Ukrainian malware programmer said to be cooperating with U.S. on Russia election hacking probe

Click to read the NY Times story.

In all the noise of this week’s events, it would be easy to miss some dramatic news out of Kiev today. So I’ll amplify it here.  A Ukrainian hacker who wrote code that might have helped hack the U.S. election — and other political events around the world — has turned FBI witness, the New York Times says.

His pseudonym is Profexer, and plenty of people are wondering about his safety right now.

Below is a brief synopsis, but you should really read the entire report.  

As with all things cyber, and all things politics, it’s not as clear as one would wish. Profexer is a well-regarded Ukrainian hacker who wrote a hacker tool sometimes called PAS. It’s one of several tools a hacker might use when taking over a network; it’s essentially a base of operations installed after a successful break in. It lets a remote hacker easily open a “shell” — a prompt for executing commands — on a compromised network.

In the days after the election but before the inauguration, the Obama administration accused Russia of hacking the election and offered a few crumbs of digital forensic evidence. Chief among them: use of the PAS shell program.  Profexer made the tool.

Profexer didn’t do the hacking, but the release scared him.  Soon after, the Times now reports, Profexer got very cold feet, and turned himself in to Ukrainian authorities for a chat. Because making software generally isn’t a crime, he was not charged with anything.   The Times quotes Ukrainian officials as saying he is instead a cooperating witness — a very rare human being from the underground appearing in flesh and blood, apparently offering to help the FBI chase down other hackers. Perhaps, helping chase down Russians who did the hacking.

Several things muddy the waters here. This analysis, published by Wordfence, does indeed show that Profexer’s code is implicated by the U.S. analysis .  But, oddly enough, it was an old, outdated version of Profexer’s software. It would have been available from any number of places, and was fairly widely used. So by itself, use of PAS means almost nothing.  U.S. election hackers could have downloaded it from anywhere.

Still, the Times points out that Profexer did work for hire too — he wrote special versions of his tool for money.  And in another political hacking incident involving Ukraine, authorities found digital fingerprints of Profexer’s code.  Clearly, he must know interesting people. Perhaps Russians.

Once again, we are back to the problem of attribution in cyber-attacks.  As I pointed out before the election, with the help of election hacking expert Harri Hursti, nation states often don’t cyber-attack each other directly. There’s no need. There are so many other ways to do it. Cyber-armies are outsourced to give plausible deniability.  Were the Russians looking to hack a U.S. election, they wouldn’t need to assign the task to a cyber army. They could hire freelance hackers to do it. Better yet, lone actors might do some of the work on their own, out of patriotism, with a wink and a nod from authorities. And you can imagine a murky continuum between those two things.

Also quite possible: a freelance hacker could be hired without any idea who was paying him or her.  Profexer could have been commissioned to write code for the Russians — or for that matter, any country — and have no idea who was signing the check.

It is a very big deal that this hacker is talking to authorities. One imagines his Rolodex is fascinating. But as with all spook stories, it’s important to remember what is known and what is a guess.  As Wordfence put it, we know the U.S. government says old code was used to hack the election, and we know government officials say the person who wrote that code is now cooperating with authorities.  That’s about it.

It’s also important to note that, with rare exceptions, we rarely ever learn such things unless someone wants us to know for a reason. Why are authorities confirming Prefexor’s cooperation now? Perhaps they are turning up the heat on those who paid him. Perhaps they are close to a break in the case.  Or perhaps they are throwing a Hail Mary pass.

Let’s hope Prefexor has plenty of time to tell his stories.


Don’t miss a post. Sign up for my newsletter

About Bob Sullivan 1648 Articles
BOB SULLIVAN is a veteran journalist and the author of four books, including the 2008 New York Times Best-Seller, Gotcha Capitalism, and the 2010 New York Times Best Seller, Stop Getting Ripped Off! His latest, The Plateau Effect, was published in 2013, and as a paperback, called Getting Unstuck in 2014. He has won the Society of Professional Journalists prestigious Public Service award, a Peabody award, and The Consumer Federation of America Betty Furness award, and been given Consumer Action’s Consumer Excellence Award.

Be the first to comment

Leave a Reply

Your email address will not be published.


This site uses Akismet to reduce spam. Learn how your comment data is processed.