Just hours after the death of opposition leader Alexey Navalny in February in a Russian prison, a group of anti-Kremlin hackers set out to seek revenge.
Using access to a computer network linked to Russia's prison system, the hackers posted a photo of Navalny on the website of the third-party company managing the prison, according to interviews with the hackers, screenshots and data reviewed by the CNN .
“Long live Alexey Navalny!” says a message on the hacked website, accompanied by a photo of Navalny and his wife Yulia at a political rally.
In a surprising security breach, they also appear to have stolen a database containing information on hundreds of thousands of Russian prisoners and their family members and contacts, including, the hackers claim, data on prisoners held at the Arctic penal colony where Navalny died in February 16th.
The hackers, who say they are a mix of nationalities including Russian and Ukrainian expatriates, are sharing this data, including phone numbers and email addresses of prisoners and their families “in the hope that someone can contact them and help understand what happened to Navalny,” said a hacker who claimed to be involved in the breach.
Additionally, hackers accessed the Russian prison system's online system, where family members buy food for inmates, to change the prices of things like pasta and canned meat to one ruble, which is equivalent to about R$0.05, according to with screenshots and videos of online store purchases posted by the hackers. Typically, these products cost more than R$5.
It took several hours for the administrator of the prison's online store to realize that Russians were buying food for pennies, according to the hacker involved.
And it took three days before the prison's IT team was able to fully shut down the discounts offered by the hackers, according to the hacker's account.
“We were watching [os registros de acesso à loja online] and it kept rolling faster and faster with more and more customers making purchases,” the hacker said in an online chat while providing data to CNN corroborating that they were involved.
Hackers claim the database contains information on around 800,000 prisoners and their relatives and contacts.
An analysis of data from the CNN found some duplicate entries in the database, but it still contains information about hundreds of thousands of people.
A CNN managed to match several prisoner names in screenshots shared by the hackers with people who, according to public records, are currently in Russian prison.
The prison online store that hackers appear to have breached is owned by the Russian state and is officially known as JSC Kaluzhskoe, according to Russian business records reviewed by CNN .
JSC Kaluzhskoe serves 34 regions of Russia.
A CNN requested comment from JSC Kaluzhskoe, the Federal Penitentiary Service of Russia (known as FSIN), and the individual administrators of the website that the hackers claim to have scammed.
On February 19, the day after hackers defaced the website and replaced it with Navalny's photo, JSC Kaluzhskoe posted on Russian social media platform VK that it had experienced a “technical failure” that caused “prices for food and basic needs” were “incorrectly reflected”.
Tom Hegel, a cybersecurity expert with experience analyzing data dumps, said the leaked data showed all signs of authenticity and that it originated from the hacked prison store.
Hackers “clearly had full access to get everything,” said Hegel, principal threat researcher at U.S. cybersecurity firm SentinelOne.
“The amount of images captured and data provided is quite complete.”
New chapter in hacktivism
The hacker group sent notes to administrators of the prison's online store, warning them not to remove pro-Navalny messages from the site.
When the web administrators refused, the hackers retaliated by destroying one of the administrators' computer servers, the hacker said.
Navalny, a charismatic political leader who railed against Russian government corruption, died under mysterious circumstances on February 16 in a prison in the Yamalo-Nenets region, 1,900 kilometers northeast of Moscow.
The US holds Russian President Vladimir Putin responsible for Navalny's death, US President Joe Biden said.
Politically motivated hacking, or “hacktivism” (junction of hack + activism), has been rampant in the more than two years since Russia's full-scale invasion of Ukraine.
In the days following the hack, a Ukrainian took revenge by leaking a trove of internal data from a Russian ransomware gang, showing the group's alleged connections to Russian intelligence.
Pro-Ukrainian hackers of various stripes have joined the fray, claiming responsibility for attacks on a Russian internet provider, for example, and on websites broadcasting a high-profile Putin speech last year.
The war in Ukraine “undoubtedly started a new chapter in the use of hacktivism, unprecedented on its current scale,” said SentinelOne researcher Hegel.
“Hacktivism has emerged as a powerful tool for diverse groups to express their perspectives, support their nations, target perceived adversaries, and attempt to influence the trajectory of war.”
The hack of the prison's online store came with a message from self-described Russian expatriates.
“We, IT specialists, have left today's Russia,” read a message in Russian on one of the prison store websites, according to a screenshot of the website on February 18, analyzed by CNN .
“We love our country and we will return when it is free from the Putin regime. And we will go to the end on this path.”
Source: CNN Brasil
Bruce Belcher is a seasoned author with over 5 years of experience in world news. He writes for online news websites and provides in-depth analysis on the world stock market. Bruce is known for his insightful perspectives and commitment to keeping the public informed.
