[ad_1]
GENEVA: Reporters investigating Russian military intelligence services have been targeted by highly sophisticated cyberattacks via encrypted e-mail accounts. Evidence suggests that Moscow was responsible, ProtonMail's courier provider and journalists said on Saturday (July 27th).
The phishing attack, which sought to convince users to share their ProtonMail pbadwords, targeted the reporters of the award-winning Bellingcat website, which identified agents who had poisoned former Russian spy Sergei Skripal in Great Britain. Britain.
ProtonMail, based in Geneva, said in a statement that "the evidence (as well as independent third-party badessments) seems to suggest an attack of Russian origin".
The general manager of the company, Andy Yen, told AFP that the operation "was one of the most popular phishing attacks we have ever seen."
The Bellingcat reporter, Christo Grozev, who ran the site's work on the Skripal case, said he was confident that the military intelligence unit of the Russian GRU was responsible and that It represented a "leap forward" in terms of technical sophistication.
"It was very convincing," he told AFP, noting that no Bellingcat journalist had given up his pbadword.
ENCRYPTION FROM END TO END
ProtonMail, which claims to be the most secure messaging provider in the world, is increasingly being used by journalists and others who manage sensitive information because user communications are protected by end-to-end encryption.
Before founding ProtonMail, Yen, who is studying at Harvard and worked for five years at the European nuclear research laboratory CERN, told AFP that the company could not read the users' emails, even though it wanted, which contrasts sharply with Google's Gmail.
The phishing attacks against Bellingcat journalists took place this week, with "emails sent to targeted users claiming to belong to the ProtonMail team, asking targets to grab their … login credentials," he said. the society.
The Bellingcat investigation site helped to unmask Russian agents suspected of poisoning former spy Sergei Skripal. (Photo: AFP / HO)
Mr Grozev stated that despite his technical knowledge and his awareness of being a target, he "would have been fooled" – he had not been warned by a contact who received a similar e-mail to phishing earlier this month.
While attacks against Bellingcat's journalists have been concentrated in recent days, Grozen claimed that several investigators and researchers from other organizations working in Russia have received phishing emails in their ProtonMail accounts since April. .
Yen told AFP that "accurately pinpointing the date on which other Russian journalists began to be targeted is a little more complex and can not be confirmed with confidence at the moment."
& # 39; MUST BE INVESTIGATED & # 39;
Yen said ProtonMail had alerted the Swiss Federal Police and the government computer system security office, MELANI, to this week's events.
The company has yet received any indication that an investigation would be opened, Yen said, pointing out that he had little hope that a Swiss government investigation would be effective.
ProtonMail conducts its own investigation.
But Grozen said that Switzerland had a duty to act, in part because its .ch domain was used to carry out the phishing operation.
"It is essentially a crime committed on the Swiss digital territory," he said, pointing out that the entities that registered the malicious websites are "traceable to the authorities (Swiss)" .
The Swiss Federal Police and MELANI did not immediately respond to a request for comment.
Bellingcat, a UK-based and highly reputed investigation website, used open source technology to tell a series of stories, particularly about Russia, including important revelations about the MH17 crash. above Ukraine, also linked to Russian intelligence GRU a service.
Source link
