CNN
—
Inside hours of opposition chief Alexey Navalny’s death in February in a Russian jail, a gaggle of anti-Kremlin hackers went on the lookout for revenge.
Utilizing their entry to a pc community tied to Russia’s jail system, the hackers plastered a photograph of Navalny on the hacked jail contractor’s web site, in keeping with interviews with the hackers, screenshots and knowledge reviewed by CNN.
“Lengthy dwell Alexey Navalny!” learn a message on the hacked web site, accompanied by a photograph of Navalny and his spouse Yulia at a political rally.
In a surprising breach of safety, in addition they seem to have stolen a database containing data on a whole lot of hundreds of Russian prisoners and their kin and contacts, together with, the hackers declare, knowledge held on prisoners within the Arctic penal colony the place Navalny died on February 16.
The hackers, who say they’re a mixture of nationalities, together with Russian expatriates and Ukrainians, are sharing that knowledge, together with telephone numbers and e-mail addresses of prisoners and their kin “within the hope that any individual can contact them and assist perceive what occurred to Navalny,” a hacker claiming to be concerned within the breach informed CNN.
As well as, the hackers used their entry to the Russian jail system’s on-line commissary, the place members of the family purchase meals for inmates, to alter the costs of issues like noodles and canned beef to 1 ruble, which is roughly $0.01, in keeping with screenshots and movies of purchases from the web retailer posted by the hackers.
Usually, these items price over $1.
It took a number of hours for the administrator of the web jail store to note that Russians had been shopping for meals for pennies, in keeping with the hacker concerned. And it might be three days earlier than IT workers on the jail store had been capable of absolutely shut down the hacker-provided reductions, in keeping with the hacker’s account.
“We had been watching the [access logs to the online store] and it simply saved scrolling quicker and quicker with increasingly more prospects making purchases,” the hacker mentioned in a web based chat whereas offering knowledge to CNN corroborating that they had been concerned within the hack.
The hackers declare that the database incorporates data on about 800,000 prisoners and their kin and contacts. A CNN evaluate of the info discovered some duplicate entries within the database however that it nonetheless incorporates data on a whole lot of hundreds of individuals. CNN was capable of match a number of prisoner names in screenshots shared by the hackers with those that, in keeping with public information, are at present in Russian jail.
The web jail store that the hackers seem to have breached is owned by the Russian state and formally referred to as JSC Kaluzhskoe, in keeping with Russian enterprise information reviewed by CNN. JSC Kaluzhskoe serves 34 areas in Russia.
CNN has requested remark from JSC Kaluzhskoe, Russia’s Federal Penitentiary Service (referred to as FSIN) and the person web site directors that the hackers declare to have outsmarted.
On February 19, the day after the hackers defaced the web site and changed it with Navalny’s picture, JSC Kaluzhskoe posted on Russian social media platform VK that it had skilled a “technical failure” that led to the “costs for meals and primary requirements” being “mirrored incorrectly.”
Tom Hegel, a cybersecurity professional with expertise analyzing knowledge dumps, mentioned the leaked knowledge confirmed all indicators of being genuine and that it had originated from the hacked jail store.
The hackers “clearly had full blown entry to get all of it,” Hegel, who’s principal risk researcher at US cybersecurity agency SentinelOne. “The quantity of photographs captured and knowledge supplied is kind of thorough.”
The hacking group despatched notes to directors of the web jail store, warning them to not take the pro-Navalny messages off the web site. When the net directors refused, the hackers retaliated by destroying one of many directors’ pc servers, the hacker claimed.
Navalny, a charismatic political chief who railed towards Russian authorities corruption, died in mysterious circumstances on February 16 at a jail in Yamalo-Nenets area, 1,200 miles northeast of Moscow. The US holds Russian President Vladimir Putin liable for Navalny’s dying, US President Joe Biden has mentioned.
Politically motivated hacking, or “hacktivism,” has been rampant within the greater than two years since Russia’s full-scale invasion of Ukraine. Within the days following the invasion, a Ukrainian man took revenge by leaking a trove of inner knowledge from a Russian ransomware gang displaying the group’s alleged connections with Russian intelligence.
Professional-Ukraine hackers of assorted stripes have joined the fray, claiming accountability for attacks on a Russian web supplier, for instance, and web sites that had been broadcasting a high-profile Putin speech final 12 months.
The battle in Ukraine “has undoubtedly begun a brand new chapter in using hacktivism, unprecedented in its present scale,” mentioned Hegel, the SentinelOne researcher. “Hacktivism has emerged as a robust device for various teams to precise their views, rally behind their nations, goal perceived adversaries, and try to affect the trajectory of the battle.”
The hack of the web jail store got here with a message from self-described Russian expatriates.
“We, IT specialists, left at present’s Russia,” learn a message in Russian on one of many jail store web sites, in keeping with a screenshot of the web site on February 18 reviewed by CNN. “We love our nation and can return when it’s free from the Putin regime. And we’ll go until the top on this path.”