back to article 'DNC hackers' used mobile malware to track Ukrainian artillery – researchers

The Russian hacking crew controversially linked to hacks against the Democrat Party during the US election allegedly used Android malware to track Ukrainian artillery units from late 2014 until 2016, according to new research. Threat intelligence firm CrowdStrike reckons that mobile malware was used to harvest communications …

  1. Ogi

    Interesting

    Whichever side of the conflict you back (if any at all), I do find it quite interesting. Possibly a first example of "cyberwar" being waged. Not on its own, but as a tactic directed against a military force as part of a wider military operation. It was malware, targeting a specific app only useful to people manning artillery, which provided very useful location data for where the artillery would be (the app is being run by an artilleryman when they ware using artillery, pretty clear cut case of a valid military target).

    The military has been talking about "cyberwar" for years now, but it always seemed like some undefined nebulous concept. So far all battles so far have been with one technologically advanced side against another less technologically advanced, so any "cyberwar" involved mostly script kiddies defacing the other sides sites, the odd DDOS, and spreading propaganda.

    Here we see it applied between two "advanced" opponents, with a direct military benefit for one side due to an exploit used against the other. I wonder if in future they will limit soldiers access and use of smartphones. They are basically mini spies in your pocket, even when not compromised.

    Up until now the closest we had was stuxnet, however that was more disrupting enemy industry in peacetime, than what I would call an active war.

    1. Anonymous Coward
      Anonymous Coward

      Re: Interesting

      I'm very surprised about smart phones being allowed at all, even normal mobile phones.

      All it would take is a few decent base stations dotted about and you could triangulate a position fairly well.

      Add the "App" element and not do you have locations (even with GPS turned off), but you have a defined target, not just a random phone user.

      1. Brian Miller

        Re: Interesting

        I'm very surprised about smart phones being allowed at all, even normal mobile phones.

        It's normal to have some personal electronics around the battlefield. It's one thing to tell a person to keep their phone off, and another for them to actually do it, especially when they are using them to support the operation. The question is, will they commence disinfecting the devices, or scanning for them on their own?

      2. Chris G

        Re: Interesting

        I'm surprised too, during the cold war we were extremely limited on transmission times and after any transmission it was generally considered wise to move to another position unless you were good at catching mortars.

      3. TeeCee Gold badge
        Facepalm

        Re: Interesting

        IIRC, during the Balkan conflict our army was busily purchasing mobile phones locally. That way they could actually talk to each other at distance, as the new secure radio kit they'd been issued turned out to be utterly crap in real world use.

    2. John 104

      Re: Interesting

      I'd be more inclined to call it cyber intelligence vs cyber warfare. There are no shots fired by this software, it is just information gathering that was used to the advantage of the Russians.

  2. Anonymous Coward
    Anonymous Coward

    Want to blow someone up?

    There's an app for that.

    Really...WTF?

    1. Trigonoceps occipitalis

      Re: Want to blow someone up?

      Samsung silly.

  3. Destroy All Monsters Silver badge
    Windows

    Commence Arty Strike on this App Position!

    This is getting more and more "out there" though, now the "fancy & cosy bears" are linked to the DNC "hack" which according to "Craig Murray, former UK ambassador to Uzbekistan and whistleblower" doesn't even exist (audio, article). Will this train ride ever stop?

    (Also, didn't Russia provide good satellite imagery to eastern rebels (and probably their own long-range artillery) anyway? Why APTify the mobiles?)

    1. Anonymous Coward
      Anonymous Coward

      Re: Commence Arty Strike on this App Position!

      Sometimes it's dark and/or foggy

      1. Anonymous Coward
        Anonymous Coward

        Re: Commence Arty Strike on this App Position! - Sometimes it's dark and/or foggy

        This is how I feel as a noncombatant in the middle of the infowars. Bunkum seems to be incoming from all directions.

    2. Tom Paine

      Re: Commence Arty Strike on this App Position!

      (Also, didn't Russia provide good satellite imagery to eastern rebels (and probably their own long-range artillery) anyway? Why APTify the mobiles?)

      If you could do it, why wouldn't you? The more independent sources of intel you have access to, the better. If the phone data confirms satellite or other recon, they can be that much more confident in the assessment that a bunch of vehicles in a field is artillery rather than civilian refugees or, say, three simple circus folk who have lost their way in the woods.

    3. Anonymous Coward
      Anonymous Coward

      Re: Commence Arty Strike on this App Position!

      Many Ukrainians use popular Russian social media sites, like vkontake and odnoklassniki. Those on opposite sides of the conflict would routinely abuse each other on these and other platforms. When those in the field are placing selfies from the front using Russian sites - some of which are owned by people associated with the Russian government and/or sympathetic to LNR/DNR - the introduction of specific smartphone malware might not be necessary.

  4. Anonymous Coward
    Facepalm

    Regarding a Russian hacking crew

    "The Russian hacking crew controversially linked to hacks against the Democrat Party"

    Why do you repeat this neocon waffle on this technology site?

    1. Anonymous Coward
      Anonymous Coward

      Re: Regarding a Russian hacking crew

      Mainly because the only 'proof' so far seems to be CrowdStrike and the media pulling things out of their neither region?

  5. Anonymous Coward
    Anonymous Coward

    Evidence

    I see you put 'DNC Hackers' in quotes, but: what evidence do we have that this group hacked the DNC? Assange says it is not a Russian group, and has hinted that it was a DNC staffer. Where is the evidence that says otherwise?

    1. HausWolf

      Re: Evidence

      Since Ole Julian has a history of not being completely truthful, where is the evidence that he's correct?

      1. Destroy All Monsters Silver badge
        Paris Hilton

        Re: Evidence

        Since Ole Julian has a history of not being completely truthful

        We do?

        Only if we believe nasty reporting by Mr. Orlowski and various character assassination pieces that come from very interested parties.

      2. Anonymous Coward
        Anonymous Coward

        Re: Evidence

        "Since Ole Julian has a history of not being completely truthful,"

        It seems the info published on his site has been truthful - or at least what it purports to be.

        In particular, the DNC and Podesta emails were proved to be what Assange said they were, and Podesta, Brazile et al were shown to be the liars when their claims that the emails were fake/altered were disproved.

        Can you supply some examples of Mr Assange not being truthful?

  6. x 7

    "Fancy Bear"?

    Makes them sound like a bunch of gay sauna addicts

    1. Destroy All Monsters Silver badge

      Finding gay sauna addicts in places you wouldn't expect?

      Sounds about right!

  7. Destroy All Monsters Silver badge
    Big Brother

    Bloomberg writer says this smells

    Why I Still Don't Buy the Russian Hacking Story

    Then there's the issue of the targeting software itself. Yaroslav Sherstyuk, the Ukrainian military officer who developed the application, reacted angrily on Facebook to the CrowdStrike report, saying he never published the software on any public forums and encouraging fellow Ukrainian servicemen to keep using the latest version of his app. Via Facebook Messenger, he told me that he didn't believe an infected version of the app even existed. "This is a hoax to scare everyone and make us go back to the old methods of targeting fire," he wrote. A CrowdStrike spokesperson did not respond when I asked if it had contacted Sherstyuk. He said it hadn't.

    The spokesperson, Ilina Dimitrova, wrote that "it is indisputable that the app has been hacked with Fancy Bear malware -- we have published the indicators related to it and they have been confirmed by others in the cybersecurity community." CrowdStrike said that it found the infected app "in limited public distribution on a Russian language, Ukrainian military forum." I doubt anyone in the Ukrainian military would download software for targeting artillery fire from a forum. Typically, they obtain it directly from known developers such as Sherstyuk. If I can contact him directly, so can Ukrainian artillery officers seeking to improve their performance in battle.

    Hence, it's hard for me to believe that this infected app -- found somewhere on the internet and likely never used by Ukrainian soldiers -- offers evidence tying the GRU to APT28. And that's even if one accepts the initial logical leap to the GRU, as opposed to any of the other Russian spy services also involved in the Ukrainian conflict. I sincerely hope that when the U.S. intelligence community finally produces its findings on the election-related hacks, it will be more convincing.

  8. Destroy All Monsters Silver badge

    Related: Infowar Spin Separation by Reason Mag

    Are 'Russian Hacks' the New 'WMDs'?

    "No matter what faceless spooks assure us, it's far from clear the Russian government directed the leaks of the DNC or John Podesta emails."

    ... In the meantime, however, the American public should think carefully about precisely what U.S. intelligence agencies are claiming. The core of their accusations is not that foreign hacking physically endangered Americans or compromised connected systems: It is that powerful politicians were embarrassed, and perhaps politically harmed, when their own internal dealings were made public. Perhaps we should spend more time examining such domestic threats to our democracy, and stop allowing ourselves to be rallied against foreign ghosts that distract us from these vital conversations.

  9. P. Lee

    Who benefits from this story?

    <eom>

  10. Anonymous Coward
    Anonymous Coward

    Cyberwar

    Is not just about building ore refineries then immediately selling them to save money on harvesters.

  11. Anonymous Coward
    Anonymous Coward

    The Big Lie

    So the administration has released their report that "proves" Russian involvement.

    Underwhelming - you might check out Ars Technica to see their thoughts on the report - hint: The Headline begins "White house fails to make case.."

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like