In an indictment filed today in the Western District of Pennsylvania, seven Russian intelligence officers have been accused of a concerted attack on international athletic organizations, apparently as retaliation for actions taken against Russia over its state-sponsored doping program.
"The actions of these seven hackers, all working as officials for the Russian government, were criminal, retaliatory, and damaging to innocent victims and the United States' economy, as well as to world organizations," FBI Director Christopher Wray said of the attacks during a press conference.
All the named defendants are believed to be members of unit 26165 of the Russian intelligence agency, the GRU, which has also been accused of orchestrating hacks to influence the outcome of the 2016 US election. Group members posed as a hacktivist group called Fancy Bear, and three of the defendants named today were also indicted on charges stemming from the election influence operation.
As in that earlier case, the agents paid for their activities using cryptocurrency and partially funded them through mining. According to the indictment:
"The conspirators used several dedicated email accounts to track basic bitcoin transaction information and to facilitate bitcoin payments to vendors. One of these dedicated accounts received hundreds of bitcoin payment requests from approximately 100 different email accounts."
The indictment claims that some of the infrastructure for the attacks, including the hosting of a spoofed version of the World Anti-Doping Agency's website, were paid for in bitcoin:
"In those instances where conspirators purchased hacking infrastructure, payments were made using a complex web of transactions involving operational accounts in fictitious names and typically utilized cryptocurrencies, such as Bitcoin, to further mask their identities and conduct."
However, like in earlier cases, FBI investigators were able to track at least some of these transactions, showing, once again, that while cryptocurrency may be more difficult to trace than funds from a checking account, its use does not provide foolproof camouflage for illicit activity.