December 5, 2021

News

News Network

Remarks By Assistant Attorney General For National Security John C. Demers On Announcement of Charges Against Russian Military Intelligence Officers

7 min read
<div>Good afternoon.  Today, we announce criminal charges against a conspiracy of Russian military intelligence officers who stand accused of conducting the most disruptive and destructive series of computer attacks ever attributed to a single group.</div>

As Prepared For Delivery

Good afternoon.  Today, we announce criminal charges against a conspiracy of Russian military intelligence officers who stand accused of conducting the most disruptive and destructive series of computer attacks ever attributed to a single group.

I am joined in this announcement by FBI Deputy Director David Bowdich, U.S. Attorney for the Western District of Pennsylvania Scott W. Brady, and Special Agent in Charge of the FBI’s Pittsburgh Field Office Michael A. Christman. 

In the past three months alone, the Department has charged computer intrusions or taken legal action related to the activities of China, Iran and North Korea.  Each of these cases charged significant malicious conduct that we have called out, in part, to reinforce norms of responsible nation state behavior in cyberspace.  But as this case shows, no country has weaponized its cyber capabilities as maliciously and irresponsibly as Russia, wantonly causing unprecedented collateral damage to pursue small tactical advantages and to satisfy fits of spite. 

The defendants in this case were all members of Military Unit 74455 of the Russian Main Intelligence Directorate, an intelligence agency known as the GRU. The Department previously charged members of this same unit, also known to cybersecurity researchers as “Sandworm Team,” for their role in Russia’s efforts to interfere in the 2016 U.S. elections.  We make no election interference allegations here.  Rather, today’s charges illustrate  how Unit 74455’s election activities were but one part of the work of a persistent, sophisticated hacking group busy sabotaging perceived enemies or detractors of the Russian Federation, regardless of the consequences to innocent bystanders or their destabilizing effect.

Six current and former officers in Unit 74455 are accused of the following disruptive and destructive attacks alleged in the indictment:

In December of 2015 and 2016, the conspirators launched destructive malware attacks against the electric power grid in Ukraine.  These were the first reported destructive malware attacks against the control systems of civilian critical infrastructure. These attacks turned out the lights and turned off the heat in the middle of the Eastern European winter, as the lives of hundreds of thousands of Ukrainian men, women and children went dark and cold. 

From there, the conspirators’ destructive path, still putatively aimed at Ukraine, widened to encompass virtually the whole world.  In what is commonly referred to as the most destructive and costly cyber attack ever, the conspirators unleashed the “NotPetya” malware. Although it masqueraded as ransomware, designed to extort money, this was a false flag: the co-conspirators designed the malware to spread with devastating and indiscriminate alacrity – bringing down entire networks in seconds and searching for remote computer connections through which to attack additional innocent victims, all without hope of recovery or repair.  The entirely foreseeable result was that the worm quickly spread globally, shutting down companies and inflicting immense financial harm.  This irresponsible conduct impaired the ability of companies in critical sectors, such as transportation and health, to provide services to the public–not only in Ukraine, but as far away as Western Pennsylvania.  As alleged, for just three U.S.-related victims—three of at least hundreds of victims—monetary losses reached nearly one billion dollars.

Rather than express remorse for the damage they inflicted against victims worldwide, the conspirators callously celebrated their success.

Next, the conspirators turned their sights on the Winter Olympics, a forum where the international community, despite recurring conflict, comes together to celebrate the common pursuit of physical excellence and mental toughness.  The conspirators, feeling the embarrassment of international penalties related to Russia’s state-sponsored doping program, i.e., cheating, took it upon themselves to undermine the games.  Their cyber attack combined the emotional maturity of a petulant child with the resources of a nation state.  They conducted spearphishing campaigns against South Korea, the host of the 2018 PyeongChang Winter Olympic Games, as well as the International Olympic Committee, Olympic partners, and athletes.  Then, during the opening ceremony, they launched the “Olympic Destroyer” malware attack, which deleted data from thousands of computers supporting the Games, rendering them inoperable.  Although the conspirators took steps to pin the Olympic Destroyer attack on North Korea, this second false-flag attempt also failed.  Cybersecurity researchers ultimately attributed the attack to Sandworm Team, as we do today. 

These destructive and disruptive malware attacks, and related preparations, were not the conspirators’ only malicious conduct alleged in the indictment.  The conspirators also supported a hack-and-leak operation in the days leading up to the 2017 French elections.  And the conspirators continued their disruptive attacks as recently as October 2019, targeting government and non-government websites in the country of Georgia. 

Today’s allegations, in their entirety, provide a useful lens for evaluating Russia’s offer two weeks ago of a cyber “reset” between Russia and the United States.  Russia is certainly right that technologically sophisticated nations that aspire to lead have a special responsibility to secure the world order and contribute to widely accepted norms, peace and stability.  That’s what we’re doing here today.  But this indictment lays bare Russia’s use of its cyber capabilities to destabilize and interfere with the domestic political and economic systems of other countries, thus providing a cold reminder of why its proposal is nothing more than dishonest rhetoric and cynical and cheap propaganda.

Before I wrap up my remarks, I’d like to thank the team of prosecutors and FBI agents whose diligence and perseverance has led to these charges and the kind of evidence that would allow us to hold these defendants accountable in a court of law.

I’d also like to express the Department’s appreciation for assistance from the private sector, such as Cisco’s Talos Intelligence Group, Facebook, Google, and Twitter in investigating and disrupting the Unit 74455 cyber threat.  We also appreciate the hard work and dedication of our foreign law enforcement or intelligence partners, including in Ukraine, Georgia, South Korea, the United Kingdom and New Zealand, who have also pursued these conspirators after attacks and intrusions within their own countries or otherwise assisted in our investigation. All of these partnerships send a clear message that responsible nations and the private sector are prepared to work together to defend against and disrupt significant cyber threats.

Now, I will turn the podium over to U.S. Attorney Scott W. Brady, who will discuss the allegations in the indictment in greater detail.

News Network

  • Federal Court Orders California Company and Owner to Stop Distribution of Unapproved, Misbranded and Adulterated ‘Poly-MVA’ Products
    In Crime News
    A federal court ordered a California company and its owner to stop distributing unapproved and misbranded drugs and adulterated animal drugs.
    [Read More…]
  • Secretary Antony J. Blinken and Indian External Affairs Minister Dr. Subrahmanyam Jaishankar at a Joint Press Availability
    In Crime Control and Security News
    Antony J. Blinken, [Read More…]
  • Secretary Antony J. Blinken Remarks at a Roundtable with Democracy Activists and Civil Society
    In Crime Control and Security News
    Antony J. Blinken, [Read More…]
  • VA Vet Centers: Evaluations Needed of Expectations for Counselor Productivity and Centers’ Staffing
    In U.S GAO News
    The Veterans Health Administration's (VHA) Readjustment Counseling Service (RCS) provides counseling through 300 Vet Centers, which can be found in community settings and are separate from other VHA facilities. RCS has set expectations for counselor productivity at Vet Centers. For example, one expectation is for counselors to achieve an average of 1.5 visits for each hour they provide direct services. However, RCS officials told GAO that they have not conducted, and do not have plans to conduct, an evaluation of the expectations. VA Vet Center Productivity Expectations for Counselors Although most counselors met the productivity expectations in fiscal year 2019, counselors GAO spoke with said the expectations led them to change work practices in ways that could negatively affect client care. For example, counselors at one Vet Center told GAO that, to meet productivity expectations, they spend less time with each client to fit more clients into their schedules. Without an evaluation of its productivity expectations, RCS lacks reasonable assurance that it is identifying any unintended or potentially negative effects of the expectations on counselor practices and client care. RCS officials told GAO that by the start of fiscal year 2021 they plan to implement a staffing model to identify criteria for determining staffing needs at Vet Centers. The model incorporates data on counselors' productivity (work hours and number of visits), and total clients to determine criteria for adding or removing a counselor position from a Vet Center. However, the model does not fully address key practices in staffing model design GAO identified in previous work. For example, the model does not include the input of Vet Center counselors, or client data associated with directors, who also provide counseling. As a result, RCS is at risk of making decisions about Vet Center staffing that may not be responsive to changing client needs. Shortages of mental health staff within VHA coupled with the increasing veteran demand for mental health services highlight the critical importance of ensuring appropriate Vet Center staffing. VHA's RCS provided counseling (individual, group, marriage, and family) and outreach services through Vet Centers to more than 300,000 veterans and their families in fiscal year 2019. In 2017, RCS implemented changes to expectations that it uses to assess Vet Center counselor productivity, setting expectations for counselors' percentage of time with clients and number of client visits. GAO was asked to review Vet Center productivity expectations for counselors and staffing. Among other issues, this report examines the extent to which VHA (1) evaluates its productivity expectations; and (2) assesses Vet Centers' staffing needs. To do this work, GAO reviewed RCS documentation regarding counselors' productivity expectations and analyzed RCS data on counselor productivity expectations and staffing, for fiscal year 2019. GAO interviewed RCS leadership, including district directors, and directors and counselors from 12 Vet Centers, selected for variation in geographic location and total number of clients, among other factors. GAO is making four recommendations, including that VHA (1) evaluate Vet Center productivity expectations for counselors; and (2) develop and implement a staffing model that incorporates key practices. The Department of Veterans Affairs concurred with GAO's recommendations and identified actions VHA is taking to implement them. For more information, contact Debra A. Draper at (202) 512-7114 or draperd@gao.gov.
    [Read More…]
  • Disaster Recovery: COVID-19 Pandemic Intensifies Disaster Recovery Challenges for K-12 Schools
    In U.S GAO News
    Local education officials in natural disaster-affected areas told us the Coronavirus Disease 2019 (COVID-19) pandemic has exacerbated mental health issues and contributed to lost instructional time, staff burnout, delays in recovery projects, and financial strain in their communities. These officials explained that after the natural disaster, restoring students' mental health was a top priority. Many local education officials said that the services needed to treat trauma and other disaster-related mental health issues were not readily available in their areas, and some noted that providing mental health services has been especially difficult during the pandemic. For example, one official said that because half of her students live in poverty, they usually access mental health services through the school, and were cut off from those services during the pandemic. Some local education officials said they were also particularly worried about the effects of the pandemic on their low-income and other at-risk students, noting that these students are especially vulnerable to learning loss. The COVID-19 pandemic has also affected districts by slowing progress on some disaster recovery projects. For example, an official in a district affected by wildfire said that an effort to restore running water to damaged school buildings was delayed due the pandemic. The U.S. Department of Education (Education) supported school recovery efforts by awarding nearly $1.4 billion to assist schools in over 30 states and U.S. territories with recovery from presidentially-declared major disasters occurring between 2017 and 2019, although some local education officials reported difficulty in using these grant funds during the pandemic. Education provided this funding through the Immediate Aid to Restart School Operations (Restart) and the Project School Emergency Response to Violence grant programs, among others. Local education officials from several districts and counties said that they are using or planning to use Education disaster grants to provide mental health services to students and cover other costs associated with re-opening, such as additional transportation services, but that during the pandemic this was sometimes challenging. For example, officials in two counties said that timeframes for using Restart funds, which expire after 2 years, were too short for long-term recovery needs such as mental health services, particularly with the compounding effects of the pandemic. Education officials said that grantees may request waivers to extend the end dates of these grants and that as of October 2020, no Restart grantees who experienced a 2018 disaster had done so. With regard to oversight, Education officials said they paused on-site monitoring efforts for recent disaster grants as a result of the pandemic, but have continued to hold quarterly phone calls with Restart grantees. These grantees have noted some challenges related to the grant program but have not discussed specific technical assistance needs, according to Education officials. More than 260 presidentially-declared major disasters have occurred since 2017, affecting every state and several U.S. territories, according to the Federal Emergency Management Agency (FEMA). Many of these natural disasters have had devastating effects, including rendering K-12 school facilities unusable for lengthy periods of time. These schools are now experiencing the compounding challenge of recovering from natural disasters while managing effects of the COVID-19 pandemic. Social distancing practices and building closures are meant to keep staff and students safe, but may also complicate recovery efforts for disaster-affected districts. The Additional Supplemental Appropriations for Disaster Relief Act of 2019 provided funds for GAO to audit issues related to presidentially-declared major disasters that occurred in 2018. We reviewed (1) how the COVID-19 pandemic has affected schools recovering from recent natural disasters; and (2) support Education has provided to help school recover from recent natural disasters and how the COVID-19 pandemic has affected schools' use of these resources. We interviewed 29 local education officials representing over 50 school districts in California, Commonwealth of the Northern Mariana Islands, Florida, and Hawaii, which were selected because they were affected by a diverse set of major natural disasters in 2018 that occurred in a mix of populated and less-populated areas. In addition, through a national school superintendents association, we convened a discussion group of superintendents who have experienced natural disasters and mentor other affected districts. Finally, we reviewed federal guidance and interviewed Education officials. For more information, contact Jacqueline M. Nowicki at (617) 788-0580 or nowickij@gao.gov.
    [Read More…]
  • The Sentencing of Belarusian Opposition Figures Maria Kalesnikava and Maksim Znak
    In Crime Control and Security News
    Antony J. Blinken, [Read More…]
  • Secretary Antony J. Blinken, Secretary of Commerce Gina Raimondo, Ambassador Katherine Tai, U.S. Trade Representative, Valdis Dombrovskis, Executive Vice President for An Economy that Works for People And Margrethe Vestager, Executive Vice President for A Europe Fit for the Digital Age After the U.S.-EU Trade and Technology Council Ministerial
    In Crime Control and Security News
    Antony J. Blinken, [Read More…]
  • Justice Department Settles with Maine School District to Protect Educational Rights of Students with Disabilities and English Learners
    In Crime News
    Today the Justice Department announced a settlement agreement with the Lewiston Public Schools to end the district’s systemic and discriminatory practice of excluding students from full-day school because of behavior related to their disabilities. The settlement also will require the district to provide equal educational opportunities to its English learner students.  The department conducted its investigation under Title II of the Americans with Disabilities Act (ADA) and the Equal Educational Opportunities Act of 1974 (EEOA) after receiving a complaint from Disability Rights Maine.
    [Read More…]
  • Detroit Tax Preparer Indicted for Preparing False Tax Returns
    In Crime News
    A federal grand jury in Detroit, Michigan, charged a Detroit tax preparer on Oct. 7 with 15 counts of aiding and assisting in the preparation of false tax returns.
    [Read More…]
  • List Broker Pleads Guilty to Facilitating Elder Fraud Schemes
    In Crime News
    A New York man pleaded guilty today to supplying lists of consumers’ names and addresses for use in schemes that targeted vulnerable victims.
    [Read More…]
  • Return to Election Negotiations
    In Crime Control and Security News
    Ned Price, Department [Read More…]
  • Federal Court Orders Miami-Area Tax Preparer to Pay Contempt Sanction for Violating Permanent Injunction
    In Crime News
    A federal court in the Southern District of Florida has ordered a Miami-area tax preparer to pay a $403,969.70 contempt sanction for violating a permanent injunction that barred her from preparing, filing or assisting in the preparation or filing of federal tax returns for others.
    [Read More…]
  •  On the International Day of Persons with Disabilities
    In Crime Control and Security News
    Antony J. Blinken, [Read More…]
  • Department Press Briefing – October 22, 2021
    In Crime Control and Security News
    Ned Price, Department [Read More…]
  • Bangladesh Travel Advisory
    In Travel
    Reconsider travel to [Read More…]
  • Ukrainian Arrested and Charged with Ransomware Attack on Kaseya
    In Crime News
    Today, the Justice Department announced recent actions taken against two foreign nationals charged with deploying Sodinokibi/REvil ransomware to attack businesses and government entities in the United States.
    [Read More…]
  • Defense Critical Infrastructure: Actions Needed to Improve the Consistency, Reliability, and Usefulness of DOD’s Tier 1 Task Critical Asset List
    In U.S GAO News
    The Department of Defense (DOD) relies on a global network of defense critical infrastructure so essential that the incapacitation, exploitation, or destruction of an asset within this network could severely affect DOD's ability to deploy, support, and sustain its forces and operations worldwide and to implement its core missions, including current missions in Iraq and Afghanistan. Because of its importance to DOD operations, this defense critical infrastructure could be vulnerable to attacks by adversaries, and vulnerable to natural disasters and hazards, such as hurricanes and earthquakes. Since September 2003, the Office of the Assistant Secretary of Defense for Homeland Defense and Americas' Security Affairs (ASD[HD&ASA]) has been responsible for developing and ensuring implementation of critical infrastructure protection policy and program guidance. To identify and help assure the availability of this mission-critical infrastructure, in August 2005 DOD established the Defense Critical Infrastructure Program (DCIP), assigning overall responsibility for the program to ASD(HD&ASA). In April 2008, DOD issued an instruction that further assigned responsibilities and prescribed procedures for the implementation of DCIP, among other things. In October 2008, DOD formalized the process for identifying and prioritizing its critical infrastructure. Since 2006, ASD(HD&ASA) has collaborated with the Joint Staff to compile a list of all DOD- and non-DOD-owned infrastructure essential to accomplish DOD's missions. To support this effort, the combatant commands and military services are to identify and place their critical assets into prioritized tiers, including Tier 1 Task Critical Assets, which are assets of such extraordinary importance that their incapacitation or destruction would have a serious, debilitating effect on the ability of one or more military services, combatant commands, or DCIP Defense Infrastructure Sector Lead Agents to execute the mission essential tasks they support. Defense Critical Assets, on the other hand, are the assets most critical for fulfilling overall DOD missions and are identified from the universe of Task Critical Assets. The Joint Staff worked with the combatant commands, military services, and Defense Infrastructure Sector Lead Agents to develop the current departmentwide list of Tier 1 Task Critical Assets. In October 2008, ASD(HD&ASA) formally accepted the Joint Staff's Defense Critical Asset nomination list as an initial list of Defense Critical Assets. In its May 2008 report on H.R. 5658, the House Committee on Armed Services addressed DOD's lack of progress in analyzing the risks of electrical power outages to critical DOD missions through DCIP and, among other things, directed that GAO continue its review of DCIP. As a result, we initiated our on-going review of the assurance of electrical power supplies to DOD's critical assets.While DOD has made some progress in developing a Tier 1 Task Critical Asset list, this progress was limited by DOD's lack of consistent criteria for identifying and prioritizing Tier 1 Task Critical Assets. When selecting and submitting their most recent lists of Tier 1 Task Critical Asset submissions to the Joint Staff, the combatant commands and the military services used disparate sets of guidance, including draft and nonbinding guidance, as their criteria. Air Force officials, however, told us they developed formal critical asset identification guidance based on DOD's draft critical asset identification manual. According to military service and combatant command officials, DOD's draft and nonbinding guidance contained unclear definitions of asset tiers, Task Critical Assets, and other key terms, such as "mission essential tasks." DOD has taken some actions toward promoting coordination among the combatant commands, military services, and Joint Staff in compiling DOD's Tier 1 Task Critical Asset list. For example, in August 2005, DOD issued DOD Directive 3020.40, which calls for coordination among the Joint Staff, combatant commands, military services, and other defense agencies for the purpose of identifying and assessing critical assets needed to implement DOD missions. However, DOD has not yet developed formal coordination responsibilities and an effective coordination mechanism within DCIP, including a forum for coordination between the military services and combatant commands when identifying critical assets. Combatant command and military service officials told us that, in considering which assets to submit to DOD's Tier 1 Task Critical Asset list, they coordinate only minimally with each other when determining which assets are critical to combatant command missions. Based on our analysis of the October 2008 manual and discussions with DCIP officials, we found that the Joint Staff, combatant commands, military services, and other DOD agencies still lack clearly defined coordination responsibilities and a mechanism for effective coordination within DCIP. As a result, the communication and coordination efforts among these key DCIP stakeholders when considering assets to nominate as Tier 1 Task Critical Assets have been insufficient and inconsistent. While DOD has developed a strategy and comprehensive management plan for DCIP, it has not fully developed some DCIP program management elements for identifying Tier 1 Task Critical Assets, which could enhance the effectiveness of the program. DOD's formal critical asset identification process manual issued in 2008 lacks some key elements necessary for sound program management, including clearly defined schedules and milestones for meeting performance goals and a formal feedback process. According to our work on sound management practices, comprehensive program schedules and formal communication strategies assist agencies in effectively implementing programs by providing relevant stakeholders with timelines to follow, performance milestones to meet, and shared expectations to guide their efforts. Because DOD lacks a formal process for submitting critical assets, including milestones and formal feedback from ASD(HD&ASA) or the Joint Staff on meeting program goals, the combatant commands and military services are limited in their ability to effectively select, compile, and validate their final nominations to DOD's Tier 1 Task Critical Asset list.
    [Read More…]
  • Commercial Flooring Company Pleads Guilty to Antitrust and Money Laundering Charges
    In Crime News
    Mr. David’s Flooring International LLC (Mr. David’s), a Chicago-based commercial flooring contractor, pleaded guilty after being charged for its role in a long-running conspiracy to rig bids and fix prices for commercial flooring products and services, and for its role in a money laundering conspiracy involving kickbacks.
    [Read More…]
  • Veterans Justice Outreach Program: Further Actions to Identify and Address Barriers to Participation Would Promote Access to Services
    In U.S GAO News
    What GAO Found In response to the Veterans Treatment Court Improvement Act of 2018, Department of Veterans Affairs (VA) data show the agency hired 51 Veterans Justice Outreach (VJO) specialists, though VA completed its hiring and reporting after the statute's deadline. The program relies on nearly 400 VJO specialists—primarily social workers—who work with jails and municipal courts to identify and assess the needs of arrested or incarcerated veterans, and connect them to VA health care services. In addition, VA's reporting to Congress lacked required information, such as the number of veterans who lack access to VJO specialists. Although VA does not collect these data, VJO program officials said that future research will help them estimate this number. VA has identified and taken some steps to address barriers that veterans may face in accessing VJO specialists and receiving services. GAO additionally found that veterans with other-than-honorable discharges—often at greater risk of mental health issues and suicide—may not know they are eligible under a 2020 VA policy that extends mental health care services to certain members of this subgroup. (See figure.) In addition, this policy change and newly available services are not reflected in training for VJO specialists. As a result, veterans may not meet with VJO specialists and miss an opportunity to get help accessing VA's health care services. Barriers Justice-Involved Veterans (JIV) May Face Accessing VJO Specialists VA and others have conducted research on the use of VA services by veterans in the VJO program, and VA officials have used this research to improve the program by educating staff and further directing their research. However, VJO research and improvement efforts are not guided by project plans that define goals and identify needed resources, such as stakeholder expertise, as called for by generally recognized project management practices. VJO officials told GAO that research is a key strategy for improving VJO services and that they intend to develop a plan, but do not have a timeframe for doing so. Until the VJO program develops detailed project plans that also identify needed resources, program officials will not have a road map to improve the use of VA services by veterans in the VJO program. Why GAO Did This Study Veterans who have been arrested and jailed are at an increased risk of homelessness, mental health conditions, and suicide. To address these concerns and prevent re-incarceration, VA created the VJO program, which served over 30,000 veterans in fiscal year 2020. The Veterans Treatment Court Improvement Act of 2018 included a provision for GAO to assess VA's implementation of the act's requirements. This report examines the extent to which VA has (1) implemented the act's hiring and reporting requirements, (2) identified and addressed barriers that veterans face in accessing VJO specialists, and (3) conducted and used research to improve the use of VA services by veterans in the program. GAO reviewed relevant federal laws and VA documentation, including program guidance, policies, plans, and reports; reviewed selected studies on veterans' use of the VJO program; interviewed VA and VJO officials; and analyzed VA data for fiscal years 2016 through 2020 on veterans served by the program.
    [Read More…]
  • Acting Assistant Attorney General Brian M. Boynton Delivers Remarks at the Cybersecurity and Infrastructure Security Agency (CISA) Fourth Annual National Cybersecurity Summit
    In Crime News
    Good afternoon. My name is Brian Boynton and I am the Acting Assistant Attorney General for the Civil Division at the Department of Justice. 
    [Read More…]

Crime

Network News © 2005 Area.Control.Network™ All rights reserved.