The Associated Press reveals Russian hackers masquerading as Islamic State militants sent threatening online messages to a handful of military wives in 2015.
[Army wife Angela] Ricketts was one of five military wives who received death threats from the self-styled CyberCaliphate on the morning of Feb. 10, 2015. The warnings led to days of anguished media coverage of Islamic State militants’ online reach.
Except it wasn’t IS.
The Associated Press has found evidence that the women were targeted not by jihadists but by the same Russian hacking group that intervened in the American election and exposed the emails of Hillary Clinton’s presidential campaign chairman, John Podesta.
The message read as follows:
“Dear Angela!” it said. “Bloody Valentine’s Day!”
“We know everything about you, your husband and your children,” the Facebook message continued, claiming that the hackers operating under the flag of Islamic State militants had penetrated her computer and her phone. “We’re much closer than you can even imagine.”
(...)
Links between CyberCaliphate and the Russian hackers — typically nicknamed Fancy Bear or APT28 — have been documented previously. On both sides of the Atlantic, the consensus is that the two groups are closely related.
But that consensus never filtered through to the women involved, many of whom were convinced they had been targeted by Islamic State sympathizers right up until the AP contacted them.
“Never in a million years did I think that it was the Russians,” said Ricketts, an author and advocate for veterans and military families. She called the revelation “mind blowing.”
(...)
... [N]early identical messages reached Lori Volkman, a deputy prosecutor based in Oregon who had won fame as a blogger after her husband deployed to the Middle East; Ashley Broadway-Mack, based in the Washington, D.C., area and head of an association for gay and lesbian military family members; and Amy Bushatz, an Alaska-based journalist who covers spouse and family issues for Military.com.
Liz Snell, the wife of a U.S. Marine, was at her husband’s retirement ceremony in California when her phone rang. The Twitter account of her charity, Military Spouses of Strength, had been hacked. It was broadcasting public threats not only to herself and the other spouses, but also to their families and then-first lady Michelle Obama.
(...)
The women determined they had all received the same threats.
(...)
Proof that the military wives were targeted by Russian hackers is laid out in a digital hit list provided to the AP by the cybersecurity company Secureworks last year. The AP has previously used the list of 4,700 Gmail addresses to outline the group’s espionage campaign against journalists , defense contractors and U.S. officials . More recent AP research has found that Fancy Bear, which Secureworks dubs “Iron Twilight,” was actively trying to break into the military wives’ mailboxes around the time that CyberCaliphate struck.
Just a couple months later, Russian hackers - again disguised as Islamic State militants - took down an entire French network.
A few weeks after the spouses were threatened, on April 9, 2015, the signal of French broadcaster TV5 Monde went dead.
The station’s network of routers and switches had been knocked out and its internal messaging system disabled. Pasted across the station’s website and Facebook page was the keffiyeh-clad logo of CyberCaliphate.
The cyberattack shocked France ...
However, Guillaume Poupard, the chief of France’s cybersecurity agency, warned officials not to jump to conclusions – that the hackers may not be IS after all.
Government experts poring over the station’s stricken servers eventually vindicated Poupard’s caution, finding evidence they said pointed not to the Middle East but to Moscow.
Speaking to the AP last year, Poupard said the attack “resembles a lot what we call collectively APT28.”
(...)
The AP has found no link between CyberCaliphate and the St. Petersburg trolls, but their aims appeared to be the same: keep tension at a boil and radical Islam in the headlines.
By that measure, CyberCaliphate’s targeting of media outlets like TV5 Monde and the military spouses succeeded handily.
Ricketts, the author, said that by planting threats with some of the most vocal members of the military community, CyberCaliphate guaranteed maximum press coverage.
“Not only did we play right into their hands by freaking out, but the media played right into it,” she said. “We reacted in a way that was probably exactly what they were hoping for.”