https://www.nytimes.com/2020/01/15/podcasts/the-daily/russia-hacking-interference.html?showTranscript=1
Check it out.
nicole perlroth
So, starting about New Year’s Eve, he was actually at Disney World with his kids, and he was in line for the teacups ride, as he tells it.
michael barbaro
Naturally.
nicole perlroth
And someone on his team sends him a Slack message.
oren falkowitz
And it said, I found a bunch of Russian phishing attacks going after Ukrainians targeting natural gas.
nicole perlroth
There is an active Russian phishing campaign against some companies in Ukraine.
oren falkowitz
You know, it’s pretty boring, run of the mill, but I’m going to keep tabs on it, and if they swing more towards U.S. targets, you know, we can spend some extra time looking at it.
nicole perlroth
Couple days later, a different person on their team was giving a presentation about threats to the oil and gas industry, and took a little bit of a closer look at what these attacks against Ukraine were all about.
oren falkowitz
And she started to notice after a little digging that all three gas companies that had been found were related to this company Burisma.
nicole perlroth
They were all subsidiaries of Burisma.
michael barbaro
Hmm, the company at the center of the Trump impeachment inquiry and the company on which Hunter Biden sat on the board.
nicole perlroth
Right. So, Oren’s team takes a close look at these attacks, and they find out that these are pretty sophisticated phishing attacks, for one.
oren falkowitz
In this case, what the Russians we’re doing is setting up fake websites to look exactly like Burisma Holdings company’s websites, so that when a user visited them, they wouldn’t really know the difference.
nicole perlroth
They’ve taken something like, KUBgas.com.ua and just disposed of the “.ua,” so these employees are looking at the website address, and why should they even assume that their company doesn’t own the .com domain?
oren falkowitz
That would allow them, you know, in some of these websites, to ask for usernames and passwords. And once those are given away, they can go and do other things like access their emails, start sending emails on their behalf, and going further into their networks, probably to achieve some goal that we don’t understand yet.
nicole perlroth
So, what they saw was that people were indeed accessing these fake login pages.
nicole perlroth
O.K. And do we know how successful these attacks have been?
oren falkowitz
The attacks have been successful.
nicole perlroth
And giving away their usernames and passwords.
oren falkowitz
What they’ve accomplished is yet to be determined.
nicole perlroth
We don’t know what happens after that. Oren’s team can’t say whether they got any emails at all, whether they got any material that would be embarrassing to Joe Biden or his son. But what’s clear is they successfully got in.
So on its face, this would not actually be that weird. Ukraine is known as sort of Russia’s test kitchen for hacking and cyberattacks. It’s basically been under constant attack since before 2014. But when they started unwinding some of these campaigns back, there were two things that stood out. One, this isn’t some random Russian cyber criminal group. This is Fancy Bear, the name of the group that private security researchers give to the G.R.U., Russia’s main intelligence directorate — the same group that hit John Podesta, Hillary Clinton’s campaign chairman, back in 2016.
michael barbaro
Wow. So the same group is doing the attack on Burisma?
nicole perlroth
Exactly.
The other thing that was interesting was the timing. When Oren’s team went back and looked at the timestamps, this was early November. And you have to remember where we were in early November. The private testimony of the impeachment witnesses before the House Intelligence Committee had just wrapped up and we were about to start the public hearings.
michael barbaro
So, this division of the G.R.U. is targeting Burisma at the very same moment when Burisma is suddenly at the center of the national conversation in the impeachment process.
nicole perlroth
Exactly. Here we are again.
oren falkowitz
Given that we’re so close to the first votes being cast in the elections.
nicole perlroth
With an election year coming up.
oren falkowitz
This is starting to look more like the pattern that we have seen in 2016.
nicole perlroth
With a Russian hack of a sensitive Democratic target.
michael barbaro
So Nicole, as he is telling you this, what are you thinking?
nicole perlroth
I’m thinking this is 2016 all over again. So, I had been told that we were going to see a lot of foreign interference in this election. Not just from Russia, but because Russia had offered a playbook for interference for every other country that had any other incentive to influence the 2020 election, we were told we were going to be getting hit from all sides. But, I had fully expected that perhaps because Russian tactics and techniques had been spilled over the Mueller report and in private security intelligence assessments, that we would see something more sophisticated. But, when Oren was describing this, it was a cookie cutter repeat of what happened to John Podesta back in 2016.
michael barbaro
Right. Who would use the exact same technique twice?
nicole perlroth
Apparently, the G.R.U. does.
[music]
michael barbaro
We’ll be right back.
Nicole, you said you were talking to Oren as part of your reporting on what to expect from Russia in 2020. But, as you’ve observed, this story that he told you, it sounds like they’re up to the exact same thing as they were in 2016. Why would that be, given that they were caught in the sense that the U.S. understands what they did in 2016 — why would they just use the same tactics in 2020?
nicole perlroth
Because it still works. People will still click on these links. People will still turn over their passwords. We know people won’t turn on this thing called two-factor authentication to make sure people can’t just hack into their computers from a strange location. And, we also know that the outcome can be the same. We know that in 2016 —
archived recording
Breaking tonight. Less than two weeks until election day, and hacked emails from the account of Hillary Clinton’s campaign chairman, John Podesta, are raising new questions about Mrs. Clinton and her candidacy.
nicole perlroth
When Russian hackers and trolls dumped John Podesta’s emails and emails at the D.N.C., people devoured them.
archived recording
After thousands of leaked emails showed Democratic Party officials possibly plotting against Bernie Sanders in his race against Hillary Clinton.
nicole perlroth
People wanted to believe that the race was fixed for Hillary Clinton from the beginning.
archived recording 1
They planned this. They set it up. They didn’t give us a chance.
archived recording 2
They came together pretty much to shut Bernie out. I mean, it’s pretty obvious.
nicole perlroth
And, what they did was, they looked in those emails for any evidence of that, and we got to a place where the Russians successfully sowed American discord.
archived recording (bernie sanders)
And we have got to elect Hillary Clinton and Tim Kaine. [BOOING]
nicole perlroth
They basically poured fuel on the fire.
And when you think about where we are in 2020, there’s no evidence to suggest that the outcome wouldn’t be the exact same. When you think about what President Trump was saying last summer into the fall —
archived recording (donald trump)
Uh, they should investigate the Bidens, because how does a company that’s newly formed —
nicole perlroth
— that Burisma was corrupt.
archived recording (donald trump)
That was a crooked deal, 100%.
nicole perlroth
That there was widespread corruption in Ukraine that he wanted investigated.
archived recording (donald trump)
Uh, Ukraine is known as a very, very corrupt place, and they know that.
nicole perlroth
And you think about what Russian hackers could potentially get from getting inside Burisma’s systems. They might not necessarily find anything that is an exhibit A of corruption. But if you selectively leaked emails out of context, it’d be very easy in the current media climate and the current partisan climate for people to once again devour those emails and find whatever it is they want to find.
michael barbaro
There doesn’t have to be all that much there there for it to effectively sow discord?
nicole perlroth
Exactly.