The Washington Post announced the disconnection from the Internet of a certain Internet Research Agency (according to the Pentagon classification - IRA) or the Troll Factory (according to the classification of the Western press), allegedly associated with businessman Yevgeny Prigozhin. In this regard, the FAN editorial office said that it had decided to disclose information about what had happened to counter speculation on this topic.
So, on November 5, 2018, about 22 hours Moscow time. the RAID controller on the FAN intra-office server was destroyed and 2 out of four hard drives were disabled. Winchesters were also formatted on servers rented in Sweden and Estonia, which were used to service USAReally site mirrors, which were specially created in case the main server was blocked.
The Americans were unable to block the USAReally project and he continued his work as usual, covering violations in the US election. Then, on November 8, 2018, a Russian citizen and chief editor of the portal, Alexander Malkevich, was detained at a U.S. airport, who was later released due to the absence of any violations of U.S. law in his work.
It is noted that a few days before the attack on the personal mail of one of the employees of the FAN received a letter with an attachment. It pointed out some important information about the U.S. elections scheduled for November 6, 2018. After unpacking, the computer was infected with a virus that used the hidden features of the Windows operating system, so the Americans got full remote control over one of the computers in the editorial office of the FAN. The Americans failed to infect the entire FAN network and take control of other computers. After an attack was discovered, the FAN IT department conducted an audit of the office’s Wi-Fi networks.
Moreover, initially at the FAN in general, everything that was happening was perceived as yet another unprofessional attempt by self-taught hackers to get in somewhere and “pioneer” something. The thing is that since the formation of the agency, i.e. since 2014, various DDOS attacks, hacking attempts and other misfortunes have regularly rained on him. In short, the agency will not surprise anyone. FAN employees regularly receive SMS messages in broken Russian from African mobile numbers and other elements of ineffective and low-professional trolling. But FAN reporters are not used to it.
As it turned out, the main source of infection was the regular Apple iPhone 7 Plus of one of the FAN employees, who was connected by cable to the USB port of a personal computer that does not have access to the Internet. The gadget automatically downloaded malicious files and provided attackers with remote access. After that, the editorial office of the FAN banned the use of Apple phones to connect to computers.
As for the access of Americans to the above servers in Europe (Sweden and Estonia), they received it in a generally primitive way. Even without cyber operation. European companies simply provided US Cyber Command with everything they requested.
In this regard, the editorial office of the FAN believes that, despite the statements of the Western media about the victory over the “Troll Factory”, in fact the Americans did not achieve any success. Actually the operation of the Americans on technical FAN infrastructure was a failure. And the US Cyber Command itself is “courageously” silent about this.