The whole GRU phishing story seems fishy

Area 1 Security, a California-based cybersecurity firm, claimed that Russian military intelligence successfully hacked Burisma Holdings for dirt on Joe Biden’s son.

The GRU allegedly used what’s known as phishing—tricking people into revealing passwords and other information needed to penetrate a secure computer system.

Area 1 Security claims to have the capability of a little junior National Security Agency.  Here’s what the New York Times reported.

“The attacks were successful,” said Oren Falkowitz, a co-founder of Area 1, who previously served at the National Security Agency.  Mr. Falkowitz’s firm maintains a network of sensors on web servers around the globe — many known to be used by state-sponsored hackers — which gives the firm a front-row seat to phishing attacks, and allows them to block attacks on their customers.

Source: The New York Times.

But the company’s services are limited to giving really, really good protection against phishing attacks.  I would not think a company with such superpowers would limit itself like this.

Interestingly, in the original announcement and press release, Area 1 did not claim to know that Burisma Holdings security had been breached—only that the GRU was attempting to penetrate its security through phishing.

That is probably true.  The GRU is no doubt trying to penetrate all the major corporations and government agencies in Ukraine.  But why wouldn’t Area 1 put the stronger claim in its press release?  It makes the claim that the GRU was successful seem like an afterthought..

I think the purpose of the announcement is to make Burisma Holdings, the corrupt former employer of Joe Biden’s son Hunter, off limits for discussion in the coming election campaign.  Anybody who raises this issue will be called a Russian asset.


I have a suspicion some of these announcements may vanish from the web, so I’ll reproduce them here.  The first is from the Area 1 Security corporate web site.

Area 1 has identified ongoing phishing campaigns targeting Burisma Holdings – a Ukrainian oil & gas company that has been the recent subject of U.S. news headlines.

The Main Intelligence Directorate of the General Staff of the Russian Army (GRU) – a threat actor that Area 1 has tracked for several years  launched targeted campaigns to gain the account credentials of Burisma Holdings’ employees, subsidiaries and partners.

Source: Area 1 Security

And here’s the press release.

REDWOOD CITY, Calif., Jan. 14, 2020 /PRNewswire/ — Area 1 Security today shared the discovery of an active phishing campaign targeting Burisma Holdings, one of the largest private natural gas producers in the Ukraine – and a company that has been recently entangled in U.S. foreign and domestic politics.

A key aspect of attack preemption is having a deep understanding of cyber actor patterns, and continually discovering and deconstructing campaigns to anticipate future ones. During the course of its normal business of stopping phish, Area 1’s technology platform identified ongoing phishing campaigns by the Main Intelligence Directorate of the General Staff of the Russian Army (GRU) targeting employees at subsidiaries and partners of Burisma Holdings. The GRU’s phishing campaign started in early November 2019 and is designed to steal account credentials, such as usernames and passwords.

This specific phishing technique, known as credential harvesting, allows attackers to observe and gain control of an organization’s internal systems by utilizing trusted access methods. Targeting an organization’s subsidiaries or partners for credential harvesting gives a natural entrypoint for attackers to get inside the organization.

Once inside, threat actors such as GRU gain access to internal systems and data, impersonate employees through the unauthorized use of their email accounts, and manipulate business outcomes and public perception.

Source: Area 1 Security

It just seems odd that Area 1 Security initially did not make the stronger claim—that the phishing was successful—in its original announcement.  It is as if Falkowitz was so pleased with the reaction to the original claim that he decided to push the envelope.

None of this is proof that Area 1 Security’s claim is false.  It just seems unlikely to me, based on what I know so far.


The impeachment charge against President Trump is that he threatened to withhold financial aid from Ukraine unless the government resumed a stalled investigation of Burisma Holdings and that he did it for the purpose of embarrassing Joe Biden, whose son Hunter formerly was a member of the board of directors.

But Joe Biden himself threatened to withhold aid from Ukraine unless it fired its chief prosecutor, Viktor Shokin, who was pursuing a corruption investigation against Mykola Zlochevsky, Burma’s owner.

This corruption investigation was in progress when President Obama gave Biden responsibility for Ukraine policy, after which Hunter Biden joined the Burisma board.  Joe Biden’s claim is that Shokin was corrupt, but the record shows that Shokin was diligent in pursuing the case against Zlochevsky.

Suppose, for the sake of argument, that the GRU really did hack Burisma Holdings and that it discovered derogatory information about Hunter Biden, such as payoffs for trying to influence the U.S. government.  Suppose at some future point this information is published.

I do not claim that such information exists.  This is just an example.  But it is possible.

Should we Americans ignore true facts simply because they come from a suspect source?  Suppose the CIA or NSA discovered and revealed true derogatory information about Vladimir Putin?  {There are those who say they already did in the Panama Papers leak.)

Two wrongs don’t make a right.  But sauce for the goose is sauce for the gander.

If Joe Biden did something wrong, that’s not justification for Donald Trump doing the same thing.  But if interference with the Ukraine government for personal political motives is an impeachable offense in the case of Donald Trump, it is going to be a campaign issue in the case of Joe Biden.

Finally, I don’t think all the facts about Burisma Holdings have come out.  The facts may be too embarrassing for too many people to ever come out.


BIDENgate: The Back Story Is All About BURISMA Holdings—an Energy Company Based in Kviv, Ukraine by Eric Zuesse for The Millennial Report.

A Timeline of Joe Biden’s Intervention Against the Prosecutor General of Ukraine on Moon of Alabama.

Russians Hacked Ukrainian Gas Company at Center of Impeachment by Nicole Perlroth and Matthew Rosenberg for The New York Times.

Did Russia Really Hack Burisma? Experts Aren’t Convinced—Yet by Adam Rawnsley for The Daily Beast.

Establishment Pundits Go Nuts Over New Russian Hacking Conspiracy by Caitlin Johnstone.

Tags: , , , ,

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: