PITTSBURGH (KDKA) – Russian hackers targeted Westinghouse Electric Company in Pittsburgh as part of a larger international hacking conspiracy, local U.S. Attorney Scott Brady and the U.S. Justice Department announced in Washington, DC on Thursday.
“The defendants are charged with a lengthy and wide-ranging conspiracy to hack into private computers and networks around the world,” said Brady.
“The victims of this activity are anti-doping organizations in the United States and abroad, Swiss and Dutch entities that investigate the use of chemical weapons, and as I mentioned an important company in my own district, Westinghouse.”
Seven Russian military intelligence operatives were indicted in federal court here in Pittsburgh, including Ivan Sergeyevich Yermakov, charged specifically with hacking Westinghouse.
The 41-page indictment charges Yermakov with creating a fake domain and website to mimic Westinghouse’s domain, then sending spearphishing emails to employees, enticing their response whereby their login credential were stolen by the Russians.
Because, said Brady, the company “supplied nuclear fuel to the Ukraine.”
Westinghouse designs the power plants that supply half the world’s nuclear operating plants, including Ukraine.
“It was 2014 that Russia invaded the Ukraine,” said former U.S. Attorney and now University of Pittsburgh Professor David Hickton.
“It was 2015 that Russia used the Ukraine as their cyber playground to test a whole bunch of the cyber-crime tools that they used against us in the 2016 elections,” noted Hickton.
Hickton says Russia uses what it steals to create disorder.
“The Russian signature is to create disorder. They are a rogue state when it comes to cyber.”
Brady said the hacking was not harmless.
“This is not spy versus spy. These were not passive intelligence operations. This is a criminal experience which caused real harm to real victims,” noted Brady.
Interestingly, Yermakov — who targeted Westinghouse — was among the twelve indicted in July by special counsel Robert Mueller for interfering with the 2016 U.S. election.
“I think what it means is obvious,” said Hickton.
“There is a connection between all of this.”
Hickton said both the Russian team and the tools used to hack both are one and the same.
“We have now outed Russia in a very significant way for a very comprehensive cyber-crime spree. It’s very important.”
First under Hickton and now under Brady, Pittsburgh has become a center for a number of cyber-security indictments because of the expertise here.
“We have the finest FBI in the world and in the country, for sure, in terms of doing cyber investigations and it again makes Pittsburgh the center for cyber law enforcement,” said Hickton.
With the investigative work of the local FBI, this U.S. Attorney’s office has charged cybersecurity crimes not just against Russian officials, but other countries as well, including China.
Turns out besides Yermakov, two other Russians charged today were charged by Mueller in July.
Even though they cannot be arrested unless they leave Russia, Hickton says it’s important to make their names public, as that reduces their ability to operate secretly in the future.
KDKA reached out to Westinghouse for a statement and received this:
“We have found no evidence that the phishing campaigns against employees to breach Westinghouse’s systems were successful. The safety and security of our systems and information is a top priority, and we maintain robust processes and procedures to protect against cybersecurity threats.”