Utility Was Targeted by Russian Hackers, Feds Say

The FBI and the U.S. Attorney’s Office in western Pennsylvania announced Russian military operatives were behind an attack on Westinghouse Electric Corp. four years ago.

by Wes Venteicher, The Tribune-Review / October 5, 2018

(TNS) — Russian military hackers targeted employees of Cranberry, Pa.’s Westinghouse Electric Corp. four years ago as part of an expansive influence and disinformation campaign serving their country’s government, U.S. law enforcement agencies announced Thursday.

The FBI’s Pittsburgh office and the U.S. Attorney’s Office in Western Pennsylvania led an investigation into allegations that the Russian hackers stole information from Westinghouse – which supplies nuclear fuel to Ukraine – and from international chemical weapons organizations and anti-doping agencies that were investigating Russian athletes.

The hackers, working for a Russian military intelligence agency known as GRU, obtained computer login information for employees of Westinghouse and the other agencies through so-called “spearfishing” campaigns and other techniques, according to court documents. They stole information, in some cases publicizing what they found to “engage in influence and disinformation operations to advance the interests of the Russian government,” according to the documents.

“This is not spy versus spy,” U.S. Attorney for the Western District of Pennsylvania Scott Brady said during a news conference in Washington announcing the indictment of seven Russian military spies on charges including conspiracy to commit computer fraud and abuse, wire fraud and money laundering.

“This is a criminal conspiracy, which caused real harm to real victims. When the GRU target American corporations to steal trade secrets and technology, it costs American companies billions of dollars in investment and there is a real cost to American workers,” Brady said, adding employees could lose work if companies’ production and sales suffer.

Russian hackers targeted Westinghouse starting in 2014, setting up a fake domain and website, https://webmail.westinqhousenuclear.com, and then sending emails to employees’ corporate accounts directing them to go to the site and enter their login information, according to the court documents.

In a separate attack in early 2015, two employees involved in new and advanced nuclear reactor development clicked on links in spearfishing emails that would have enabled theft of their logins, according to the documents.

Westinghouse didn’t respond to a request for comment Thursday afternoon.

The alleged activities were part of a broad campaign that ran from December 2014 until at least May 2018 and targeted American citizens, U.S. corporations and international organizations based on their strategic interest to the Russian government, officials said.

Moscow denied the allegations Thursday.

Since the U.S. has no extradition agreement with Russia, the indicted men would have to be arrested in a country that has an extradition agreement with the U.S. in order to be tried here.

“We want to bring them to Pittsburgh and we want them to stand trial, and we want to put them in jail,” Brady said in the news conference. “These defendants must be held accountable for their crimes.”

When asked at the news conference why the investigation was based in Pittsburgh, Brady said, “the reason they come to Pittsburgh is because we have the best prosecutors and agents in the Department of Justice.”

The FBI and U.S. Attorney’s Office conducted the sweeping investigation into the hackers’ activities along with the Royal Canadian Mounted Police, Switzerland’s Office of the Attorney General and intelligence agencies in the Netherlands and United Kingdom.

Brady is scheduled to hold a related news conference Friday afternoon in Pittsburgh, along with FBI Special Agent in Charge Robert Jones and Mark Flynn, the cyber director general for the Royal Canadian Mounted Police.

©2018 The Tribune-Review (Greensburg, Pa.) Distributed by Tribune Content Agency, LLC.

Platforms & Programs