Senators show how Russian hackers targeted U.S. military families

"The first public evidence that influence operations have specifically targeted American military families."

The "Cyber Caliphate" that targeted American military families was actually a Russian hacking operation.
The "Cyber Caliphate" that targeted American military families was actually a Russian hacking operation.

While much of the focus on Russian interference efforts over the past week has centered on the latest revelations about hacking and infiltration of the National Rifle Association (NRA), a letter written by a pair of senators highlights a different, potentially far darker strain of Moscow’s methods.

The letter, addressed to Attorney General Jeff Sessions, comes from Sen. Ron Wyden (D-OR) and Sen. Cory Gardner (R-CO). Sent last week, it details how Russian hackers posed as Islamic extremists — and targeted American military families in the process.

And according to one of the military spouses targeted by the hackers, the U.S. government has done nothing about it.

As Wyden and Gardner wrote:

We write to express our concerns about reports that Russian intelligence services posing as Islamic extremists threatened and harassed U.S. military families. We urge you to investigate this potential false flag operation and to hold any perpetrators accountable.

The letter pivots off of a May report from the Associated Press, which itself detailed how Russian hackers from the GRU, Moscow’s foreign military intelligence agency, posed as members of the so-called “Cyber Caliphate,” claiming to be affiliated with ISIS. The report highlighted how these Russian hackers in February 2015 sent a series of chilling Facebook messages to the spouses of those serving in the American military. “We’re much closer than you can even imagine,” one message read. “Bloody Valentine’s Day!”


The senders claimed to be from the “Cyber Caliphate,” an online organization that also took credit for hacking the Twitter and YouTube accounts of U.S. Central Command in 2015. One of the first tweets sent from the hacked Twitter account read: “AMERICAN SOLDIERS, WE ARE COMING, WATCH YOUR BACK. ISIS.” The “Cyber Caliphate” also claimed to have released a trove of classified U.S. Army documents, though, as BuzzFeed noted, “many of those files were available online and were not confidential.”

The “Cyber Caliphate” appeared to largely fade away in the time since, never achieving anywhere near the notoriety it gained in early 2015. Still, it pointed to the apparent hacking capabilities of those affiliated with ISIS.

But now, it appears the “Cyber Caliphate” never actually had anything to do with ISIS. As the AP wrote in May, the “repeated overlap” between the “Cyber Caliphate” operations and those of APT28 — the GRU unit accused of hacking the Democratic National Committee  — shows that the military families were actually being targeted by members of Russia’s foreign military intelligence, not Islamist extremists.

As Wyden and Gardner concluded:

If substantiated, the claims about APT28 posing as the Cyber Caliphate could be the first public evidence that influence operations have specifically targeted American military families. If left unchecked, such operations would threaten the personal liberty, financial security, mental health, and morale of our military families.

APT28, known colloquially as “Fancy Bear,” is perhaps the most notorious unit within the GRU. Not only was it responsible for stealing the internal communications from the DNC, but it was also behind the 2015 hacking of the German Bundestag. It also appears related to operations that stole emails from journalists critical of Moscow.


And while APT28 wasn’t specifically named in the indictments from the office of Special Counsel Robert Mueller last week, the activities detailed in last Friday’s indictment appear to line up with what is known about the operations of “Fancy Bear” — especially as it pertains to hacking the DNC and Hillary Clinton campaign, the most egregious election-related interference operation the U.S. has ever known.

Following the AP’s revelations in May, Amy Bushatz, one of the spouses targeted, wrote that it wasn’t simply threatening messages she received from the so-called “Cyber Caliphate.” The hackers also targeted her Gmail account, potentially compromising all of those listed in the “dozens of spreadsheets with the names, physical addresses, phone numbers, birth dates and even details about children for at least 500 individual Army family members [that] had been delivered by Army unit officials to my personal email address.”

Added Bushatz, “If I was compromised, so were they. And they likely have no idea. The U.S. government knew this happened and did virtually nothing.”