Inside the Hunt for Russia’s Most Notorious Hacker

Michael Sandee: "At some point, a light bulb went off. These are espionage commands."

Inside the Hunt for Russia’s Most Notorious Hacker

A fascinating article about the new world of cybercrime we live in. A mysterious cybercriminal deployed an invincible botnet to steal a fortune from US banks. Then the FBI discovered what else he was after.

Evgeniy Mikhailovich Bogachev, in the online world known as Slavik,  has robbed banks and leaked political secrets. For nearly a decade the authorities have been trying to track him down. The FBI teamed up with Fox-IT. The Dutch researchers got to work tracing old usernames and email addresses associated with Slavik’s ring to piece together an understanding of how the group operated.

Tip

One day, after months of following leads, the investigators at Fox-IT got a tip from a source about an email address they might want to look into. It was one of many similar tips they’d chased down. But this one led to something vital: The team was able to trace the email address to a British server that Slavik used . More investigative work and more court orders eventually led authorities to Russian social media sites where the email address was connected to a real name: Evgeniy Mikhailovich Bogachev. At first it was meaningless to the group. It took weeks’ more effort to realize that the name actually belonged to the phantom known as Slavik.

Intelligence

But that wasn’t the most astounding revelation that the Fox-IT investigators turned up. As they continued their analysis, they noticed that someone had been regularly searching tens of thousands of the botnet’s infected computers in certain countries for things like email addresses belonging to Georgian intelligence officers or leaders of elite Turkish police units, or documents that bore markings designating classified Ukrainian secrets. Whoever it was, was also searching for classified ­material linked to the Syrian conflict and Russian arms dealing.

Bogachev was the only person who knew about this particular feature of the botnet. He appeared to be running a covert operation right under the noses of the world’s most prolific bank robbers. Bogachev, it appeared, was a Russian intelligence asset.

In 2015, the State Department put a $3 million bounty on Bogachev’s head. According to US intelligence sources, the government does not, in fact, suspect that Bogachev took part in the Russian campaign to influence the US election. Rather, the Obama administration included him in the sanctions to put pressure on the Russian government. The hope is that the Russians might be willing to hand over Bogachev as a sign of good faith, since the botnet that made him so useful to them is defunct. Or maybe, with the added attention, someone will decide they want the $3 million reward and tip off the FBI.

Read the whole article here.

Now at Fox-IT

Contact us

+31 (0) 15 284 79 99

fox@fox-it.com

Delft