Fancy Bear Hackers Tainted Dumped Emails with False Data

Hackers from Fancy Bear, the espionage hacker group with Russian ties, reportedly snuck false information in the data trove they leaked from the Democratic National Committee during the American elections.

According to a report from Citizen Lab, an organization with ties to the University of Toronto, the hackers planted information inside emails belonging to a journalist who’s a critic of Putin’s regime, which were included in the dump.

Although Citizen Lab says it can’t definitely tie Fancy Bear to the tainted leaks, Forbes backs up the information after obtaining evidence indicating the connection.

“Tainted leaks are the next frontier of disinformation: an attempt to really tamper with the integrity of large sets of information that people will believe to be genuine,” points out John Scott-Railton, researcher at Citizen Lab.

How it all started

The investigation started with David Satter, journalist and critic of Putin’s way of running a country. Back in October 2016, Satter was the target of an attack from hacktivist group Cyber Berkut, known for its pro-Russian views. A phishing email appearing to be from Google asked Satter to change his password. As soon as he tapped the link in that email and entered his login details, the account was no longer his.

The emails were “selectively modified” by Cyber Berkut before being published online, shows Citizen Lab’s report. Thus, the leaks contained both real and fake lines. One of the tampered messages pointed out in the report is one featuring a report sent by Satter to the National Endowment for Democracy, a non-profit promoting democracy. The email was changed in a way that makes it appear as if Satter was paying Russian journalists to write articles that were criticizing the Kremlin.

The original report focused on Radio Liberty, which is a US-government sponsored station that broadcasts news in Russia. The edited version removes mentions of Radio Liberty and replaces them with general statements that make it seem as if the journalist was actually supporting a much larger organization.

“By repeatedly adding his reporting to the document, the tainting creates the appearance of foreign funding for his work,” writes Citizen Lab.

The leaks also included a report that hadn’t been published at the time. Written by journalist Elena Vinogradova, the inclusion of her article before it even went live indicates the hackers were also keeping an eye on her.

Read more…