Russian hackers fabricated evidence of cooperation between the U.S. State Department and independent Russian media and opposition leader Alexei Navalny. The corresponding research was published by the human rights organization Citizen Lab.
According to Republic news outlet, the falsification became possible after hackers got access to the documents of American journalist David Satter, who had worked for Radio Liberty in Moscow since 2013. Before placing Satter's documents in the public domain, the hackers made their edits in them, changing their content. Thus, alleged correspondence regarding the investigation of Prime Minister Dmitry Medvedev and his real estate, as well as documents on critical publications in Russian independent media related to the policy of the Kremlin, appeared in the published files of the American journalist.
According to the findings of the Citizen Lab, the same hackers stood behind the cyber security breaches as they attacked the Bellingcat organization, which investigated the crash of the MH-17 flight in the Donbas.
According to a report by the cyber-security company ThreatConnect, Bellingcat attacked the hacker group Fancy Bear, which is accused of cyber-attacks on the Democratic Party of the United States and is associated with the Main Intelligence Directorate of the Russian Defense Ministry. The connection between Fancy Bear and Russian special services is noted, in particular, in the report of the company CrowdStrike, which works in the field of cybersecurity.
Among the publications that were mentioned in falsified "evidence" of journalists' connection with the State Department were only independent Russian media - RBC, Vedomosti, Dozhd (Rain) and Republic (formerly Slon). These publications published investigations about the family of President Vladimir Putin, the apartment of Deputy Prime Minister Igor Shuvalov (Navalny's blog), the summer residence of Prime Minister Dmitry Medvedev (RBC), the financing of projects related to Putin, news about the “Lake” Cooperative (Rebublic), an investigation into the real estate of the governor of the Tula region (Dozhd), and an article about the alleged business ties of the governor of the Moscow region, Andrei Vorobyov (Vedomosti).
As noted by Republic, the substitution of Satter's files, which were supposed to be evidence of the existence of some high-ranking Russian officials and media work with the State Department, occurred in October 2016. At the same time, Russian state-run publications have published stories stating that the United States is "preparing a color revolution following the example of Ukraine" – with articles published in “Rossiyskaya Gazeta”, REN TV, RIA Novosti, RT and Tsargrad-TV. In this case, the media referred to information published by the hacker group "CyberBerkut".
As noted in these articles, with the American "state order", the information from Russia was flowing to the United States.
Researchers at Citizen Lab found that hackers compromised Satter's files with the help of phishing e-mail messages, which came from [email protected], whose IP address was located in Romania.
Citizen Lab experts say that Satter was not the only victim of cyber attacks – Fancy Bears victims include about 200 people from 39 states and international organizations, including NATO, the UN, Latvia, Montenegro, Ukraine, Armenia, Uzbekistan, and others.