Caroline Brehman/CQ via Zuma
In the wake of a report by a computer security firm claiming Russian hackers recently waged a “successful” phishing attack against Burisma, the gas company U.S. officials pressed Ukraine to investigate—requests that helped lead to Donald Trump’s impeachment—Democrats on Capitol Hill are raising questions about why they only found out about the claim after The New York Times published a story airing the allegation.
“I have to say, Rachel, I’m a bit distressed to see this for the first time in a newspaper report,” Rep. Adam Schiff (D-Calif.), the chairman of the House Intelligence Committee, told MSNBC’s Rachel Maddow on Monday night. “If the intel community is aware of this, that should have been brought to our attention by now.”
On Tuesday, CNN’s Manu Raju said that House Speaker Nancy Pelosi had “raised concerns” about the Burisma news behind closed doors, and reported that senior Congressional leadership had not been briefed on the matter. Democratic congressional aides told Mother Jones that their offices will put questions to U.S. intelligence agencies about what they knew about the alleged Russian military hackers’ activities targeting Burisma. The Office of the Director of National Intelligence did not respond to a request for comment.
The report—by Area 1, a Silicon Valley firm founded by former NSA hackers that offers anti-phishing services—a comes just days before President Donald Trump’s Senate impeachment trial is expected to begin. The cybersecurity company says the operatives responsible for the attack were backed by the GRU, the same branch of Russia’s military that was found to be behind the 2016 hacking and leaking of Democratic National Committee materials and the emails of Hillary Clinton campaign chairman John Podesta.
While noting that phishing campaigns by the GRU are not “particularly novel,” the eight-page report said the timing and target in this case, a Ukrainian energy company that once paid former Vice President Joe Biden’s son to serve on its board, “raises the spectre that this is an early warning of what we have anticipated since the successful cyberattacks undertaken during the 2016 election.”
The report alleges that beginning in early November 2019 the GRU spoofed a log-in page for an email server used by Burisma and several subsidiaries. Similar to the way that Podesta’s Gmail credentials were stolen, any Burisma employee who used this spoofed page to log in would be handing their account’s username and password to the hackers. Not only would that provide access to the account’s contents, the account could then be used as a platform to try to trick others.
Area 1 says the campaign also targeted Kvartal 95, a media production company founded by Ukrainian President Volodymyr Zelensky, a former actor and comedian. The Times reported that operation appeared to be focused on a former executive who Zelensky appointed as the head of Ukraine’s Security Service last summer.
Thomas Rid, an expert on Russian disinformation operations, told Mother Jones that the Area 1 report has received a lot of attention very quickly, but cautioned it was “based on very thin evidence.” While the report may bear out, he warned that U.S. response to the report was itself is a worrying sign for the 2020 elections.
“Whenever we ignore facts and run with our emotional biases, we’re signaling to adversaries that we’re still highly vulnerable to disinformation ops,” he said. “Active measures,” the phrase used to describe Russian information warfare tactics, “put emotions over facts—that’s what makes them active.”
“What makes a society more resilient against disinformation is attention to detail, fact-checking, and sober, cool-headed judgment,” he said.
