Russians hacked NCDP, used fabricated news to attack the United States

Disinformation news much more dangerous than you can imagine. Fabricated news reports are not only used for propaganda purposes to sway the opinions of gullible people. Several Russian hackers accused of hacking into the systems of the national Committee of the Democratic party, make fabricated news into a weapon: they insert malware in a fake news article in order to infiltrate the systems of unsuspecting people.

Within a decade, various hacker groups, who are accused of working for the Russian government, trumped up news stories within cyberspying campaigns against the us government, law enforcement agencies and officials of the military departments — not to mention think tanks, military contractors and universities. This is evidenced by more than a dozen reports and warnings prepared by the Department of homeland security, the FBI and other Federal agencies over the past three years. Private companies working in the field of cybersecurity, conducted their own research and came to the same conclusion.

“Kiberprestupniki from Russia, China and many other countries for many years use genuine and fabricated news stories as based on social psychology bait (headers, attachments, and links), because the news/fake news are an effective way to get the victim to the bait and open the cyber criminals access to their system,” — wrote in his email, James Scott (James Scott), senior researcher of the Institute of technology key infrastructure (Institute for Critical Infrastructure Technology).

“News or fabricated news are an effective decoy because the victims feel a strong desire to open the email or follow the link to get more information.”

After a few hours after Donald trump was elected President of the United States, the hackers began a campaign against supporters of both camps. These hackers, who, according to some, connected with the Russian government used fabricated news that are sent from addresses with Gmail and hacked electronic mail boxes of the faculty of arts and Sciences at Harvard, as reported by the company Veloxity. Two of these letters were listed that they were sent by the Clinton Foundation. The other letters contained references to efax or PDF attachments, which were news articles on the following topics:

• “The results of the vote may be reconsidered [fraud in the election]”
• “The shocking truth about voter fraud”
• “Why the American electoral system is flawed”
• “Important information about the Clinton Foundation”

This group of hackers — it is called The Dukes, APT29 or CozyBear — according to some, tied to the Russian FSB. According to representatives of the U.S. government and analysts of private companies specializing in cybersecurity, CozyBear became one of the two hacker groups that broke into the system NCDP ahead of elections in 2016. Within its cyberspying campaigns, these hackers used fabricated news since at least 2008, as stated in the report prepared by company F-Secure.

“Usually the content of these letters-traps is taken from publicly available sources: hackers or copy public materials such as news reports, or just pereprofilirovanie genuine file that is shared”, — the report says F-Secure.

Over the past few months “fabricated news” has evolved from no one not notice the phenomenon in the main topic of discussion in media and political circles. At first this term was used to denote a deliberately fabricated materials distributed by the promoters to earn or to impress the public with a particular point of view. However, in the last few weeks, when Facebook, Google and other companies have begun to actively fight the trumped-up news, this term is widespread among supporters of both parties and has come to denote any news material with which they disagree. This is a very dangerous trend, because some of those false messages can be truly malicious.

Hackers used fake news reports to contain malware that can infect a network. And in the end it turns out that any data the network may at any time be stolen, changed, or deleted.

Hackers sometimes use links, leading to a totally fictitious articles on sites that seem genuine but are unfamiliar with blogs, or foreign news sites. (The Dukes used such domains as,,, as stated in the report of the company F-Secure.)

Another of these phishing campaigns, hackers attempt to catch their victim on the hook with at first glance, the authentic materials – involves the use of links that look exactly like well known information sites, but are part of the hacker domain. The third method consists in the fact that email attached a genuine news article, taken from a well known source of charged and malware.

For example, in the framework of the 2009 campaign directed against Poland, the Czech Republic and one of the American analytical center as bait was used by a document that apparently was copied from a news article by the BBC, as stated in the report F-Secure, which contains a screenshot of this document.

In other campaigns, the victims were redirected to a website that was supposedly the website of the Turkish news outlet covering jihadist news. Another site controlled by the Russian hackers, were made under the website of the Chechen news organization.

In 2014, when the Russian government began to increase its cyberspying campaigns, another Russian hacker group, which in certain circles is called the Sandworm attacked the participants of the conference on global security, which was devoted to the problem of settlement of the Ukrainian crisis. At the GlobeSec conference attended including senior us officials, including Deputy Secretary of state Victoria Nuland (Victoria Nuland), which is criticized in Russia and Ukraine has promised U.S. support in the upcoming elections. (These elections were held in Ukraine soon after the conference, held in may 2014, and they also became a target for Russian hackers trying to affect the results, according to U.S. officials.)

The former head of homeland security Michael Chertoff (Michael Chertoff), senior officials of the Ministry of defence, members of the house of representatives Committee on foreign Affairs, the leadership of Microsoft, Raytheon and Lockheed and dozens of representatives of the analytical centers were there, too — and they all were hackers Sandworm.

“Many of the documents-the bait used to deploy the malware was a fabricated news stories on the political and economic situation in Europe”, — stated in the document prepared by the Institute of technology critical infrastructure for the White house and Congress in 2015.

Around the same time, the national center for cybersecurity and communications integration (National Cybersecurity and Communications Integration Center) of the Ministry of internal security issued a warning addressed to the employees of Federal agencies, outlining campaign of the hackers, in which they send e-mails with information on current events that contain harmful links.

As reported by two sources from the Department of homeland security, the warning, dated 15 October 2015, is meant, first of all, hackers associated with Russia.

As stated in the report of the Ministry of internal security, the topic of these emails is most often listed as follows:

• “Russia is increasing its military potential, despite the downturn in the economy”
• “Barack Obama argues that ISIS can be defeated with ideas, not weapons”
• “As tensions between Russia and the West could provoke a third world war”
• “News: inspectors in Syria have found traces of banned chemical weapons”
• “In Ukraine seized by Russian military on their way to the capital”

This was not the only warning of the Ministry of internal security associated with the spread of fabricated news. Over the past three years inside Federal agencies spread out over a dozen warnings and memos dealing with malicious links in news stories (true or fabricated).

Moreover, Russia is not the only country using fake news to break into computer systems.

In July 2014, for example, the FBI circulated among employees of Federal law enforcement agencies report to the iSight, in which they talked about the recently discovered campaign, Iranian hackers called Newscaster. In this campaign used fake social media accounts, allegedly belonging to the journalist and the website on which illegally housed news materials originating from genuine information sites that ultimately, the hackers were able to access passwords of employees of Federal agencies working in top-secret programs or key infrastructure.

A few months earlier, on 29 January 2014, in its report, the FBI warned its employees about the likelihood of phishing attacks, which can be used the theme of the Winter Olympic games.

“Events which cause considerable interest from the public and the media, are often used as bait in the framework of phishing campaigns. Criminals can create fake websites and domains that at first glance may seem to be the official sites of the Olympic games and which are used to spread malware, infecting users ‘ computers as soon as they open up these sites,” the report said.

“Company NBCUniversal has the exclusive rights to cover the games for the audience of the channels NBC, NBCSN, MSNBC, USA Network, and related accounts on Twitter, Facebook and Instagram. Viewers must be careful not to refer to any other sources claim that they offer the coverage of games in real time. As in all other cases, it is best to directly visit the reliable resources than to follow any links in emails or open attachments”.