campaign as retaliation for the exposure of a Russian state-sponsored athlete doping program.

The US Anti-Doping Agency and the World Anti-Doping Agency were among their hacking targets, as well sporting organisations including the Federation Internationle de Football Association (Fifa) and athletes whose medical records were stolen and later publicized.

Russia has denied meddling in the 2016 US presidential election, contradicting a unanimous conclusion by all US intelligence agencies.

All seven of the defendants are presumed to be in Russia, which does not have an extradition treaty with the United States. The indictment could make it hard for them to travel to other countries.

The hackers travelled to other countries to carry out hacking activities, sometimes with the use of diplomatic passports, prosecutors allege.

Such efforts, known as "on-site" or "close access" hacking operations, were carried out in cases where remote hacking from Russia did not provide "sufficient access" to networks.

One such trip, for instance, was Rio de Janeiro before and during the 2016 summer Olympic games.

Some of the stolen data was later published under the false auspices of a hacktivist group known as "Fancy Bears Hack Team."

"Close access operations, like the ones exposed today, are reminders of the considerable resources available to nation states," said John Hultquist, director of intelligence analysis at the cyber firm FireEye.

While the motive behind the hacks involving anti-doping groups and organisations probing Russian poisonings were more clear-cut, the decision to target Westinghouse was less apparent.

Justice Department officials declined to provide additional details on Thursday about the attacks on the company.

Efforts to penetrate its networks started in late 2014, some nine months after Ukraine's pro-Russia President Viktor Yanucovych was removed from power during the Ukrainian Revolution.

Join ST's Telegram channel and get the latest breaking news delivered to you.