Page 8 - ARUBA TODAY
P. 8
A8 WORLD NEWS
Thursday 2 augusT 2018
Leaked chats show alleged Russian spy seeking hacking tools
By RAPHAEL SATTER boys that understand com-
MATTHEW BODNER puters and everything the
MOSCOW (AP) — Six years old spies at the GRU don't
ago, a Russian-speaking understand," Felgenhauer
cybersecurity researcher said. "You find a good
received an unsolicited hacker, you recruit him and
email from Kate S. Milton. give him some training and
Milton claimed to work for a rank — a lieutenant or
the Moscow-based anti- something — and then he
virus firm Kaspersky. In an will do the same stuff."
exchange that began in ___
halting English and quickly The leak of Milton's con-
switched to Russian, Milton versations shows how the
said she was impressed by glare of publicity is reveal-
the researcher's work on ing elements of the hack-
exploits — the digital lock ers' methods — and per-
picks used by hackers to haps even hints about their
break into vulnerable sys- private lives.
tems — and wanted to be It's possible, for example,
copied in on any new ones that Yermakov and many
that the researcher came of his colleagues commute
across. to work through the arched
"You almost always have all In this file photo taken on Saturday, July 14, 2018, a man walks past the building of the Russian entrance to Komsomolsky
the top-end exploits," Mil- military intelligence service in Moscow, Russia. 20-22, a military base in
ton said, after compliment- Associated Press the heart of Moscow that
ing the researcher about a serves as home to the al-
post to her website, where The researcher and Milton can provide information or It isn't clear whether Yer- leged hackers' Unit 26165.
she often dissected mali- engaged in a handful of have contacts with people makov was working for the Photos shot from inside
cious software. conversations between who have new exploits. I GRU when he first masquer- show it's a well-kept facility,
"So that our contact isn't April 2011 and March 2012. am willing to pay for them." aded as Kate S. Milton. Mil- with a czarist-era facade,
one-sided, I'd offer you my But even their sparse ex- In particular, Milton said ton's Twitter silence — start- manicured lawns, flower
help analyzing malicious changes, along with a few she wanted information on ing in 2011 — and the ref- beds and shady trees in a
viruses, and as I get new digital breadcrumbs left a recently disclosed vulner- erence to a "new project" central courtyard.
samples I'll share," Milton behind by Yermakov and ability codenamed CVE- in 2012 might hint at a new The AP and others have
continued. "What do you his colleagues, offer insight 2012-0002 - a critical Micro- job. In any case, Yerma- tried to trace the men's
think?" into the men behind the soft flaw that could allow kov wasn't working for the digital lives, finding refer-
The researcher — who keyboards at Russia's Main hackers to remotely com- anti-virus firm Kaspersky — ences to some of those
works as a security engi- Intelligence Directorate, or promise some Windows not then and not ever, the indicted by the FBI in aca-
neer and runs the malware- GRU. computers. Milton had company said in a state- demic papers on comput-
sharing site on the side — ___ heard that someone had ment. ing and mathematics , on
always had a pretty good It isn't unusual for messages already cobbled together "We don't know why he al- Russian cybersecurity con-
idea that Milton wasn't like Milton's to come in out a working exploit. legedly presented himself ference attendee lists or
who she said she was. Last of the blue, especially in "I'd like to get it," she said. as an employee," the state- — in the case of Cpt. Niko-
month, she got confirma- the relatively small world The researcher demurred. ment said. lay Kozachek, nicknamed
tion via an FBI indictment. of independent malware The trade in exploits — for Messages sent by the AP to "kazak" — written into the
The indictment , made analysts. use by spies, cops, surveil- Kate S. Milton's Gmail ac- malicious code created
public on July 13, lifted the "There was nothing par- lance companies or crimi- count were not returned. by Fancy Bear, the nick-
lid on the Russian hacking ticularly unusual in her ap- nals — can be a seedy one. The exchanges between name long applied to the
operation that targeted proach," the researcher "I usually steer clear from Milton (Yermakov) and the hacking squad before their
the 2016 U.S. presidential said. "I had very similar inter- any wannabe buyers and researcher could be read identities were allegedly re-
election. It identified "Kate actions with amateur and sellers," she told the AP. in different ways. vealed by the FBI.
S. Milton" as an alias for professional researchers She politely declined - and They might show that the One of Kozachek's other
military intelligence officer from different countries." never heard from Milton GRU was trying to cultivate nicknames also appears on
Ivan Yermakov, one of 12 The pair corresponded for again. people in the information a website that allowed us-
Russian spies accused of a while. Milton shared a ___ security community with an ers to mine tokens for new
breaking into the Demo- piece of malicious code at Milton's Twitter account — eye toward getting the lat- weapons to use in the first-
cratic National Committee one point and sent over a whose profile photo fea- est exploits as soon as possi- person shooter videogame
and publishing its emails hacking-related YouTube tures "Lost" star Evangeline ble, said Cosimo Mortola, a "Counter Strike: Global Of-
in an attempt to influence video at another, but con- Lilly — is long dormant. The threat intelligence analyst fensive" — providing a fla-
the 2016 election. tact fizzled out after a few last few messages carry ur- at the cybersecurity com- vor of the hackers' extra-
The researcher, who gave months. gent, awkwardly worded pany FireEye. curricular interests.
her exchanges with Milton Then, the following year, appeals for exploits or tips It's also possible that Yer- The AP has also uncov-
to The Associated Press on Milton got back in touch. about vulnerabilities. makov might have initially ered several social media
condition of anonymity, "It's been all work, work, "Help me find detailed de- worked as an independent profiles tied to another of
said she wasn't pleased to work," Milton said by way scription CVE-2011-0978," hacker, hustling for spy Yermakov's indicted col-
learn she had been corre- of apology, before quickly one message reads, refer- tools before being hired by leagues — Lt. Aleksey Lu-
sponding with an alleged getting to the point. She ring to a bug in PHP, a cod- Russian military intelligence kashev, allegedly the man
Russian spy. But she wasn't needed new lock picks. ing language often used — a theory that makes behind the successful
particularly surprised either. "I know that you can help," for websites. "Need a work sense to defense and for- phishing of the email ac-
"This area of research is a she wrote. "I'm working on exploit," the message con- eign policy analyst Pavel count belonging to Hillary
magnet for suspicious peo- a new project and I re- tinues, ending with a smiley Felgenhauer. Clinton's campaign chair-
ple," she said. ally need contacts that face. "For cyber, you have to hire man, John Podesta.q
