What are the 'bears' in the documentary?

The 'bears' refer to various Russian hacker groups, each with different objectives and methods.

What was the significance of the Bundestag hack?

The hack compromised sensitive political information and highlighted vulnerabilities in Germany's cyber defenses.

How did the hackers gain access to the Bundestag's systems?

They used a phishing email that appeared to be from the United Nations, which Claudia Height clicked on.

What role did Russian hackers play in the 2016 US presidential election?

They leaked sensitive information from the Democratic Party to influence the election in favor of Donald Trump.

What is the current status of Russian hacker groups?

They remain active and continue to pose a significant threat to global cybersecurity and democracy.

What tools did the hackers use in their operations?

They used malware like X-Agent and X Tunnel to infiltrate systems and steal data.

What was the outcome of the investigation into the Bundestag hack?

The investigation pointed to Russian hacker group Fancy Bear, linked to the GRU.

How did the documentary conclude regarding the future of these hackers?

It suggests that the hackers are still a significant threat and that vigilance is necessary to counter their tactics.

What is the impact of these cyber attacks on democracy?

They undermine public trust in democratic institutions and can influence political outcomes.

What measures can be taken to protect against such cyber threats?

Increased cybersecurity awareness, better training, and robust security protocols are essential.

The Hunt for the World's Most Dangerous Hackers

00:41:43

https://www.youtube.com/watch?v=ZhfI0EboPU0

Resumen

TLDRThe documentary delves into the operations of Russian hacker groups, metaphorically called 'bears,' who have been involved in significant cyber attacks, including the hack of the German Bundestag and interference in the 2016 US presidential election. It follows the story of Claudia Height, a Bundestag assistant who inadvertently clicked on a phishing email, allowing hackers access to sensitive political information. The film connects these cyber operations to broader geopolitical strategies, emphasizing the ongoing threat these hackers pose to democracies worldwide. It highlights the sophisticated methods used by these groups and the implications for global security and political integrity.

Para llevar

🐻 The 'bears' symbolize dangerous Russian hacker groups.
💻 The Bundestag hack exposed vulnerabilities in Germany's political system.
📧 A phishing email was the entry point for hackers into the Bundestag.
🇺🇸 Russian hackers influenced the 2016 US presidential election.
🔍 Investigations linked the attacks to the GRU and Fancy Bear.
🛡️ Cybersecurity measures are crucial to protect against such threats.
📊 The impact of cyber attacks can destabilize democracies.
⚠️ Ongoing vigilance is necessary to counteract hacker tactics.
📉 Trust in democratic institutions can be eroded by cyber interference.
🔑 Understanding hacker methods is key to prevention.

Cronología

00:00:00 - 00:05:00
The documentary introduces five metaphorical bears representing Russian hacker units, each with unique traits and objectives. They are tools of destabilization and psychological warfare, posing threats to Western democracies and involved in significant cyber attacks, including the German Parliament and the 2016 US presidential election.
00:05:00 - 00:10:00
The story begins with Claudia Height, an assistant in the German Bundestag, who unknowingly becomes a victim of a cyber attack. Her computer is infected with a Trojan, allowing Russian hackers to infiltrate the Bundestag's systems, leading to a major cyber attack that goes unnoticed for weeks.
00:10:00 - 00:15:00
An email disguised as a UN alert is sent to MPs, leading to the silent installation of malware. The hackers gain access to sensitive areas of the Bundestag's IT infrastructure, eventually compromising the office of Chancellor Angela Merkel, marking one of the most serious cyber attacks in German history.
00:15:00 - 00:20:00
Despite the attack's severity, it goes unnoticed for a long time. IT staff fail to recognize the Trojan on Claudia's computer, and it takes days for authorities to respond to warnings about the breach. The BSI eventually shuts down the network to regain control, but chaos ensues as lawmakers are left without access to critical information.
00:20:00 - 00:25:00
Investigators trace the attack back to a Russian hacker group known as Fancy Bear, linked to the GRU. They discover malware on Claudia's computer and find that 16 GB of data, including sensitive emails, has been stolen from the Bundestag, raising concerns about espionage and hybrid warfare.
00:25:00 - 00:30:00
As the 2016 US presidential election approaches, Russian hackers target the Clinton campaign. John Podesta, Clinton's campaign manager, falls victim to a phishing attack, granting Fancy Bear access to internal communications and leading to the theft of thousands of emails, which are later leaked to Wikileaks.
00:30:00 - 00:35:00
The hackers' operations are further complicated by another group, Cozy Bear, which infiltrates the Democratic National Committee. Despite warnings from intelligence agencies, the DNC fails to act, allowing both groups to operate undetected and causing significant damage to the Clinton campaign.
00:35:00 - 00:41:43
The documentary concludes with the ongoing threat posed by Russian hackers, highlighting their involvement in the Ukraine conflict and the need for vigilance against their tactics. The narrative emphasizes the importance of cybersecurity and the potential consequences of foreign interference in democratic processes.

Mapa mental

Vídeo de preguntas y respuestas

What are the 'bears' in the documentary?
The 'bears' refer to various Russian hacker groups, each with different objectives and methods.
What was the significance of the Bundestag hack?
The hack compromised sensitive political information and highlighted vulnerabilities in Germany's cyber defenses.
How did the hackers gain access to the Bundestag's systems?
They used a phishing email that appeared to be from the United Nations, which Claudia Height clicked on.
What role did Russian hackers play in the 2016 US presidential election?
They leaked sensitive information from the Democratic Party to influence the election in favor of Donald Trump.
What is the current status of Russian hacker groups?
They remain active and continue to pose a significant threat to global cybersecurity and democracy.
What tools did the hackers use in their operations?
They used malware like X-Agent and X Tunnel to infiltrate systems and steal data.
What was the outcome of the investigation into the Bundestag hack?
The investigation pointed to Russian hacker group Fancy Bear, linked to the GRU.
How did the documentary conclude regarding the future of these hackers?
It suggests that the hackers are still a significant threat and that vigilance is necessary to counter their tactics.
What is the impact of these cyber attacks on democracy?
They undermine public trust in democratic institutions and can influence political outcomes.
What measures can be taken to protect against such cyber threats?
Increased cybersecurity awareness, better training, and robust security protocols are essential.

Ver más resúmenes de vídeos

Obtén acceso instantáneo a resúmenes gratuitos de vídeos de YouTube gracias a la IA.

Subtítulos

Desplazamiento automático:

00:00:00
This is the story of the hunt for the
00:00:02
world's most dangerous hackers.
00:00:05
[Music]
00:00:10
Prologue. The bears.
00:00:14
Once upon a time, there were five bears.
00:00:18
They all lived in Russia.
00:00:20
[Music]
00:00:22
Each one was different in the things
00:00:25
they liked and in the things they did.
00:00:29
But they shared one important trait.
00:00:34
They were all seriously dangerous.
00:00:39
There was the fancy bear, elegant,
00:00:42
agile, and cunning.
00:00:48
Then came the lazy bear, who liked
00:00:50
nothing more than making himself
00:00:53
comfortable in other people's homes,
00:00:55
just to lie in weight.
00:01:00
The Berserker bear was obsessed with
00:01:02
energy. All kinds of energy and all the
00:01:06
things it could be used for.
00:01:09
The voodoo bear had mastered an entire
00:01:12
arsenal of dark arts.
00:01:16
And last but not least, the toxic bear.
00:01:20
Definitely not one to mess with.
00:01:24
They were all fearless fighters. nasty
00:01:28
creatures that sent shivers down the
00:01:30
world's spine.
00:01:32
Even in the most distant lands, people
00:01:35
knew of them and feared them.
00:01:40
But there's one more thing all these
00:01:42
bears had in common. Their metaphors,
00:01:46
nicknames for special units of Russian
00:01:49
intelligence services. These units are
00:01:51
made up of hackers,
00:01:53
some of the most dangerous in the world.
00:01:56
They each have different objectives. To
00:01:58
spy, to expose, to wreak havoc. But
00:02:00
they're not just a threat to computers
00:02:02
or networks. They're a threat to Western
00:02:04
democracies.
00:02:06
They're tools of destabilization, of
00:02:08
psychological warfare, of political
00:02:10
manipulation. They've already made it
00:02:12
into the German Parliament, into the
00:02:15
email inboxes of the country's elected
00:02:16
officials. They threw their full weight
00:02:18
behind Donald Trump's 2016 campaign.
00:02:22
They travel the world working in the
00:02:23
interest of Vladimir Putin's regime and
00:02:26
they've played a key role for years in
00:02:28
Russia's brutal war against Ukraine.
00:02:31
This documentary reveals who these
00:02:33
hackers are, how they operate, and how
00:02:35
we can protect ourselves from them.
00:02:42
[Music]
00:02:48
Heat.
00:02:50
[Music]
00:03:04
Heat.
00:03:06
[Music]
00:03:21
This documentary is largely based on a
00:03:23
fantastic German speaking podcast Deman
00:03:25
and Mira Ghner by German investigative
00:03:28
journalists Hakan Tanke and Florian F.
00:03:31
Link is in the description.
00:03:35
Chapter 1, the email.
00:03:39
This story begins with that little line
00:03:40
above the E and with Claudia height. She
00:03:43
was working in Berlin back then as an
00:03:44
assistant to a member of the Bundistag,
00:03:46
the German National Parliament.
00:03:49
Her office is beautiful in the center of
00:03:51
Berlin. It's May 8th, 2015, a warm
00:03:54
Friday in spring. The weekend is just
00:03:57
around the corner. She's trying to write
00:03:59
an email to a colleague named Renee. Hm.
00:04:02
The accent IU doesn't work. Strange. She
00:04:06
tries all the usual, opening and closing
00:04:08
Word, rebooting her PC. Nothing fixes
00:04:11
the issue. The Bunist dog has its own
00:04:14
internal service hotline for that kind
00:04:15
of thing, 117. She tells the IT guys
00:04:18
that she thinks her PC got infected with
00:04:20
some kind of malware, perhaps a Trojan,
00:04:23
but they don't take her seriously. At
00:04:25
this point, no one realizes how serious
00:04:28
the situation really is.
00:04:33
There really was a Trojan on Claudia's
00:04:35
computer. She'd been hacked. But it
00:04:38
wasn't just her device. While she's
00:04:40
still on the phone with 117, hackers are
00:04:43
already deep inside the Bundesto
00:04:44
systems. They're working on behalf of
00:04:47
the Russian Military Intelligence
00:04:48
Agency, the GRU.
00:04:51
Putin's bears are running wild right
00:04:53
through the very heart of Germany's
00:04:55
political system.
00:04:57
If all this happened today, Claudia
00:04:59
could have just asked an AI assistant.
00:05:00
Probably way more helpful than that
00:05:01
service hotline. With UDA's website app,
00:05:04
AI can also help you build your website
00:05:05
in seconds. No coding skills needed.
00:05:08
Just four easy steps. Define the type of
00:05:10
website, industry, and goals. AI
00:05:12
generates images and text tailored to
00:05:14
your needs. Choose a color palette or
00:05:15
upload your logo. Add pages and
00:05:17
features. Choose a theme you like, then
00:05:19
make it yours with simple drag and drop.
00:05:21
With Chat GPT built in Udu, the perfect
00:05:24
text is generated for you. or just ask
00:05:26
AI to rewrite your copy for you. Need a
00:05:28
multilingual website, a Japanese
00:05:29
translation done in just a few clicks.
00:05:32
It's fast, intuitive, and designed to
00:05:34
make the experience smooth and
00:05:35
effortless. Let UDO's built-in AI handle
00:05:37
the busy work so you can focus on the
00:05:39
big picture. Get started today for free.
00:05:41
Your first app is free for life,
00:05:42
including unlimited hosting and support.
00:05:44
With the website app, you can even get a
00:05:46
free custom domain for 1 year. You've
00:05:48
never launched a website this easily.
00:05:49
Add more apps anytime and get the full
00:05:51
suite of apps starting at just €19.90
00:05:53
per month. Click the link in the
00:05:55
description to get started.
00:05:58
8 days earlier on April 30th, 2015,
00:06:01
dozens of MPs and their staffs received
00:06:03
an email. It looked official, as if it
00:06:06
came from the United Nations. The
00:06:08
subject line referenced Ukraine and its
00:06:10
economic situation. It's just a year
00:06:12
after the annexation of Crimea, Russia's
00:06:14
first military incursion into Ukraine.
00:06:16
The military operation is now underway
00:06:19
in eastern Ukraine. The capital Kev and
00:06:21
other Ukrainian cities have been hit by
00:06:24
air and missile strikes over the past
00:06:26
several hours.
00:06:27
The situation in Ukraine was already a
00:06:29
red-hot political issue. You had to stay
00:06:31
informed. And if the UN sent something
00:06:33
around, Claudia height and many others
00:06:35
clicked. That single click was enough.
00:06:39
Malware installed itself quietly in the
00:06:40
background. No pop-ups, no warnings. The
00:06:43
infection was silent, and from that
00:06:45
moment on, the hackers had access. Their
00:06:49
objective was clear. Gain administrator
00:06:51
rights with those that had the digital
00:06:53
equivalent of master keys, access to
00:06:55
everything, the power to change
00:06:57
anything.
00:06:59
And they got what they came for. They
00:07:01
broke into areas of the system that
00:07:02
should have been completely off limits.
00:07:04
That's how they were able to push deeper
00:07:06
and deeper until they had essentially
00:07:08
taken over the Bundesto's IT
00:07:09
infrastructure. It was a sophisticated
00:07:11
operation, carefully planned and
00:07:13
executed. The attackers moved laterally,
00:07:16
jumping from computer to computer,
00:07:17
scanning for valuable information,
00:07:19
documents, emails, anything of use.
00:07:23
Eventually, they reached two machines
00:07:24
inside a parliamentary office of the
00:07:26
conservatives.
00:07:27
And not just any office, Angala Merkels,
00:07:30
the German chancellor at the time.
00:07:33
[Applause]
00:07:38
The Bundesaggh is one of the most
00:07:40
serious cyber attacks in German history.
00:07:42
It will set off a large-scale
00:07:43
international investigation and
00:07:45
eventually arrest warrants that had once
00:07:47
seemed unimaginable.
00:07:48
And yet, inside the bunist dog itself,
00:07:51
the attack goes unnoticed for quite some
00:07:53
time.
00:07:57
Back to that Friday afternoon call with
00:07:59
117. Claudia is frustrated with how
00:08:02
unhelpful the first hotline call had
00:08:03
been. So, she does what most people do
00:08:05
in that situation. She calls again,
00:08:08
hoping the next person might actually
00:08:09
understand what's going on. But even the
00:08:12
second person on the line doesn't take
00:08:14
her seriously. Angry and fed up, Claudia
00:08:17
decides to just shut down her PC and go
00:08:19
home. It is Friday after all, and the
00:08:21
weekend has already begun.
00:08:23
[Music]
00:08:28
On Monday morning, an IT staffer
00:08:30
remotely logs into Claudia's machine and
00:08:32
reinstalls Word, which of course doesn't
00:08:35
fix anything. By the afternoon, someone
00:08:37
finally comes in person, but even they
00:08:40
don't catch that there's a Trojan on
00:08:41
Claudia's PC. By this point, the hackers
00:08:44
have already been inside the system for
00:08:45
at least 2 weeks. And still, almost no
00:08:48
one realizes that this might actually be
00:08:50
a cyber attack. Meanwhile, over in the
00:08:53
UK, a cyber security firm has been
00:08:55
keeping an eye on a suspicious foreign
00:08:57
server, one that had been used for
00:08:59
previous cyber attacks. Suddenly, that
00:09:02
server establishes a connection to
00:09:03
machines inside the Bundesto network.
00:09:06
The firm alerts the federal office for
00:09:08
the protection of the Constitution. A
00:09:10
day later, the warning reaches both the
00:09:12
Bundesto's classified information office
00:09:14
and the Federal Office for Information
00:09:16
Security, BSI, and bond. Thanks to
00:09:19
German bureaucracy doing what German
00:09:21
bureaucracy does. The warning takes a
00:09:23
brisk 3 days to actually land.
00:09:26
Finally, someone realizes what's
00:09:27
happening. The BSI sends a special team
00:09:30
to Berlin. Their job, comb through the
00:09:32
logs. Those are automatic records on
00:09:34
computers that track what happened when
00:09:36
and how. Which programs were opened,
00:09:39
what was clicked, what ran in the
00:09:41
background, all of it. The BSI team
00:09:43
needs to figure out three things. Is
00:09:45
this a major attack? Yes. What are the
00:09:48
hackers after? Probably stealing data.
00:09:51
And are they still inside? Very much so.
00:09:54
The team doesn't hesitate. They shut
00:09:56
down the entire network. From the
00:09:58
outside, it looks like someone just
00:10:00
ripped the plug out of the wall. Claudia
00:10:02
watches her computer power off like it
00:10:04
has a mind of its own, like it's
00:10:06
haunted. She half expects the lights to
00:10:08
flicker next.
00:10:10
That same day, Durbigel broke the story.
00:10:13
The first media outlet to report on the
00:10:14
cyber attack. Politicians found out from
00:10:17
the news, not from internal channels.
00:10:19
From that moment on, chaos took over.
00:10:22
Lawmakers were furious. No one could
00:10:25
work properly. No emails, no access to
00:10:27
documents, no reports. And this isn't a
00:10:30
movie. You don't just kick the hackers
00:10:32
out and move on. The network is giant,
00:10:35
messy, and hard to control. The response
00:10:37
team had to fight their way through it,
00:10:39
trying to stop any further data theft
00:10:41
and rest back control. It took weeks to
00:10:44
clean the system. During that time, MPs
00:10:47
and their staff could only use certain
00:10:48
parts of the network. No one knew if the
00:10:50
hackers were still reading their emails.
00:10:52
Important notes were suddenly written
00:10:54
down by hand again, just to stay safe.
00:10:59
The Bundesto's IT security was clearly
00:11:02
overwhelmed. It faced intense criticism
00:11:04
in the months after. When the dust
00:11:06
finally settles, the investigation into
00:11:08
the perpetrators begins, and the trail
00:11:10
points to Russia right from the start.
00:11:13
On Claudia Height's computer,
00:11:15
investigators find malware called X
00:11:17
Tunnel. Xunnel functions like a real
00:11:19
tunnel, a direct continuous link that
00:11:21
allows attackers to access the network
00:11:23
whenever they want. Inside the code,
00:11:26
analysts uncover connections to a server
00:11:28
believed to be used by a group known as
00:11:30
AP28.
00:11:32
AP stands for advanced persistent
00:11:34
threat. It's a label used for hacker
00:11:36
groups that are not only highly skilled,
00:11:38
but also extremely patient. The kind of
00:11:41
intruders who don't just strike and
00:11:42
vanish, but stay deeply embedded,
00:11:45
sometimes for years. By all accounts,
00:11:47
AP28 is a Russian group, and it also
00:11:50
goes by another name, Fancy Bear.
00:11:54
Fancy Bear operates under the GRU,
00:11:56
Russia's military intelligence service.
00:11:59
The group is notorious. This is where
00:12:01
they work in what's known as the
00:12:03
aquarium in Moscow. No one knows who
00:12:06
they really are. No names, no faces, not
00:12:09
even how many of them exist. But one
00:12:12
thing is clear. They do whatever it
00:12:14
takes. They'll stop at nothing. Not even
00:12:17
the computer of the sitting German
00:12:18
chancellor. Ironically, it's there in
00:12:22
that highly sensitive office where one
00:12:24
of the hackers slips up.
00:12:26
They managed to break into a computer in
00:12:28
Angela Merkel's outer office, her
00:12:30
personal machine, her inbox. It's
00:12:33
exactly what they were after. To extract
00:12:35
the emails, one of the hackers writes a
00:12:37
custom program. The tool is designed to
00:12:39
copy her Outlook inbox and send that
00:12:41
copy to a server they control. The
00:12:43
program is called VSC.exe.
00:12:46
But there's a problem. While coding, the
00:12:48
hackers make a mistake. To locate and
00:12:50
extract the files, VSC.exe needs to
00:12:53
follow a specific file path. And that
00:12:55
path includes the words aba buo. But the
00:12:58
program doesn't recognize the German oo.
00:13:00
Instead, the character shows up as a
00:13:02
garbled symbol, a question mark followed
00:13:04
by r o. So, the program can't find the
00:13:07
folder. For a moment, the entire
00:13:09
operation stumbles over the quirks of
00:13:11
the German language. Realizing the
00:13:13
attack might be exposed at any moment,
00:13:14
the hackers panic a little. Under
00:13:16
pressure, they decide to rewrite the
00:13:18
code. This time they tell the program,
00:13:20
"Expect German. Expect that OO." Then
00:13:23
they try again, and this time it works.
00:13:26
The tool successfully copies the inbox
00:13:28
and sends it out. It's not Miracle's
00:13:30
correspondence from the Chancellory, but
00:13:32
still a huge win for the attackers.
00:13:35
But the hackers messed up. Maybe from
00:13:37
the rush, maybe out of nervousness. In
00:13:40
the code of the program, investigators
00:13:42
later discover a critical detail. The
00:13:44
hacker forgot to delete the name of the
00:13:46
computer he was working on. The path
00:13:49
reads, "See users Scaramooch."
00:13:52
Scaramu is a clown-like character from
00:13:54
Italian theater. People might also
00:13:56
recognize the name from Bohemian Rap
00:13:58
City.
00:13:59
[Music]
00:14:03
That's the hacker's alias, his handle.
00:14:06
In secret, Scaramoosh and his team
00:14:08
become high priority targets. The
00:14:10
federal public prosecutor's office opens
00:14:12
an investigation on suspicion of
00:14:14
espionage and Glen Merkel later calls it
00:14:17
an act of hybrid warfare. But publicly
00:14:19
the German government keeps quiet at
00:14:21
first. No accusations, no pointing
00:14:23
fingers. In total around 16 GB of data
00:14:27
is believed to have been stolen from the
00:14:28
Bundisto network, though no one knows
00:14:30
for sure. 16 GB doesn't sound like much,
00:14:33
right? Just an old USB stick. But in
00:14:36
context, it's a lot. Especially if we're
00:14:39
talking only emails. 16 GB contains a
00:14:42
staggering amount of information. Hm. Is
00:14:45
that really the end of the world,
00:14:46
though? A little espionage here and
00:14:48
there. Business as usual. Sure, they
00:14:51
stole some files, but what could they
00:14:52
really do with that?
00:14:54
Then came the US presidential election
00:14:56
in 2016. Putin's bears shows what
00:14:59
they're really capable of. The Clinton
00:15:00
campaign won't confirm or deny the
00:15:02
veracity of any of the emails posted by
00:15:04
Wikileaks.
00:15:05
What lines they're willing to cross and
00:15:07
just how much chaos a few gigabytes can
00:15:09
unleash.
00:15:11
[Music]
00:15:13
Chapter 2, The Orange.
00:15:21
In mid 2015, Donald Trump announces his
00:15:23
candidacy.
00:15:25
At first, no one really takes him
00:15:26
seriously, but because he's so
00:15:28
different, so unfiltered, saying things
00:15:30
no one else would dare, the media can't
00:15:32
stop talking about him.
00:15:34
And Mexico will pay for the wall,
00:15:38
I could stand in the middle of Fifth
00:15:39
Avenue and shoot somebody and I wouldn't
00:15:41
lose any voters. Okay.
00:15:42
One outrageous statement after the next
00:15:44
dominates the headlines.
00:15:46
ISIS is honoring
00:15:49
President Obama. He is the founder of
00:15:53
ISIS. He's the founder of ISIS.
00:15:55
There's public outrage, disbelief, and
00:15:57
widespread support for him.
00:15:58
I don't know what I said. Uh, I don't
00:16:00
remember.
00:16:01
By early 2016, Trump is no longer the
00:16:03
oddball outsider. He's now the
00:16:05
Republican frontr runner, going
00:16:07
headto-head with Democrat Hillary
00:16:08
Clinton.
00:16:12
Half a world away in the Kremlin,
00:16:13
Vladimir Putin is watching closely. He
00:16:16
doesn't like Hillary Clinton. Not one
00:16:18
bit. The two have history. Back in 2011,
00:16:21
Clinton was the US Secretary of State
00:16:23
when Russia held national elections. She
00:16:25
publicly questioned whether the vote had
00:16:27
been rigged and massive protests
00:16:29
followed across the country. Putin
00:16:31
accused the US of stirring up those
00:16:32
demonstrations. He never forgave her for
00:16:34
that. Politically, she had been one of
00:16:36
his toughest opponents for years. Later,
00:16:39
the European Court of Human Rights
00:16:40
confirmed that the 2011 Russian election
00:16:42
was in fact manipulated.
00:16:44
Putin clearly is rooting for the other
00:16:46
guy, the loud billionaire. Trump, for
00:16:49
his part, has repeatedly praised Putin
00:16:51
in the past. He sees Putin as a strong
00:16:53
leader, someone he thinks he could get
00:16:55
along with as president. So Putin
00:16:57
consults with his three intelligence
00:16:59
agencies and makes a call.
00:17:03
March 19th, 2016, an email lands in the
00:17:06
inbox of John Podesta, Clinton's
00:17:08
campaign manager. The message looks like
00:17:10
a standard Google security alert,
00:17:12
something about suspicious activity, and
00:17:14
a prompt to reset the password. But
00:17:16
Podesta double checks with an IT staffer
00:17:18
at the DNC to be sure. Unfortunately,
00:17:20
the staffer replies that the email is
00:17:22
legit when he actually meant the
00:17:24
opposite. Just one typo with massive
00:17:26
consequences. Podesta assumes the
00:17:29
message is safe, clicks the link, and
00:17:31
enters his login on a fake site. That's
00:17:33
it. The hackers are in. They now have
00:17:36
access to internal communications,
00:17:37
emails, and nearly everything tied to
00:17:39
the campaign. They're part of Fancy
00:17:41
Bear, the same group tied to the
00:17:43
Bundesto hack.
00:17:46
They steal 50,000 of Podesta's emails.
00:17:49
The tactic is known as fishing, casting
00:17:51
bait and waiting for a bite. Spear
00:17:53
fishing, more specifically, as it's
00:17:54
tailored to a specific person. With the
00:17:57
same approach, Fancy Bear targets 300
00:17:59
more people inside Clinton's campaign.
00:18:01
No one knows how many fell for it. In
00:18:03
early April, they go after another key
00:18:05
target, the Democratic Congressional
00:18:07
Campaign Committee, DCCC, a central
00:18:10
player in the Democratic election
00:18:11
machine. Using more convincingly real
00:18:14
looking emails, they manage to steal the
00:18:15
credentials of at least one DCCC
00:18:17
employee. And just like that, they're in
00:18:20
again.
00:18:22
Once inside, Fancy Bear uses two main
00:18:24
types of malware, X-Agent and X Tunnel.
00:18:27
The latter is the same tool used in the
00:18:29
attack on Claudia Heights computer in
00:18:31
Berlin. While digging through the DCCC,
00:18:33
the hackers find something even more
00:18:35
valuable. Credentials that let them slip
00:18:37
into the Democratic National Committee,
00:18:39
DNC, the heart of the party. There they
00:18:42
uncover detailed documents on campaign
00:18:44
strategy, including a file on Trump full
00:18:46
of potentially damaging information.
00:18:49
In early May, the intrusion is finally
00:18:51
detected. The DCCC and the DNC hire a
00:18:54
cyber security firm to clean house, a
00:18:57
process that will stretch all the way
00:18:58
into October. But the Democrats should
00:19:01
have discovered the hackers much sooner.
00:19:04
[Music]
00:19:06
In a small, unremarkable office in
00:19:07
Moscow, another set of hackers is
00:19:09
quietly at work. This group is known as
00:19:12
Cozy Bear, most likely working under the
00:19:14
SVR, Russia's Foreign Intelligence
00:19:16
Service. They've been inside the
00:19:17
Democrats network since June 2015, far
00:19:20
longer than Fancy Bear. As strange as it
00:19:23
sounds, Cozy and Fancy Bear probably
00:19:24
weren't even aware of each other. They
00:19:26
had different bosses, didn't talk,
00:19:28
didn't collaborate. Cozy Bear is known
00:19:30
for being quiet and methodical,
00:19:32
targeting all kinds of institutions
00:19:33
without leaving much of a trace. But
00:19:35
this time, someone's watching them. In
00:19:37
2014, Dutch intelligence pulled off an
00:19:39
incredible hack. They gained access to
00:19:41
surveillance cameras in the very
00:19:43
building where Cozy Bear operates.
00:19:45
They're literally washing the hackers at
00:19:46
work. That's how they realize Cozy Bear
00:19:49
is crawling through the DNC systems. So,
00:19:51
the AIVD warns the American counterparts
00:19:53
early on. That warning eventually
00:19:55
reaches the FBI. By September 2015, an
00:19:58
agent in Washington calls the DNC to let
00:20:01
them know Russian hackers are inside
00:20:02
their systems, but the warning goes
00:20:04
nowhere.
00:20:06
The call lands with lower level IT staff
00:20:08
and is more or less ignored. Senior
00:20:10
leadership at the DNC later claimed they
00:20:12
didn't even know about it at the time.
00:20:14
The hackers could have been discovered
00:20:15
much earlier. If anyone had looked more
00:20:17
closely at Cozy Bear, they likely would
00:20:19
have seen Fancy Bear, too. And if that
00:20:21
had happened, the summer of 2016 might
00:20:23
have unfolded quite differently.
00:20:29
But it didn't.
00:20:32
Back to spring 2016, Fancy Bear launches
00:20:35
a website, dcaks.com.
00:20:38
And starting in June, they begin
00:20:39
dropping bombshell after bombshell. They
00:20:41
invent a fake identity, Guifer 2.0, a
00:20:44
supposed Romanian lone wolf behind all
00:20:46
the leaks. Guifer gets a blog, reaches
00:20:49
out to journalists, and offers up stolen
00:20:51
files. The DNC hack dominates the
00:20:53
headlines. It becomes breaking news on
00:20:55
TV. Suddenly, internal dirt from within
00:20:57
the Democratic Party. Rumors, backroom
00:20:59
deals, tensions is out in the open. It's
00:21:01
a major blow to Hillary Clinton's
00:21:03
campaign. The emails appear to show the
00:21:05
DNC clearly favoring Clinton over Bernie
00:21:07
Sanders, even though they were supposed
00:21:08
to stay neutral. There's content about
00:21:11
what she earned for Wall Street speeches
00:21:12
and even alleged anti-atholic bias.
00:21:16
Trump jumps on the scandal. At a rally,
00:21:18
he famously says, "Russia, if you're
00:21:20
listening, I hope you're able to find
00:21:23
the 30,000 emails that are missing. I
00:21:27
think you will probably be rewarded
00:21:30
mightily by our press.
00:21:32
At that point, Clinton is already under
00:21:33
pressure over her use of a private email
00:21:35
server while serving as Secretary of
00:21:37
State. The FBI confirms she also deleted
00:21:40
private emails from that account, which
00:21:42
makes people believe that she's hiding
00:21:43
something. Trump seizes the moment,
00:21:45
tying that controversy to the flood of
00:21:47
new leaks. That very same day, Fancy
00:21:49
Bear sent 76 spear fishing emails to
00:21:51
Clinton's staff. The impact of the leaks
00:21:54
on Clinton's campaign is huge. Maybe not
00:21:56
the deciding factor, but they definitely
00:21:57
give Trump a boost over and over again.
00:22:00
What started as chaos turned into
00:22:02
something more focused. A clear attempt
00:22:04
to help Donald Trump. Just over a month
00:22:06
before election day, the hackers hand
00:22:08
over John Podesta's emails to Wikileaks.
00:22:11
And then week after week, those emails
00:22:13
are released strategically, some more
00:22:15
dramatic than others, but all grabbing
00:22:17
headlines. The constant drip of leak
00:22:19
material creates a lasting impression.
00:22:21
Something shady is going on inside the
00:22:23
Democratic party. Clinton loses
00:22:25
momentum. She's forced to shift her
00:22:27
message and constantly defend herself in
00:22:29
the press and directly against Trump in
00:22:31
public debates. The leaks are part of
00:22:34
something bigger. Fancy Bear is
00:22:35
supported by a digital army of trolls.
00:22:38
For example, operating out of this
00:22:39
building in St. Petersburg, they flood
00:22:41
social media with manipulated content
00:22:43
and polarizing posts. Some even succeed
00:22:46
in organizing real life protests across
00:22:47
multiple US cities.
00:22:49
[Music]
00:22:53
Hillary Clinton loses, Donald Trump
00:22:56
becomes president. It's nearly
00:22:57
impossible to measure how much influence
00:22:59
the hacks and disinformation had,
00:23:01
whether they tipped the scales, but many
00:23:03
experts like Kathleen Hall Jameson agree
00:23:05
they had an impact. Russia to some
00:23:07
extent successfully interfered with the
00:23:09
2016 US election.
00:23:14
It's widely seen as the most effective
00:23:15
hack and leak operation ever pulled off.
00:23:18
steal data, release it strategically,
00:23:20
and fan the flames of chaos. The idea
00:23:22
that states spy on each other isn't new.
00:23:25
But taking that intelligence and
00:23:26
throwing it into the public to
00:23:27
deliberately sway an election, that's
00:23:29
something else entirely. If hackers can
00:23:31
get their hands on internal data,
00:23:32
release it at the perfect moment, and
00:23:34
shape public opinion, what does that
00:23:36
mean for the future of democracy? If a
00:23:38
foreign power can mess with the core of
00:23:39
another country's democratic process,
00:23:41
that's not just hacking. That's
00:23:43
destabilization. And it's part of a
00:23:45
broader pattern made to erode public
00:23:46
trust in democratic institutions.
00:23:48
Democracies are at a disadvantage in
00:23:50
this fight. A dictatorship can flood the
00:23:52
internet with state media, bots, fake
00:23:54
accounts, leak operations and watch as
00:23:56
the public sphere in open society
00:23:58
fragments and turns against itself.
00:24:01
Meanwhile, inside the authoritarian
00:24:02
regime, nothing wobbles. Descent is
00:24:05
crushed quickly and publicly.
00:24:08
The United States only realizes what
00:24:10
just happened after elections have
00:24:11
already passed. The CIA, FBI, and NSA
00:24:14
compiled their findings in a highly
00:24:16
classified report. In early 2017, a
00:24:18
redacted version is released to the
00:24:20
public. One sentence stands out as
00:24:22
especially alarming. We assess that
00:24:24
Moscow will apply lessons learned from
00:24:26
its campaign aimed at the US
00:24:27
presidential election, to future
00:24:29
influence efforts worldwide. The sheer
00:24:31
aggression and skills of these cyber
00:24:32
operations, especially in the US, opens
00:24:35
many people's eyes. They realize this
00:24:38
isn't just spying, it's sabotage.
00:24:41
In Germany, alarm bells start ringing,
00:24:43
too. There's a federal election coming
00:24:44
up in 2017. What does all of this mean
00:24:47
for them? Then a new website pops up.
00:24:51
Btleaks.com.
00:24:52
BT like Bundist. Just like dcakes.com.
00:24:57
Suddenly, everyone is on edge.
00:24:59
Variations like btleaks.org start
00:25:01
appearing too. German authorities notice
00:25:03
that someone is registering these sites
00:25:05
and panic starts to set in. Is the world
00:25:07
about to see a repeat of the US
00:25:09
playbook?
00:25:11
In early May 2017, Angela Merkel travels
00:25:14
to Russia for the first time since the
00:25:15
Bundist Dog hack. She meets Putin at his
00:25:18
summer residence in Sochi. There she
00:25:20
confronts him. Putin insists that Russia
00:25:22
never interferes in the internal affairs
00:25:24
of other nations. Merkel replies firmly,
00:25:27
"I assume that German parties will
00:25:29
handle their election campaigns among
00:25:30
themselves. A clear warning, stay out."
00:25:34
In the end, the 2017 German election
00:25:36
isn't rocked by any major leaks. To this
00:25:39
day, no one knows for sure what happened
00:25:40
to the stolen 16 GB from the Bundesog
00:25:43
hack. There's never been a single public
00:25:45
leak directly tied to that data. But
00:25:47
then again, maybe there doesn't need to
00:25:49
be. Maybe the information was used in
00:25:51
some other way. Quietly, tactically.
00:25:55
Meanwhile, the hunt for Scaramooch
00:25:57
continues. It'll be a while before his
00:25:59
identity is finally confirmed.
00:26:02
[Music]
00:26:07
[Music]
00:26:20
Some of his colleagues aren't so lucky.
00:26:23
[Music]
00:26:26
Chapter 3. The cleaning crew.
00:26:34
April 10th, 2018, a passenger plane from
00:26:37
Moscow lands at Skipple airport in the
00:26:39
Netherlands.
00:26:40
Among the passengers, four Russian men.
00:26:43
They look like typical business
00:26:44
travelers, Alexe Minion and Alexnikov.
00:26:48
Both in their 40s, seem cheerful. Behind
00:26:50
them walk two younger men, Yfgenei
00:26:53
Seabriov and Alexe Morenitz. According
00:26:56
to their passports, they're diplomats. A
00:26:58
sharply dressed man from the Russian
00:26:59
embassy meets them in arrivals and
00:27:01
escorts them out of the airport.
00:27:03
But they aren't here on official duty.
00:27:05
They're part of a special unit trained
00:27:07
to carry out covert foreign operations.
00:27:10
Minion and Sutnikov handle
00:27:12
reconnaissance. Seriov and Minitz are
00:27:15
the hackers. They rent a small car and
00:27:17
drive to the H. They stop at an
00:27:20
electronic store to buy a heavy duty
00:27:21
12vt battery and a charger, then check
00:27:24
into a hotel.
00:27:27
The next day, Minion heads to OPCW, the
00:27:30
organization for the prohibition of
00:27:31
chemical weapons. That's an
00:27:33
international body that investigates
00:27:34
chemical weapons use and checks
00:27:36
compliance with global conventions. The
00:27:38
OPCW has just finalized its report on a
00:27:41
high-profile case. Sergey Scrippal and
00:27:44
his daughter Julia were found
00:27:45
unconscious on a bench in Salisbury, UK
00:27:47
after being poisoned with Novach, a
00:27:50
nerve agent developed in Russia. The
00:27:52
OPCW report confirms the British
00:27:54
findings.
00:27:56
Minan scouts the site. He photographs
00:27:59
the OPCW building and the Marriott Hotel
00:28:01
next door. 2 days later, April 13th, the
00:28:05
group plans to strike. Time is short.
00:28:09
What they don't realize is that they're
00:28:10
being watched. From the moment they set
00:28:12
foot into the country, they've been
00:28:13
under surveillance by the Dutch Military
00:28:15
Intelligence Service, MIVD. For the
00:28:18
original version of this documentary, we
00:28:20
interviewed a senior MIVD official. Due
00:28:22
to Wright's restrictions, we had to cut
00:28:24
those segments from this adaptation. He
00:28:26
couldn't help but grin when describing
00:28:27
their transport. A rather small car for
00:28:29
a bunch of guys tightly cramped in
00:28:31
there. The agency follows them closely,
00:28:33
but how did they even know to look for
00:28:35
them? Apparently, the MIVD received
00:28:37
intelligence that members of APT28 would
00:28:40
be flying in. Fancy bear again.
00:28:43
According to the Guardian, the original
00:28:44
tip may have come from British
00:28:46
intelligence.
00:28:48
April 13th, the operation begins. The
00:28:51
four men drive to the Marriott hotel and
00:28:53
park close to the OPCW building. The
00:28:55
car's rear faces the compound. The trunk
00:28:58
is packed with equipment. The battery
00:29:01
and a voltage regulator power a computer
00:29:03
which is connected to a laptop in the
00:29:05
front. Sarah Briakov and Morinets use it
00:29:08
to execute the hack. The key component
00:29:10
is a flat panel Wi-Fi antenna hidden
00:29:12
under a jacket connected via USB. It
00:29:15
mimics the OPCW's real Wi-Fi network.
00:29:18
Devices inside might autoconnect,
00:29:20
believing it's legit. Once they connect,
00:29:22
the hackers can steal credentials. With
00:29:24
those, they could slip into the OPCW's
00:29:27
internal network. The likely goal, steal
00:29:29
or undermine the scripple findings or
00:29:31
discredit the organization through a
00:29:32
leak,
00:29:34
but they don't get that far.
00:29:38
Dutch authorities move in. Two unmarked
00:29:40
vehicles roll quietly onto the lot.
00:29:42
Then, sudden action. Doors fly open. The
00:29:45
four men are taken down. One tries to
00:29:47
destroy his phone, kicking it
00:29:48
repeatedly, but fails.
00:29:52
Then comes the search. There's a plastic
00:29:54
bag filled with trash from their hotel
00:29:56
room. Beer cans, receipts, a
00:29:58
half-hearted attempt to cover their
00:29:59
tracks. Also, €20,000 and $20,000 in
00:30:03
Chris bills. Most incriminating of all,
00:30:06
a taxi receipt in Morinens's bag
00:30:09
documenting a ride from the GRU barracks
00:30:11
to the airport on the day of departure.
00:30:13
The team's devices tell an even bigger
00:30:15
story. One phone was activated just the
00:30:17
day before their trip. Its first signal
00:30:19
pinged a tower right next to the GRU
00:30:21
headquarters.
00:30:22
The laptops reveal a broader mission
00:30:24
trail. Seriov had been in Lusan in 2016
00:30:28
likely targeting the World Anti-Doping
00:30:30
Agency.
00:30:31
Breaking news out of Loausanne,
00:30:32
Switzerland, where Russia has been
00:30:34
handed a 4-year ban by the World
00:30:36
Anti-Doping Agency.
00:30:38
In December 2017, he was in Koala Lumpur
00:30:40
where he reportedly tried to hack the
00:30:42
Malaysian police. The agency then
00:30:44
investigating the MH17 plane crash.
00:30:46
Malaysia Airlines flight MH17 crash
00:30:49
landed in eastern Ukraine.
00:30:52
That flight was brought down by a
00:30:53
Russian-made missile over eastern
00:30:54
Ukraine. And the team wasn't planning to
00:30:57
stop at the OPCW. They had trained
00:30:59
tickets from UTF to burn Switzerland,
00:31:01
likely headed for the SPE laboratory,
00:31:03
which was also analyzing Novach.
00:31:07
Sometimes hackers need to get physically
00:31:09
close to their targets. Sending fishing
00:31:11
emails isn't enough. You need to know
00:31:13
what kind of networks are in place, what
00:31:14
security measures are active, and
00:31:16
sometimes even watch the people going in
00:31:17
and out. German journalists have
00:31:20
nicknamed them the cleaning crew because
00:31:21
they show up after something major has
00:31:23
gone wrong and try to clean up or spin
00:31:25
the story. For the MIVD, this was a
00:31:27
major win and they decided to take it
00:31:29
public. Usually, they don't disclose
00:31:31
their operations, but this time they had
00:31:33
a press conference 5 months later. The
00:31:36
four men were eventually released and
00:31:38
sent back to Russia, likely for
00:31:39
diplomatic reasons. Their mistakes seem
00:31:42
amateur-ish.
00:31:44
Why keep that taxi receipt?
00:31:47
Well, these aren't mythical hooded
00:31:48
figures. They're civil servants. Hackers
00:31:51
on a schedule, assigned tasks, bad
00:31:53
coffee, strict rules. They just happen
00:31:56
to work for an authoritarian regime and
00:31:57
weaponized code.
00:32:00
Russia, of course, denies everything.
00:32:02
The men were supposedly just on a
00:32:04
routine trip. Of course, nothing screams
00:32:06
routine like a flat panel antenna in the
00:32:09
trunk.
00:32:12
This strange hotel parking lot escapade
00:32:14
shows something important. Putin's bears
00:32:16
can be stopped. Germany has fended them
00:32:19
off. A conservative linked NGO was
00:32:21
targeted, but the attack failed. In
00:32:24
France, McCloon's 2017 campaign fended
00:32:26
off a similar attack. And in the US, the
00:32:29
response came loud and clear. In 2018,
00:32:32
they decide to send a message. That
00:32:34
February, the US Department of Justice
00:32:36
indictes 13 Russian nationals and three
00:32:38
Russian companies. They're accused of
00:32:40
deliberately interfering with the
00:32:41
American political system. Not long
00:32:43
after, another sweeping indictment is
00:32:45
released. This one focused specifically
00:32:47
on Fancy Bear. The FBI outlines exactly
00:32:50
how they trace the DNC hack back to
00:32:51
individual Russian operatives. Multiple
00:32:53
names are listed, all Russian citizens.
00:32:56
According to the investigators, they
00:32:57
work for Russian intelligence.
00:33:00
The hackers remain safe in Russia. No
00:33:02
arrests follow. But one thing is clear,
00:33:04
much of the world is now off limits to
00:33:06
them. And this isn't just about naming
00:33:08
names. It's a clear line in the sand.
00:33:11
There are boundaries and these
00:33:13
operatives cross them.
00:33:16
One name stands out to German
00:33:18
investigators. One of the men listed is
00:33:20
believed to use the alias Scaramoosh.
00:33:22
The same alias linked to the VSC.exe
00:33:25
program. His real name is Dimmitri
00:33:27
Boden.
00:33:29
He's the man who broke into Angla
00:33:30
Merkel's computer. Today he's 32 years
00:33:33
old. Investigators found out quite a lot
00:33:35
about him. They have photos of him.
00:33:37
Young face, dark blonde hair, shoulder
00:33:39
length now. He's from Kursk, married,
00:33:42
reportedly has a daughter, lives in a
00:33:44
town just south of Moscow. He listens to
00:33:46
music while he works. Russian rock,
00:33:49
techno. According to forensics, he even
00:33:51
string football matches while hacking.
00:33:53
He's a big fan of Cristiano Ronaldo.
00:33:55
Apparently, in many ways, he seems like
00:33:57
an average guy, but he's a government
00:33:59
hacker serving in a regime that targets
00:34:01
Western democracies. In May 2020, the
00:34:04
German federal public prosecutor files
00:34:06
charges against Bowen as well.
00:34:11
After the first wave of indictments in
00:34:13
2018, Vladimir Putin sat down with NBC
00:34:15
for an interview. There, he was
00:34:17
confronted with the allegations.
00:34:19
13 Russians and three Russian-owned
00:34:22
companies have been indicted by a
00:34:23
special prosecutor named Robert Mueller
00:34:25
in the United States for interfering in
00:34:28
our election. Why would you allow an
00:34:30
attack like this on the United States?
00:34:34
Why have you decided the Russian
00:34:35
authorities, myself included, gave
00:34:38
anybody permission to do this?
00:34:39
If the 13 Russian nationals plus three
00:34:42
Russian companies did in fact interfere
00:34:44
in our elections, is that okay with you?
00:34:52
I don't care.
00:34:54
I couldn't care less.
00:34:57
Putin's bears were never captured. Their
00:34:59
operations weren't dismantled. This
00:35:01
isn't a story with a clean, satisfying
00:35:03
ending. Quite the opposite.
00:35:07
Chapter 4. The satellite.
00:35:16
February 24th, 2022. A cold night in
00:35:19
Moscow. The day has barely begun.
00:35:26
[Music]
00:35:29
A quiet man heads to work earlier than
00:35:31
usual.
00:35:32
He's riding the metro
00:35:34
[Music]
00:35:42
at Polyska station. He gets off. From
00:35:45
there, it's a 10-minute walk.
00:35:51
He's a little on edge. Lights a
00:35:53
cigarette. He works for the GRU in the
00:35:56
aquarium. He's part of unit 74455,
00:36:00
better known abroad as Sandworm or
00:36:02
Voodoo Bear. At his desk, he pulls up a
00:36:05
chair. Time to go to work.
00:36:09
[Music]
00:36:12
He and his colleagues have spent months
00:36:14
preparing for this moment. Now it's just
00:36:16
a few final clicks.
00:36:19
[Music]
00:36:27
Meanwhile, in Austin, Texas, it's still
00:36:29
February 23rd. A senior executive at
00:36:32
Vioat, a satellite internet provider, is
00:36:34
just settling into his evening. Vioat's
00:36:37
tech is known for being dependable,
00:36:39
especially in remote areas. Suddenly,
00:36:42
his devices start lighting up with
00:36:43
automated warnings.
00:36:45
They're coming from Ukraine. Two of
00:36:47
Viasat's ground stations are under
00:36:49
attack, flooded with malicious data
00:36:50
packets.
00:36:52
Internet from satellites doesn't
00:36:53
actually come from space. It's routed
00:36:55
through ground stations. If those crash,
00:36:57
nothing gets through. And now they're
00:36:59
overwhelmed. So overloaded, they can't
00:37:02
deliver connectivity at all. But the
00:37:04
Voodoo Bear operative in Moscow isn't
00:37:05
finished yet. These kind of attacks can
00:37:08
sometimes be fended off, but this one
00:37:10
keeps escalating. Internet providers
00:37:12
usually have remote access to their
00:37:13
customers modems. That's how they pushed
00:37:15
software updates. That access, of
00:37:17
course, should be highly secure. In
00:37:19
Vasat's case, it wasn't. Voodoo Bear had
00:37:22
already infiltrated months earlier. The
00:37:24
hackers send a command to the modems,
00:37:26
forcing them to download malicious code
00:37:28
that wipes login credentials stored on
00:37:30
the devices. Without those credentials,
00:37:32
the modems can't authenticate, can't
00:37:34
connect, and go completely offline.
00:37:37
The attack spreads fast. The senior
00:37:39
manager stares at his screen in
00:37:40
disbelief. 30,000 modems across Europe
00:37:43
are now nothing but e-waste. In Germany,
00:37:46
5,800 wind turbines go offline. In a
00:37:49
small village in Sweden, the internet
00:37:50
vanishes. And in Ukraine, VASAT's
00:37:53
biggest customer
00:37:56
is the military.
00:37:59
Suddenly, across army installations,
00:38:01
there's tension.
00:38:04
The communication infrastructure is
00:38:06
being hit. Right. It is reports flood in
00:38:08
from the borders. Russian troops and
00:38:10
armored vehicles are pouring in. The
00:38:13
invasion, long looming like fog, has
00:38:15
begun.
00:38:17
Ukraine is hit from three directions.
00:38:19
Missile strikes. Commands are shouted.
00:38:23
And amid the chaos, a terrifying thought
00:38:25
spreads. What if the comms go down? What
00:38:28
if the command dashboards fail?
00:38:30
Surveillance feeds cut to black.
00:38:35
The VSAD attack was a highly effective
00:38:36
cyber strike, perfectly timed with the
00:38:39
invasion. But for Ukraine, it wasn't a
00:38:41
new experience. Ukraine has been in
00:38:43
Russia's cyber crosshairs for years, not
00:38:45
just since the invasion in 2022, but
00:38:47
dating back to 2014 after the annexation
00:38:50
of Crimea. That year, Russia tried to
00:38:53
hack Ukraine's elections. In 2015 and
00:38:55
2016, Voodabar took down parts of the
00:38:57
country's power grid, each time for
00:38:59
hours. In 2022, they tried again. This
00:39:02
time they failed. Russia often tests
00:39:05
tactics like election interference in
00:39:07
Ukraine before deploying them elsewhere.
00:39:09
That's why Ukraine is sometimes called
00:39:10
Russia's cyber test battlefield. The war
00:39:13
has now been raging for over 3 years and
00:39:15
all of Putin's bears are involved. They
00:39:18
attack government systems and major
00:39:19
companies. They spy, they leak, they
00:39:22
fuel disinformation campaigns. But
00:39:25
Ukraine, it seems, is defending itself
00:39:26
formidably, not just on the ground, but
00:39:29
also in cyerspace. And they're not
00:39:31
alone. Today the country is supported by
00:39:33
several leading western cyber security
00:39:35
firms.
00:39:37
Epilogue trains
00:39:41
Putin's bears are still out there as
00:39:43
dangerous as
00:39:44
ever. Harken Tan Rivera is one of the
00:39:47
journalists we interviewed for this
00:39:49
video. Not long ago, a colleague of his
00:39:52
received a mysterious leak. A batch of
00:39:54
internal documents from a Russian
00:39:57
company called NTC Vulcan.
00:40:00
It supplies Russian intelligence
00:40:02
services and the military with cyber
00:40:04
weapons of all kinds, and their internal
00:40:07
documents are chilling.
00:40:10
Among other things, Russia seems to have
00:40:13
been mapping out what to do once a
00:40:15
territory is conquered, how to bend it,
00:40:18
break it, remake it.
00:40:21
Beyond that, they're experimenting with
00:40:24
control over foreign critical
00:40:26
infrastructure.
00:40:27
For example, they're testing if they can
00:40:30
slow down trains.
00:40:32
And if you can slow down a train, well,
00:40:36
then you can speed it up, too.
00:40:39
One thing is certain. We haven't heard
00:40:42
the last of the bears. Not by a long
00:40:45
shot. And in the years ahead, we'll have
00:40:48
to stay alert. Learn to spot their
00:40:51
traps, their tricks, their carefully
00:40:54
laid bait.
00:40:58
Because once they're inside,
00:41:00
it rarely ends well.
00:41:20
[Music]

Etiquetas

Russian hackers
cybersecurity
Bundestag hack
Fancy Bear
US election interference
phishing
malware
geopolitical impact
democracy
cyber warfare