Russian DNC Hack Bombshell: First Witness Appears In Ukraine, Wrote Malware Used By Russian Intelligence

While United States intelligence concluded more than a year ago that the Russian government was behind cyber-hacking into private Democratic National Committee servers in 2016, no actual, human witness to the Russian operation had come forward to verify that claim — until now.

According to a detailed and explosive report by the New York Times on Wednesday, a software expert in Ukraine who wrote one of the “malware” — that is, software designed to infiltrate and attack other computers — programs used by a Russian intelligence unit to hack the DNC servers, has turned himself into authorities there and has already revealed his connections to the Russian hacking attacks.

The man, whose name has not been revealed but who is known by the online handle “Profexer,” turned himself into Ukrainian authorities out of fear that he may be killed to stop him from talking about the Russian election hacking operation, according to the Times report, or at least arrested by United States law enforcement.

“Profexer” is reportedly the author of the malware program “PAS web shell” which according to the United States Department of Homeland Security was used to infiltrate DNC computer servers and steal thousands of private internal emails. The emails were then posted online by a hacker using the alias “Guccifer 2.0.” However, U.S. intelligence agencies concluded that “Guccifer 2.0.” was, in fact, a front for a Russian intelligence unit that engages in malicious cyber attacks.

Russian DNC Hack Bombshell: First Witness Appears In Ukraine, Wrote Malware Used By Russian Intelligence

Read the entire New York Times report, by reporters Andrew E. Kramer and Andrew Higgins, by clicking on this link.

According the Times report, “Profexer” shut down his online presence and went underground in January.

The outlaw software author “kept a low profile. He wrote computer code alone in an apartment and quietly sold his handiwork on the anonymous portion of the internet known as the Dark Web. Last winter, he suddenly went dark entirely,” Kramer and Higgins reported.

“Profexer” offered his “PAS” malware program for free download on the Dark Web, the portion of the internet hidden from search engines such as Google. Those shadowy regions of cyberspace can be surfed only by using special software not widely available to the general public.

While the malware author has reportedly told authorities that he did not write the program for carrying out the Russian election hack, a top Ukrainian cybersecurity official told the Times that “Profexer” interacted with the Russians by phone, and was paid to write the software — but was never told how it would be used.

When he learned that U.S. authorities had identified PAS as the malware used in the DNC hack, he panicked and disappeared from the Dark Web, eventually turning himself into law enforcement in Ukraine. If the Times report is accurate, it would explain why U.S. cybersleuths in December appeared to trace the DNC hack not to Russia, but to Ukraine — a fact that has left independent cybersecurity experts scratching their heads.

Russian DNC Hack Bombshell: First Witness Appears In Ukraine, Wrote Malware Used By Russian Intelligence

However, Ukraine has long been used as a kind of laboratory by Russian government hackers testing their software and other hacking techniques on the embattled country. Ukraine has been the target of an unusual number of Russian hacking attacks, including attacks that have twice shut down entire regions of the country by crippling Ukraine’s power grid.

“Profexer,” according to Ukraine authorities, has not been placed under arrest because there is no evidence that he used the PAS malware himself, only that he authored the program.

[Featured Image by Alexei Nikolsky/AP Images]