Suspected DNC & German Parliament Hacker Used His Name As His Email Password
from the opsec-yo dept
You may have seen the news reports this week that German prosecutors have issued an arrest warrant for Dmitry Badin for a massive hack of the German Parliament that made headlines in 2016. The reports about the German arrest warrant all mention that German authorities "believe" that Badin is connected to the Russian GRU and its APT28 hacking group.
The folks over at Bellingcat have done their open source intelligence investigation thing, and provided a ton of evidence to show that Badin almost certainly is part of GRU... including the fact that he registered his 2018 car purchase to the public address of a GRU building. This is not the first time this has happened. A few years back, Bellingcat also connected a bunch of people to the GRU -- including some accused of hacking by the Dutch government -- based on leaked car registration info.
There's much, much more in the Bellingcat report, but the final paragraph really stands out. Bellingcat also found Badin -- again, a hacker who is suspected in multiple massive and consequential hacks, including of email accounts -- didn't seem to be all that careful with his own security:
The most surreal absence of “practice-what-you-breach” among GRU hackers might be visible in their lackadaisical attitude to their own cyber protection. In 2018, a large collection of hacked Russian mail accounts, including user name and passwords, was dumped online. Dmitry Badin’s email — which we figured out from his Skype account, which we in turn obtained from his phone number, which we of course got from his car registration — had been hacked. He had apparently been using the password Badin1990. After this, his email credentials were leaked again as part of a larger hack, where we see that he had changed his password from Badin1990 to the much more secure Badin990.
Yes, the password for at least one of his email accounts... was apparently his own last name and the year he was born. The cobbler's kids go shoeless again.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: apt28, dmitry badin, dnc, dnc emails, email, germany, gru, hacking, opsec, passwords, podesta emails, russia
Reader Comments
Subscribe: RSS
View by: Time | Thread
There is 0 percent chance Russia is the actual problem or the source of the cyber intrusions.
[ link to this | view in chronology ]
Re:
... said no one with two or more functioning neurons, ever.
[ link to this | view in chronology ]
Re: Re: 0 chance Russia................
I think they forgot to update their nym to Anonymou /s Coward
[ link to this | view in chronology ]
Re: Re:
The first suspect and most likely only guilty party is almost always China.
In the event it's not China, then it's India.
North Korea, Japan, Germany, and possibly Spain, were the old guilty crowd but they appear to have completely lost the "cyber" conflict completely at this point.
North Korea probably still has some kind of declared conflict that it created itself on its books that blames everyone else and can be used as a "state sponsor" of the activity.
The cyber terrorists that attacked me blamed Bhutan for a while which is not functionally possible to my knowledge.
If it was Russia that was the source of the global cyber terror menace then the Soviet Union would be more than a collection of treaties in some archive today like the Roman Empire turned into.
[ link to this | view in chronology ]
Re: Re: Re:
"The first suspect and most likely only guilty party is almost always China."
I am not trusting analysis of a guy that forgot about existence of Israel.
[ link to this | view in chronology ]
Re: Re: Re: Re:
Okay, there is a good chance it is actually India but it is not provable which one it is from here.
[ link to this | view in chronology ]
Re: Re: Re:
"If it was Russia that was the source of the global cyber terror menace then the Soviet Union would be more than a collection of treaties in some archive today..."
The soviet union which ended in 1991 at which point in time "cyberwarfare" consisted of individual hackers and the various governments of the world still thought a 14.4k modem was a revolutionary invention?
Honestly, everything else being equal then yes, China will have the most hackers of anyone today, simply because they've spent the most on state-wide IT monitoring and supervision.
But russia isn't exactly lacking either. And it's a mistake to assume that just because one of their most clumsy managed to screw himself it means they lack skilled crews.
Like the ones who hacked the NSA to lift and spread the code that agency built for "monitoring and surveillance" - which was then used by criminals to create the Wcry cryptoworm.
[ link to this | view in chronology ]
Re: Re: Re: Re:
They still have soviet union stuff.
You ended in 1991
[ link to this | view in chronology ]
Re: Re: Re: Re:
cyberwarfare is outlawed by all countries and is not a form of warfare
the "cyberwarfare", which is almost purely terrorism today, was in fact developed more than 1000 years ago when people noticed you could poison or kill someone with an EM field
It was called witchcraft or sorcery and people got burned at the stake for it
[ link to this | view in chronology ]
Common Registration technique
IIRC one of the guys who poisoned the Russian ex-agent in Britain (and his daughter) was outed with among other things, proof that he'd registered his car to a GRU office despite claims he was not connected with them.
Is there a benefit to sending local police looking to collect on outstanding traffic tickets to the address of the GRU?
[ link to this | view in chronology ]
Convenience
I remember years ago watching a tv show about scam artists. Police investigators who traced these types of crimes said that many of the victims of scams were perfectly intelligent, and that the common theme that tied scam victims together was mostly personal greed. This hacker demonstrates to me that proper online security practices are not tied to intelligence. Laziness perhaps? Convenience? But it's not intelligence.
[ link to this | view in chronology ]
Re: Convenience
That (you mean ashley madison?) isnt good evidence against Russia being involved in Germany
That said, the title is misleading as the way the GRU operates, even the timing of the U.S. hacks don't add-up ro his entering Germany
So i disagree with both this article and your analysis
Russia is behind Germany but this had nothing to do with DNC, Techdirt, c'mon, don't assume if 1 Russian is behind 1, even if you believe they're somehow the only actor...
(Everybody hacks everybody),.
That this must contend a lack of supply, hackers. There are many people the GRU pickup. i personally doubt Russia was behind Podesta. that said, i fully accept they're behind much
Let's not go to extremes of never-guilty, always guilty, bull claims of USB transfer or attempting to connect every campaign to 1 actor let alone 1 individual
[ link to this | view in chronology ]
Re: Re: Convenience
The opsec here was dumb. While IC (BND) can fake this data, I highly doubt it
Again though, nothing in this article does Mike include as relevant to DNC
Why then include it in the title? The title is supposed to reflect the body. It doesn't here
[ link to this | view in chronology ]
Re: Convenience
Unfortunately many have forgotten objectivity. it is always a dichotomy
Things are more complex
You're wrong, Koby as is Mike wrong
Everybody's wrong. That said, i'd sooner believe Mike despite totally disagreeing with his claim
Why? Plausibility versus probability
It is impossible what you say, plausible what he says but neither is probable
[ link to this | view in chronology ]
Re: Convenience
Not that even the FBI's suggested suspicion this is the same guy. tbh, I doubt they even know
Any case, that isnt because i agree with your analysis
At least for all the problematic title, Mike gets the content ok
[ link to this | view in chronology ]
Things certainly were Bad in 1990
But then it was Time for the Guru, https://www.youtube.com/watch?v=DQle7hAPpyE
[ link to this | view in chronology ]
For Dmitry Badin- Three letters and four numbers that nobody will ever guess.
"NSP-6969"
[ link to this | view in chronology ]