U.S. indicts Russians in hacking of nuclear company Westinghouse
The United States on Thursday charged seven Russian intelligence officers with conspiring to hack computers and steal data from the nuclear energy company Westinghouse Electric Co as well as anti-doping watchdogs, sporting federations and an international agency probing the use of chemical weapons.
The charges of conspiracy to commit computer fraud and abuse and to commit wire fraud and money laundering came hours after Dutch authorities said they had disrupted an attempt by Russian intelligence agents to hack into the Hague-based Organization for the Prohibition of Chemical Weapons in April.
That organization is tasked with probing the use of chemical weapons in Syria and the March 2018 poisoning of a former Russian military intelligence officer in the United Kingdom.
The Justice Department said one of the Russian officers researched Westinghouse and its employees online and stole log-in credentials of Westinghouse workers for servers in the United States, including staff that work at its advanced nuclear reactor development and new reactor technology units.
Westinghouse, which is located outside Pittsburgh, provides fuel, services and nuclear power plant design to customers, including Ukraine.
“We have found no evidence that the phishing campaigns against employees to breach Westinghouse’s systems were successful,” the company said in a statement.
It added that it is cooperating with the Justice Department, but could not go into specifics because the investigation is ongoing.
Three of the seven Russian military officers indicted on Thursday were charged in a separate case brought by Special Counsel Robert Mueller’s office for their role in hacking activities designed to influence the 2016 presidential election.
John Demers, the head of the Justice Department’s National Security Division, said while the defendants overlap, the case brought on Thursday did not involve Mueller’s office.
In the indictment, prosecutors alleged that one of the Russian officers, Ivan Sergeyevich Yermakov, who was also charged by Mueller in the election-related hacking, performed “technical reconnaissance” on Westinghouse to gain access to IP addresses, domains and network ports starting in November 2014.
In December 2014, the hackers registered a fake domain and website designed to mimic the company’s website and sent phishing emails to at least five employees. Once people clicked on the spoofed domain and provided their log-ins, they were rerouted to the original network.
On other occasions, according to the indictment, the conspirators also sent spear-phishing emails to the personal emails of employees at Westinghouse. Two account users clicked on the malicious links.
The indictment alleges that the seven defendants, all of whom are members of Russia’s military intelligence agency, sought to sow disinformation and create an influence campaign as retaliation for the exposure of a Russian state-sponsored athlete doping program.
The U.S. Anti-Doping Agency and the World Anti-Doping Agency were among their hacking targets, as well sporting organizations including the Federation Internationle de Football Association (FIFA) and athletes whose medical records were stolen and later publicized.
Russia has denied meddling in the 2016 U.S. presidential election, contradicting a unanimous conclusion by U.S. intelligence agencies.
All seven of the defendants are presumed to be in Russia, which does not have an extradition treaty with the United States. The indictment could make it hard for them to travel to other countries.
The hackers traveled to other countries to carry out hacking activities, sometimes with the use of diplomatic passports, prosecutors allege.
Such efforts, known as “on-site” or “close access” hacking operations, were carried out in cases where remote hacking from Russia did not provide “sufficient access” to networks.
One such trip, for instance, was Rio de Janeiro before and during the 2016 summer Olympic games.