News →

Russians Hacked Ukrainian Firm At The Center Of Impeachment

California cybersecurity firm Area 1 says Russian hackers targeted the Ukrainian gas company at the center of President Trump's impeachment. NPR's Noel King talks to Area 1 co-founder Oren Falkowitz.

Copyright 2020 NPR. To see more, visit https://www.npr.org.

Transcript:

NOEL KING, HOST:

Russian military hackers targeted the company at the center of President Trump's impeachment, Burisma. Burisma, you will remember, is a Ukrainian conglomerate. Hunter Biden served on its board. President Trump later pushed Ukraine to investigate Hunter Biden and his father, Joe Biden.

Now a California-based security firm called Area 1 says, this fall, Russian hackers succeeded in getting into Burisma's email system. Oren Falkowitz is the co-founder of Area 1. He worked for the National Security Agency from 2006 to 2013, and he's on the line now. Good morning, sir.

OREN FALKOWITZ: Good morning.

KING: What did you find evidence of exactly?

FALKOWITZ: We found that since early November, cyber actors working for the Russian government have been sending phishing attacks to employees at the subsidiaries of Burisma holdings.

KING: These hackers are not unknown to the United States government or to most Americans at this point. They are the GRU, and they were responsible for hacks on the Clinton campaign and the Democratic National Committee, right?

FALKOWITZ: Yes, that's correct.

KING: What were the Russian hackers looking for when they broke into the email accounts of Burisma employees?

FALKOWITZ: It's unknown what the Russians were looking for, but we do know they were successful in conducting their phishing attacks.

KING: OK. How come we don't know what they were looking for?

FALKOWITZ: Well, it's hard to understand what the goal of a cyber actor is. So take, for instance, once you have the usernames and passwords to someone's email account, as you saw in the 2016 election, you could just only observe the data - and that could be helpful for intelligence purposes - or you could take that data and release it publicly for it to become embarrassing. You could also take that data to create more sophisticated phishing campaigns and increase the level of authenticity. So it's yet to be determined.

KING: OK. And how did this catch the attention of your firm? How did you figure it out, basically?

FALKOWITZ: Well, one of our researchers was working on New Year's Eve and he noticed that a new Russian campaign had started. And it wasn't till a few days later that we were able to kind of take a step back and notice that all the targets were Ukrainian oil and gas companies, and they were all subsidiaries of Burisma.

KING: Oh, that's interesting. OK. Russian officials, we should note, haven't commented. Can you say with 100% certainty that these were Russian hackers?

FALKOWITZ: Yes.

KING: OK. Why can you say that? How do you know?

FALKOWITZ: Well, our team are experts. We've been, for years, tracking and learning about how this specific Russian government group conducts its cyber operations. And there are patterns within the campaign that match other cyberattacks that we've been observing that are ongoing as well.

KING: OK. So you've seen them do it before and this matches the pattern.

FALKOWITZ: That's correct.

KING: I wonder - companies we know, at this point, are repelling phishing attacks all of the time. We get warnings about it here at NPR. Burisma is a major player in the energy sector. Could this just be a random attempt to attack a very obvious target?

FALKOWITZ: Well, you know, Noel, 9 in 10 times when there are damages in cybersecurity, it's as the result of phishing. And so there's still a lot more to do to make sure that companies and organizations around the world are protected from these types of attacks. You know, for the past four years, we've been worrying about what might happen and there've been a lot of warnings about cybersecurity in elections. And I think we've provided an early warning and insights with a very specific use case.

KING: In light of your expertise, I wonder, can you give the 2020 presidential campaigns some specific advice on what to do to guard against this type of intrusion?

FALKOWITZ: Make sure you can't be phished.

KING: Make sure you can't be phished. It's as simple as that, huh?

FALKOWITZ: That's correct.

KING: Oren Falkowitz of the security firm Area 1, thank you so much.

FALKOWITZ: Thank you.

KING: And I should note that last night, NPR asked for comment from Burisma Holdings, and we are waiting on them for a response. Transcript provided by NPR, Copyright NPR.