Original taken from avmalgin Georgiy Petrovich, your mustache has come unglued
In an array of hacked correspondence between Emmanuel Macron and his headquarters published on May 5, a number of letters were found that were modified by a user named Georgiy Petrovich Roshka - this is evidenced by the metadata of the letters.
Those documents where The Insider found traces of Gheorghe Rosca (and there are at least 6 of them) are financial documents of Macron’s headquarters, here is one of them:
The real author of the document, judging by the same metadata, was the treasurer of Macron’s headquarters, Cedric O (this is not an abbreviation, but his full name). But then the document was changed by a certain Gheorghe Roshka. A man named Georgiy Petrovich Roshka works at JSC Evrika, which produces computer equipment and software, whose main clients are Russian government agencies, including the Ministry of Defense and special services.
Georgy Roshka is a programmer who participated in specialized conferences, for example “Parallel Computing Technologies”, held in 2014 in Rostov-on-Don. At the time of publication, Rosca did not respond to The Insider's request.
Let us recall that yesterday, May 5, the Internet portal WikiLeaks published a link to the hacked correspondence of French presidential candidate Emmanuel Macron and his entourage, consisting of several hundred thousand emails, photos and attachments dating back to April 24, 2017. The array size is about 9 GB.
Macron's team reported that the documents were obtained several weeks ago as a result of the hacking of the personal and work mailboxes of some representatives of the Forward! movement. and noted that in addition to real letters and documents, the array also contains fakes.
Earlier, the Japanese company Trend Micro confirmed that the Russian hacker group Pawn Storm, also known as Fancy Bear and APT28, was behind the cyber attack on Macron’s resources (which the headquarters recorded back in February). The same group has previously carried out numerous cyber attacks in other Western countries, including the United States, where hacked Democratic Party emails were also handed over to WikiLeaks for distribution ahead of the presidential election.
Let us remind you that the founder of WikiLeaks is Julian Assange, known, among other things, for his show on the Russia Today TV channel.
Let us note that previously a number of independent information security companies independently confirmed Fancy Bear/APT28’s connection with the Russian authorities (including Google experts). One of the first was Trend Micro, which discovered a powerful hacker group with a special attack style called Pawn Storm. The company was able to establish that the same group was used both in the attack on Russian oppositionists and in the attack on American servers (this was later confirmed by a number of other companies). A Trend Micro expert spoke in more detail about these attacks in an interview with The Insider.
Previously, Russian hackers were already noticed interspersing real documents with fakes in the arrays they posted. This was the case, for example, when laying out files from the Open Society Foundation of George Soros, where, along with real files, crudely falsified documents were posted, designed to create the impression that Alexey Navalny was receiving money from the foundation.
In an array of hacked correspondence between Emmanuel Macron and his headquarters published on May 5, a number of letters were found that were modified by a user named Georgiy Petrovich Roshka - this is evidenced by the metadata of the letters.
Those documents where The Insider found traces of Gheorghe Rosca (and there are at least 6 of them) are financial documents of Macron’s headquarters, here is one of them:
The real author of the document, judging by the same metadata, was the treasurer of Macron's headquarters - Cedric O (this is not an abbreviation, but his full name). But then the document was changed by a certain Gheorghe Roshka. A man named Georgiy Petrovich Roshka works at JSC Evrika, which produces computer equipment and software, whose main clients are Russian government agencies, including the Ministry of Defense and special services.
Georgy Roshka is a programmer who participated in specialized conferences, for example “Parallel Computing Technologies”, held in 2014 in Rostov-on-Don. At the time of publication, Rosca did not respond to The Insider's request.
Let us recall that yesterday, May 5, the Internet portal WikiLeaks published a link to the hacked correspondence of French presidential candidate Emmanuel Macron and his entourage, consisting of several hundred thousand emails, photos and attachments dating back to April 24, 2017. The array size is about 9 GB.
Macron's team reported that the documents were obtained several weeks ago as a result of the hacking of the personal and work mailboxes of some representatives of the Forward! movement. and noted that in addition to real letters and documents, the array also contains fakes.
Earlier, the Japanese company Trend Micro confirmed that the Russian hacker group Pawn Storm, also known as Fancy Bear and APT28, was behind the cyber attack on Macron’s resources (which the headquarters recorded back in February). The same group has previously carried out numerous cyber attacks in other Western countries, including the United States, where hacked Democratic Party emails were also handed over to WikiLeaks for distribution ahead of the presidential election.
Let us remind you that the founder of WikiLeaks is Julian Assange, known, among other things, for his show on the Russia Today TV channel.
Let us note that previously a number of independent information security companies independently confirmed Fancy Bear/APT28’s connection with the Russian authorities (including Google experts). One of the first was Trend Micro, which discovered a powerful hacker group with a special attack style called Pawn Storm. The company was able to establish that the same group was used both in the attack on Russian oppositionists and in the attack on American servers (this was later confirmed by a number of other companies). A Trend Micro expert spoke in more detail about these attacks in an interview with The Insider.
Previously, Russian hackers were already noticed interspersing real documents with fakes in the arrays they posted. This was the case, for example, when laying out files from the Open Society Foundation of George Soros, where, along with real files, crudely falsified documents were posted, designed to create the impression that Alexey Navalny was receiving money from the foundation.
This post is also available in:
On Thursday, the French government's information security office said it had identified no "Russian trace" in the cyberattack on Emmanuel Macron. Vladimir Putin spoke a little more vaguely, saying the day before that if these were Russian hackers, they were definitely not associated with the state. However, as we managed to find outTheInsider, those who hacked Macron were directly related to the state - they were active employees of the Main Intelligence Directorate of the Russian Armed Forces.
In 2016, opposite the name of Georgiy Roshka there was “Military unit No. 26165, specialist.”
The 85th main center of the GRU special service, also known as military unit No. 26165, specializes in cryptography.
GRU hackers
The former head of the 85th main center of the GRU special service, Sergei Gizunov, after the mysterious death of the head of the GRU, Igor Sergun, was expected to take his place, but he became only the deputy of the new head, Igor Korobov. Both Gizunov and Korobov are today under American sanctions in connection with “actions to undermine democracy in the United States” - that is, precisely in connection with hacker attacks. But if Korobov came under sanctions simply as the head of the GRU, then Gizunov could have had the most direct connection to cyber attacks - he is a cryptography specialist who has a number of scientific works on this topic. The 85th Main Special Service Center subordinate to him, located in Moscow at 20 Komsomolsky Prospekt, dealt with the same topic. Apparently, he went to this historical building (the former Khamovniki barracks, built under Alexander I). to the service of Gheorghe Rosca.
Sergei Zaitsev, who on behalf of “Eureka” also went with Roshka to PAVT-2014, and then appeared as an employee of the Special Development Center of the Ministry of Defense of the Russian Federation, does not appear in the list of participants in 2016 and 2017. But here’s what’s curious: if in 2016 Roshka was registered from a military unit, then in 2017 he is listed as a “research associate at the Center for Strategic Research.” Most likely, this refers to the same Special Development Center of the Ministry of Defense (it’s hard to imagine that Roshka suddenly got a job with Kudrin). But it cannot be ruled out that this position was just a cover: it was simply necessary to add something to the application form. But why did Rosca introduce himself as an employee of the Eureka company in 2014? Was that also a cover? Or does he still have something to do with her?
"Eureka" and the hacker factory
“We hereby inform you that Roshka Georgiy Petrovich did not work on a permanent basis during the period from 01/01/2003 to 05/10/2017 at JSC “EUREKA” TIN 7827008143 and no civil law contracts were concluded with him. Also, Roshka Georgiy Petrovich was not found in the lists of students of the training center, as well as in the database of email addresses of the domain.eureca.ru.”
It is not possible to verify the veracity of this answer. But it is the Eureka training center that is of particular interest. Formally, he conducts “information technology courses.” But sources familiar with the company, The Insider (who requested anonymity), reported that the same “training center” of “Eureka”, among other things, trains future hackers among intelligence officers.
It is curious that, as the Municipal Scanner project managed to find out, one of the three co-owners of Eureka, Alexander Kinal, in February of this year purchased an apartment in an elite building on Kamenny Island in St. Petersburg at 2nd Berezovaya Alley, 19. The Insider about this legendary house, in which Vladimir Putin’s inner circle lives, including his friend in judo Arkady Rotenberg, former presidential manager Vladimir Kozhin, some members of the Ozero cooperative ( Nikolai Shamalov, Yuri Kovalchuk, Sergei Fursenko and Viktor Myachin) and ex-head of the Malyshevskaya criminal group. It was Petrov’s apartment with an area of 478.7 square meters (estimated cost approximately $9 million), according to the Municipal Scanner, that was purchased by the co-owner of Eureka.
Denial stage
It is curious that Vladimir Putin denies the connection of hackers with Russia no longer so categorically, they say - they may simply be Russian patriots who act independently of the state:
“The background of interstate relations is important in this case, too, because hackers are free people, like artists: they are in a good mood, they got up in the morning and are busy painting pictures. So do hackers. They woke up today and read that something is happening there in interstate relations; if they are patriotic, they begin to make their contribution, which they believe is correct, in the fight against those who speak ill of Russia. Maybe? Theoretically possible. At the state level, we never do this, that’s what’s most important, that’s what’s most important.”
The story about “free artists” did not appear by chance. Dozens of cybersecurity organizations from different countries who have studied the activities of groups known as Fancy Bear and Cozy Bear have collected sufficient data indicating that representatives of these two groups operate from large Russian cities, speak Russian, and work on Russian working hours ( resting on days that are weekends in Russia) and attack those targets that may be of interest to the Russian government - both abroad (Hillary Clinton, Emmanuel Macron, a number of European politicians and journalists, NATO military facilities, targets in Ukraine and Georgia, etc. .d.), and within the country (oppositionists, journalists, NGO employees). Today it is no longer possible to deny the connection between hackers from these two groups and Russia. But you can try to present them as independent entities. In much the same way as the “new Russia militias” were presented as independent actors.
Previously, this justification was refuted only by indirect evidence (for example, the fact that the operations of Fancy Bear and Cozy Bear, according to experts, required a constantly working large staff of well-trained employees and serious financial resources - this is not possible for “freelance artists”). Now the participation of the GRU has been confirmed by direct evidence. Putin’s attempts to say that “someone inserted a flash drive with the name of some Russian citizen” are also unlikely to convince anyone: Roshka’s name has never previously surfaced either in connection with hackers or in connection with the GRU (and possibly , would not have surfaced without this investigation), so it could not be used for provocation.
Read about where else the “hacker factories” could be located and who supervised their work from the Kremlin in the following investigations by The Insider.
The material was prepared with the participation of:
Anastasia Kirilenko, Sergei Kanev,Willow Tsoi,Anna Begiashvili
Dozens of cybersecurity organizations from different countries, which have studied the activities of the hacker groups Fancy Bear and Cozy Bear, have proven that representatives of these communities operate from large Russian cities, speak Russian, work on Russian working hours and attack targets abroad (Clinton, Macron, a number of European politicians and journalists, NATO facilities, targets in Ukraine, etc.).
And now their involvement in the GRU has been proven.
On Thursday, the French government's information security office said it had identified no "Russian trace" in the cyberattack on Emmanuel Macron. Vladimir Putin spoke a little more vaguely, saying the day before that if these were Russian hackers, they were definitely not associated with the state. However, as The Insider managed to find out, those who hacked Macron had the most direct connection to the state - they were active employees of the Main Intelligence Directorate of the Russian Armed Forces.
At the beginning of May, The Insider wrote that the name Georgiy Petrovich Roshka was found in the metadata of hacked letters from French President Emmanuel Macron. At that time, The Insider did not yet know much about him, for example, that he, as an employee of Eureka JSC, attended the PAVT-2014 conference on information technologies, and that Eureka closely cooperates with the Ministry of Defense. It was also possible to find out that Sergei Zaitsev, who works at the Special Development Center of the Ministry of Defense of the Russian Federation, went to the conference together with Roshka (also on behalf of Eureka), and that this center is recruiting employees who are professionally familiar with programming and cryptography.
Eureka officially responded to The Insider journalists that Rosca never worked for the company and no one went to the PAVT-2014 conference on its behalf. Eureka also reported that “in open sources” one can find information that Rosca also participated in the PAVT conference in 2016 and 2017, but “in a different status.” Eureka could not explain what its status was, and what kind of open sources it was (an Internet search did not reveal any traces of Roska’s participation in later conferences, or indeed any other mentions of him). The Insider tried to get this information from the conference organizers - and that's when things got weird.
Special Purpose Conference
One of the key organizers of the conference, co-chairman of the PAVT Program Committee Leonid Sokolinsky (head of the department of system programming at SUSU) told The Insider that he could not provide information about the conference participants in 2016 and 2017, as there was a “failure in the database, as a result of which the disks came out out of order and the information was not saved.” According to him, the failure occurred due to the fact that the storage system was old. He also noted that “any person on the street” can sign up for the conference and where they come from is not checked in any way.
Well, it looks like The Insider was just out of luck. But just in case, the publication turned to another co-organizer of the conference, Vladimir Voevodin, head of the department of supercomputers and quantum information science at Moscow State University, and he unexpectedly provided a completely different answer: he has a list of participants, but he cannot give it because of his decision not to disclose personal data . When asked why this list was openly posted on the website in 2014, Voevodin replied that “they began to take personal data more seriously.”
Regarding the registration procedure for participants, Voevodin replied that those interested submit an application, then “the work is examined, a review is written, and the strongest ones are selected. If it’s accepted, it means the person is speaking.” At the same time, according to him, no one checks which organization the participant is from: “A request is not written to the organization, saying that such and such an institute has presented such and such a work signed by such and such a person. The organizers look only at the scientific component of the work and its relevance to the theme of the conference.”
Everything would be fine, but Rosca did not present any report at the conference, and in general the number of speakers at the conference was noticeably lower than the number of participants. And it didn’t look like people from the street were allowed into the event. In particular, the list of participants included military personnel. For example, Ivan Kirin, Andrey Kuznetsov and Oleg Skvortsov registered from military unit No. 71330. Judging by information in open sources, this military unit specializes in electronic intelligence, radio interception and decryption. And Alexander Pechkurov and Kirill Fedotov registered from military unit No. 51952 of the radio interception of the 16th center of the FSB of Russia. In addition, the conference was attended by three employees of the Federal State Unitary Enterprise Research Institute "Kvant", subordinate to the FSB, which back in 2015 was caught in ties with hackers.
How did it happen that intelligence officers openly register under their own names? Vladimir Voevodin told The Insider that “the participants themselves take care of secrecy, all responsibility lies with them.”
But the main question could not be answered: who is Rosca and in what status did he appear at subsequent conferences? To find out, The Insider sent letters to all participants at the 2014 PAVT conference with a request to send the list of participants for 2016 and 2017. And one of the recipients forwarded both documents.
In 2016, opposite the name of Georgiy Roshka there was “Military unit No. 26165, specialist.”
The 85th main center of the GRU special service, also known as military unit No. 26165, specializes in cryptography.
GRU hackers
The former head of the 85th main center of the GRU special service, Sergei Gizunov, after the mysterious death of the head of the GRU, Igor Sergun, was expected to take his place, but he became only the deputy of the new head, Igor Korobov. Both Gizunov and Korobov are today under American sanctions in connection with “actions to undermine democracy in the United States” - that is, precisely in connection with hacker attacks. But if Korobov came under sanctions simply as the head of the GRU, then Gizunov could have had the most direct connection to cyber attacks - he is a cryptography specialist who has a number of scientific works on this topic. The 85th Main Special Service Center subordinate to him, located in Moscow at 20 Komsomolsky Prospekt, dealt with the same topic. Apparently, he went to this historical building (the former Khamovniki barracks, built under Alexander I). to the service of Gheorghe Rosca.
Sergei Zaitsev, who on behalf of “Eureka” also went with Roshka to PAVT-2014, and then appeared as an employee of the Special Development Center of the Ministry of Defense of the Russian Federation, does not appear in the list of participants in 2016 and 2017. But here’s what’s curious: if in 2016 Roshka was registered from a military unit, then in 2017 he is listed as a “research associate at the Center for Strategic Research.” Most likely, this refers to the same Special Development Center of the Ministry of Defense (it’s hard to imagine that Roshka suddenly got a job with Kudrin). But it cannot be ruled out that this position was just a cover: it was simply necessary to add something to the application form. But why did Rosca introduce himself as an employee of the Eureka company in 2014? Was that also a cover? Or does he still have something to do with her?
"Eureka" and the hacker factory
“We hereby inform you that Roshka Georgiy Petrovich did not work on a permanent basis during the period from 01/01/2003 to 05/10/2017 at JSC “EUREKA” INN 7827008143 and no civil law contracts were concluded with him. Also, Roshka Georgiy Petrovich was not found in the lists of students of the training center, as well as in the database of email addresses of the domain.eureca.ru.”
It is not possible to verify the veracity of this answer. But it is the Eureka training center that is of particular interest. Formally, he conducts “information technology courses.” But sources familiar with the company, The Insider (who requested anonymity), reported that the same “training center” of “Eureka”, among other things, trains future hackers among intelligence officers.
Classroom at the Eureka Training Center
The Russian Ministry of Defense does not deny the presence of cyber troops, but where exactly the hacker training factories are located, of course, is not reported. Perhaps Moskovsky Prospekt, 118 is one of such places.
It is curious that, as the Municipal Scanner project managed to find out, one of the three co-owners of Eureka, Alexander Kinal, in February of this year purchased an apartment in an elite building on Kamenny Island in St. Petersburg at 2nd Berezovaya Alley, 19. The Insider I have already written about this legendary house, where Vladimir Putin’s inner circle lives, including his judo friend Arkady Rotenberg, former presidential manager Vladimir Kozhin, some members of the Ozero cooperative (Nikolai Shamalov, Yuri Kovalchuk, Sergei Fursenko and Viktor Myachin) and ex-head of the Malyshevskaya criminal group Gennady Petrov. It was Petrov’s apartment with an area of 478.7 square meters (estimated cost approximately $9 million), according to the Municipal Scanner, that was purchased by the co-owner of Eureka.
Denial stage
It is curious that Vladimir Putin denies the connection of hackers with Russia no longer so categorically, they say - they may simply be Russian patriots who act independently of the state:
“The background of interstate relations is important in this case, too, because hackers are free people, like artists: they are in a good mood, they got up in the morning and are busy painting pictures. So do hackers. They woke up today and read that something is happening there in interstate relations; if they are patriotic, they begin to make their contribution, which they believe is correct, in the fight against those who speak ill of Russia. Maybe? Theoretically possible. At the state level, we never do this, that’s what’s most important, that’s what’s most important.”
The story about “free artists” did not appear by chance. Dozens of cybersecurity organizations from different countries who have studied the activities of groups known as Fancy Bear and Cozy Bear have collected sufficient data indicating that representatives of these two groups operate from large Russian cities, speak Russian, and work on Russian working hours ( resting on days that are weekends in Russia) and attack those targets that may be of interest to the Russian government - both abroad (Hillary Clinton, Emmanuel Macron, a number of European politicians and journalists, NATO military facilities, targets in Ukraine and Georgia, etc. .d.), and within the country (oppositionists, journalists, NGO employees). Today it is no longer possible to deny the connection between hackers from these two groups and Russia. But you can try to present them as independent entities. In much the same way as the “new Russia militias” were presented as independent actors.
Previously, this justification was refuted only by indirect evidence (for example, the fact that the operations of Fancy Bear and Cozy Bear, according to experts, required a constantly working large staff of well-trained employees and serious financial resources - this is not possible for “freelance artists”). Now the participation of the GRU has been confirmed by direct evidence. Putin’s attempts to explain everything by saying that “someone inserted a flash drive with the name of some Russian citizen” are also unlikely to convince anyone: Roshka’s name has never previously surfaced either in connection with hackers or in connection with the GRU (and, perhaps it would not have come to light without this investigation), so it could not have been used for provocation.
The material was prepared with the participation of: Anastasia Kirilenko, Sergei Kanev, Iva Tsoi, Anna Begiashvili
The Kremlin is behind the hacker attack on the French President.
As The Insider writes, in an array of hacked correspondence between Emmanuel Macron and his headquarters published on May 5, a number of letters were found that were modified by a user named Georgiy Petrovich Roshka - this is evidenced by the metadata of the letters.
Those documents where The Insider found traces of Gheorghe Rosca (and there are at least 9 of them) are financial documents of Macron’s headquarters, here is one of them:
(to enlarge, click on the image)
The real author of the document, judging by the same metadata, was the treasurer of Macron's headquarters - Cedric O (this is not an abbreviation, but his full name). But then the document was changed by a certain Gheorghe Roshka. A man named Georgiy Petrovich Roshka works at JSC Evrika, which produces computer equipment and software, whose main clients are Russian government agencies, including the Ministry of Defense and special services.
For example, it is known that JSC Eureka received licenses from the FSB to carry out activities to protect state secrets, and also carried out contracts for JSC NPO Kvant, working for the Ministry of Defense. It is “Kvant” that is called the key intermediary between the Ministry of Defense and hackers, and this interaction has been going on since at least 2009.
Georgy Roshka is a programmer who participated in specialized conferences, for example “Parallel Computing Technologies”, held in 2014 in Rostov-on-Don. At the time of publication, Rosca did not respond to The Insider's request.
Let us recall that yesterday, May 5, the Internet portal WikiLeaks published a link to the hacked correspondence of French presidential candidate Emmanuel Macron and his entourage, consisting of several hundred thousand emails, photos and attachments dating back to April 24, 2017. The array size is about 9 GB.
Macron's team reported that the documents were obtained several weeks ago as a result of the hacking of the personal and work mailboxes of some representatives of the Forward! movement. and noted that in addition to real letters and documents, the array also contains fakes.
Earlier, the Japanese company Trend Micro confirmed that the Russian hacker group Pawn Storm, also known as Fancy Bear and APT28, was behind the cyber attack on Macron’s resources (which the headquarters recorded back in February). The same group has previously carried out numerous cyber attacks in other Western countries, including the United States, where hacked Democratic Party emails were also handed over to WikiLeaks for distribution ahead of the presidential election.
Let us remind you that the founder of WikiLeaks is Julian Assange, known, among other things, for his show on the Russia Today TV channel.
Let us note that previously a number of independent information security companies independently confirmed Fancy Bear/APT28’s connection with the Russian authorities (including Google experts). One of the first was Trend Micro, which discovered a powerful hacker group with a special attack style called Pawn Storm. The company was able to establish that the same group was used both in the attack on Russian oppositionists and in the attack on American servers (this was later confirmed by a number of other companies). A Trend Micro expert spoke in more detail about these attacks in an interview with The Insider.
Previously, Russian hackers were already noticed interspersing real documents with fakes in the arrays they posted. This was the case, for example, when laying out files from the Open Society Foundation of George Soros, where, along with real files, crudely falsified documents were posted, designed to create the impression that Alexey Navalny was receiving money from the foundation.
Profitable conversion of traffic from VKontakte
Goris city, Armenia. "Stone Forest" of Goris. Armenia. What are functional cookies
Alarm won't turn on on Android
Sony Xperia V - Specifications Bluetooth is a standard for secure wireless data transfer between various devices of different types over short distances
Live voices for garmin nuvi navigators Live voices for garmin nuvi navigators