Send a Tweet
Most Popular Choices
Share on Facebook 15 Share on Twitter Printer Friendly Page More Sharing
OpEdNews Op Eds    H2'ed 7/21/18

Mueller's Indictment Found Ukrainian Intel is Fancy Bear

By       (Page 2 of 4 pages) Become a premium member to see this article and all articles as one long page. (View How Many People Read This)   27 comments
Author 58313
Follow Me on Twitter     Message George Eliason
Become a Fan
  (59 fans)

On Friday July 13th, According to the New York Times story, Robert Mueller indicted 12 Russian military intelligence officers. They are accused of hacking the Democratic National Committee, the Clinton presidential campaign and the Democratic Congressional Campaign Committee. But according to the Times, "the indictment made no reference to previous DNC hacks by a different Russian Intel Agency. That agency was accused of spying, these 12 Russians indicted are accused of trying to influence the election."

The Times, Washington Post, and every other news outlet knows Robert Mueller finally got his man. Even the CyberSec, InfoSec, and other Sec communities are supporting the indictments. In their eyes, Robert Mueller won one for the team.

Over the last few days, I've been involved in Twitter chats with respected CyberSec/InfoSec people that ridiculed my ID of Fancy Bear because it didn't jibe with Robert Mueller. That's not something I'd always call a bad thing but when they changed their tune without realizing it, it made me wonder if they understood the information the way it was being presented.

Marcy Wheeler @emptywheel linked an article at the Intercept "What Mueller's Indictment Reveals About Russian and US Spycraft." She made the point that she had seen this evidence and it was compelling.

What new information was this cyber expert smitten with? According to Mueller's indictment of the 12 Russian Nationals, he has the email address that identified DNC hackers that made up the group of indicted Ruskie phishermen.

According to the Intercept article "For example, the spear-phishing emails that John Podesta, Clinton's campaign chair, and others received included links to the URL shortening service Bitly. The Bitly account that created these links was registered using the email address "dirbinsaabol at ." The attackers used that same email address to create an account on a provider where they leased a server, which they paid for using an "online cryptocurrency service" (based on the wording of some instructions quoted in the indictment, I think the service in question may be BitPay)."

If you know anything about that specific emaildirbinsaabol at and the cryptocurrency service you know exactly how Mueller got that particular email address. The group of hackers the email address belongs to are notorious dirtbags and didn't pay King Servers for server rentals they used for their exploits.

The Russian company King Servers was understandably put-off and called the FBI to teach the little criminals a thing or two about crime on Russian soil. Mueller didn't get this information through his CyberSec community ninja kung fu. The moral is if you choose to do bad things, make sure to pay your bills.

So whose email was it? The email accounts belong to Shaltai Boltai who provided all the false information for the February indictment about the St. Petersburg Troll Farm. If you read the article linked to Mueller's evidence, Shaltai Boltai explicitly state their purpose was to hurt Russia. They made the documents, emails, and other evidence to create the Internet Research Company. Some of what's left on their blog entries are notable and undeniable.

For evidence of the Troll factory existence, they built a trail with faked corporate emails from Russians that don't speak Russian well and are supposed to be lawyers.

All of this information is vital for properly identifying the hackers and influencers based on Mueller's indictment. The owners of that email address are Shaltai Boltai and except for one member are all in jail for treason against Russia. Shaltai Boltai was working against Russia and giving information to the US and Ukraine. That would be the best reason Mueller can't extradite them. The FBI's history of trying to work deals with them would be another good reason for leaving them in Russian jails.

If you read the linked articles, it's clear the evidence so far shows the 12 Russians indicted by Mueller are there out of political expediency. According to the NYT he' s going after election influence and hacking. His indictment lists Fancy Bear specific malware and tools like X-Agent and supposedly the hackers that used them.

Marcy Wheeler gave her complete support of Mueller's attributions on her blog. She wrote nothing contrary to it even when Mueller unabashedly includes Fancy Bear signature tools like X-Agent. This is a bit different from her opinion in January 2017 after the ODNI Report.

"The FBI report is based solely on Crowdstrike's evidence which has become a laughing stock across the cybersecurity industry. Cybersecurity professionals are standing up saying how laughable Dimitri Alperovitch's information is. For there to be any evidence of a hack, the DNI report has to use the FBI report and Crowdstrike's evidence. This includes the tool X-Agent.

X-Agent was a key proof for Crowdstrike. In the NPR interview with Judy Woodruff, Crowdstrike's CTO, Dimitri Alperovitch, says the use of X-agent shows guilt as clearly as DNA results. This proof, according to him, is unique to a single hacker group. Crowdstrike labeled this hacker group "Fancy Bear." Just as important is the timeline it was used in.

According to Marcy Wheeler, Crowdstrike's story of a Russian hacker falls apart on this point. Part of the problem is that Alperovitch stated his final undeniable and overwhelming proof was that it was used to target Ukrainian artillerymen throughout 2014. She argues given that timeline for the GRU, X-Agent had to be in development at least 6 months BEFORE Victor Yanukovych was ousted in a coup. Ukraine and Russia were on friendly terms.

Next Page  1  |  2  |  3  |  4


Must Read 6   Supported 5   News 3  
Rate It | View Ratings

George Eliason Social Media Pages: Facebook page url on login Profile not filled in       Twitter page url on login Profile not filled in       Linkedin page url on login Profile not filled in       Instagram page url on login Profile not filled in

George Eliason is an American journalist that lives and works in Donbass. He has been interviewed by and provided analysis for RT, the BBC, and Press-TV. His articles have been published in the Security Assistance Monitor, Washingtons Blog, (more...)

Go To Commenting
The views expressed herein are the sole responsibility of the author and do not necessarily reflect those of this website or its editors.
Writers Guidelines
Contact AuthorContact Author Contact EditorContact Editor Author PageView Authors' Articles
Support OpEdNews

OpEdNews depends upon can't survive without your help.

If you value this article and the work of OpEdNews, please either Donate or Purchase a premium membership.

If you've enjoyed this, sign up for our daily or weekly newsletter to get lots of great progressive content.
Daily Weekly     OpEdNews Newsletter
   (Opens new browser window)

Most Popular Articles by this Author:     (View All Most Popular Articles by this Author)

The Nazis Even Hitler Was Afraid of

Ukraine: Notes from the Southeast

Odessa-- the First Pogrom-- The Obama Genocide

Ukraine- Kiev's Genocide: What's Happening in Slovyansk

Ukraine -- Kievs War | The Heroes of Novo Russia

Zaporozhye Nuclear Problem may be even Scarier

To View Comments or Join the Conversation: