Security Market Segment LS
Sunday, 12 July 2020 06:58

Russian firm's report forces US to drop secrecy over hacker's indictment Featured

Russian firm's report forces US to drop secrecy over hacker's indictment Image by Arek Socha from Pixabay

Singapore-based Russian security firm Group-IB has placed itself squarely in the crosshairs of the US Government by revealing exhaustive details about an alleged criminal and thus forcing American law enforcement to drop its objection to making details of a sealed indictment against the man public.

The fact that the secrecy over the indictment was being abandoned was stated in a court document on 7 July.

"The United States of America, by and through undersigned counsel, respectfully requests that the court issue an order directing the Clerk of the Court to unseal the docket and pleadings in the above-captioned matter," it said.

Group-IB named the man, known by his handle FXMSP, as Andrey Turchin of Kazakhstan, an individual against whom the US had issued an sealed indictment on 12 December 2018, charging him with various counts of "Computer Fraud and Abuse, Wire Fraud, Conspiracy to commit those offences, and Access Device Fraud, relating to his involvement in a sophisticated computer hacking scheme targeting victims in the United States and elsewhere", according to a court document.

Details about Turchin were contained in a Group-IB report titled FXMSP: The Invisible God of Networks, which was published on the company's website in June. But despite offering the report for download after registration, by apparently sending download details to the email address of the registrant, the company has not sent any communication to iTWire even though I registered for the download on Saturday.

The court document said: "In June 2020, a foreign-based private cyber security firm published a comprehensive report: 'FXMSP: The Invisible God of Networks'. In addition to tracking FXMSP’s evolution and his group’s exploits and list of victims, this report publicly identified FXMSP as Andrey Turchin, of Kazakhstan, and provided a detailed explanation of the researchers’ attribution determination.

"Since its publication, various news outlets in the United States and abroad, citing the report, have published articles about FXMSP and his identification as Turchin."

It added: "Turchin remains a fugitive, and the United States continues to work with foreign authorities and to pursue his apprehension to face charges in the United States. Given the unique circumstances of this matter, which include, among other things, Turchin’s knowledge of the criminal charges in the United States and his public identification as the prolific hacker FXMSP, the government concludes that competing interests to the contrary outweigh its interest in maintaining this matter under seal."

Cyber crime intelligence provider Intel471, which co-operates with the FBI, commented: "The FXMSP case serves as a lesson learned for vendors. A detailed report published by a security vendor has seemingly forced LE (law enforcement) to unseal a criminal indictment, publicise a case and likely introduced new challenges for their investigation."

Another Russian firm, Kaspersky, fell foul of the US Government due to its frequent reports identifying attacks by the NSA and other Western spy units and, in at least one case, forcing an American agency to withdraw a tool from public use after it was named in a Kaspersky report.

In 2014, Kaspersky's researchers exposed an attack by Britain's GCHQ on a Belgian telecommunications provider. The following year, Kaspersky revealed the doings of an entity it called the Equation Group; this group has been, for years, known to be an arm of the NSA.

Kaspersky also detailed how the Stuxnet operation was carried out to cripple Iran's nuclear program. Stuxnet was discovered by Sergey Ulasen in 2010; he joined Kaspersky Lab a year later. The virus was infiltrated into Iran's nuclear labs through an USB drive as the lab was not connected to any external network.

In 2014, Israeli Government hackers breached the Kaspersky network; after the company found out in 2015, it wrote a detailed analysis of the incident.

While Kaspersky did what was legitimate as these attacks were being carried out by publicly available malware that could also affect ordinary people using Windows computers, the Americans were unhappy about it and launched a campaign that finally ended Kasperksy's contracts with the public sector.

As iTWire reported, FXMSP has been operating since 2017 in a number of well-known Russian- and English-speaking underground communities, and had been known to breach networks using externally available remote desktop protocol servers and exposed active directory servers.

Subscribe to Newsletter here

WEBINAR 12 AUGUST - Why is Cyber Security PR different?

This webinar is an introduction for cyber security companies and communication professionals on the nuances of cyber security public relations in the Asia Pacific.

Join Code Red Security PR Network for a virtual conversation with leading cyber security and ICT journalists, Victor Ng and Stuart Corner, on PR best practices and key success factors for effective communication in the Asian Pacific cyber security market.

You will also hear a success story testimonial from Claroty and what Code Red Security PR has achieved for the brand.

Please register here by 11 August 2020 and a confirmation email, along with instructions on how to join the webinar will be sent to you after registration.

Aug 12, 2020 01:00 PM in Canberra, Melbourne, Sydney. We look forward to seeing you there!



It's all about Webinars.

These days our customers Advertising & Marketing campaigns are mainly focussed on Webinars.

If you wish to promote a Webinar we recommend at least a 2 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site and prominent Newsletter promotion and Promotional News & Editorial.

For covid-19 assistance we have extended terms, a Webinar Business Booster Pack and other supportive programs.

We look forward to discussing your campaign goals with you. Please click the button below.


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.





Guest Opinion

Guest Interviews

Guest Reviews

Guest Research & Case Studies

Channel News