34

Did a Ukrainian University Student Create Grizzly Steppe?

by Petri Krohn

These ПолтНТУ students have nothing to do with the DNC hack or the tool used in it.

These ПолтНТУ students have nothing to do with the DNC hack or the tool used in it.

1) U.S. Department of Homeland Security claims that the DNC was hacked by Russian intelligence services using a Russian malware tool they have named Grizzly Steppe or “PAS tool PHP web kit”. They have published a YARA signature file that allows anyone to identify it.

https://www.us-cert.gov/security-publications/GRIZZLY-STEPPE-Russian-Malicious-Cyber-Activity

The YARA signature file as published by DHS.

The YARA signature file as published by DHS.


2) Security company Wordefence says Grizzly Steppe is actually P.A.S. web shell, a common malware tool on WordPress sites. They have identified its origin to an Ukrainian download site Profexer.name
https://www.wordfence.com/blog/2016/12/russia-malware-ip-hack/
The download page at profexer.name as seen by Wordfence before the site was disabled.

The download page at profexer.name as seen by Wordfence before the site was disabled.


3) The profexer site presents a SSL certificate that identifies it as pro-os.ru and gives an email address [email protected].
https://profexer.name
The SSL certificate presented by profexer.name when accessed over the HTTPS protocol.

The SSL certificate presented by profexer.name when accessed over the HTTPS protocol.


4) pro-os.ru is offline with the domain registration expired, but Internet Archive has copies from April and May 2015. The photo on the page indicates that they are experts in “deadly” computer viruses.
https://web.archive.org/web/20150405005032/http://pro-os.ru/
Facebook has a cached copy of the pro-os.ru site.

Facebook has a cached copy of the pro-os.ru site.


The contacts given on the pro-os.ru site link to the VK account of Roman Alexeev and the email address [email protected]. The VK account has been suspended because of “suspicious activity”. (You need to be logged in to VK to see the “Author” of the application.)
https://vk.com/app4714348
The pro-os.ru site links to a VK aplication which again links to Roman Alexeev's VK profile.

The pro-os.ru site links to a VK aplication which again links to Roman Alexeev’s VK profile.


4b) The site toster.ru links the email address [email protected] to the name Roman Alexeev (Роман Алексеев).
https://toster.ru/user/aazzz (archive)
https://ibazh.com/members/roman.3232/ (archive)
5) “Roman Alexeev” advertises his skills and services as a web developer, linking to his VK account but also giving a skype account (ya.aalexeev) and an email address ([email protected]).
http://verni.com.ua/feedback/
https://freelancehunt.com/project/kopiya-sayta/141070.html
6) One of the sites where “Roman Alexeev” links to his VK account is Freelancehunt.com. His profile contains a photograph and the nick aazzz. He claims he is from Zaporizhia and 25 years old.
https://freelancehunt.com/freelancer/aazzz.html (archive)
The profile photo used by "Roman Alexeev" at the Freelancehunt site.

The profile photo used by “Roman Alexeev” at the Freelancehunt site.


7) The profile photo on Freelancehunt actually belongs to Jaroslav Volodimirovich Panchenko (ПАНЧЕНКО Ярослав Володимирович), an information technology student and member of the student self-government structure of the Poltava National Technical University.
http://pntu.edu.ua/ru/diyalnist/studentske-zhittya.html
Jaroslav Volodimirovich Panchenko as he apears on the official site of ПолтНТУ.

Jaroslav Volodimirovich Panchenko as he apears on the official site of ПолтНТУ.


The main building of the Poltava National Technical University ПолтНТУ

The main building of the Poltava National Technical University ПолтНТУ


SUPPORT OFFGUARDIAN

If you enjoy OffG's content, please help us make our monthly fund-raising goal and keep the site alive.

For other ways to donate, including direct-transfer bank details click HERE.

Subscribe
Notify of
guest

34 Comments
newest
oldest most voted
Inline Feedbacks
View all comments
Petri Krohn
Petri Krohn
Feb 16, 2018 5:12 PM

The New York Times reported and this story in August 2017, confirming the identity of Profexer, without actually naming him.

In Ukraine, a Malware Expert Who Could Blow the Whistle on Russian Hacking
But while Profexer’s online persona vanished, a flesh-and-blood person has emerged: a fearful man who the Ukrainian police said turned himself in early this year, and has now become a witness for the F.B.I.
Mr. Gerashchenko described the author only in broad strokes, to protect his safety, as a young man from a provincial Ukrainian city. He confirmed that the author turned himself in to the police and was cooperating as a witness in the D.N.C. investigation. “He was a freelancer and now he is a valuable witness,” Mr. Gerashchenko said.

Once again confirmation that “Fancy Bear” is not the Russian military intelligence agency GRU or any other Russian government agency. It is simply a collection of hacking tools available online on Runet, the Russian language part of the Internet and the Russian language darknet.

efficent
efficent
May 13, 2017 2:25 AM

Contact: [email protected]
Are you in search of a reliable Hacking Services?
Then We offer the best of hacking service with our dedicated hackers
with track records.
We offer various Services
1.School Grades Change
2.Drivers License
3.Provide solutions on professional exams
4.Hack email, Database hack & Facebook, Whatsapp
5.Retrieve, deleted data and recovery of messages on cell phone
6.Crediting , Money Transfer.
7. Clearing of criminal records and many others .
We Provide high grades techs and hacking chips and gadgets if you are
interested in Spying on anyone.
Contact us Via: [email protected]

mekus lasgidy
mekus lasgidy
May 6, 2017 9:46 PM

Do you want to get your job done urgently? Are you face with delay and unnecessary excuses and error on your job. Worry no more for we are the best in any hacking job. What do you want from hacking service. We can render it with swift response and no delay on your job 100% guarantee.
Our service list is outline as follows
1. University grades changing
2. WhatsApp Hack
3. Bank accounts hack
4. Twitters hack
5. Email accounts hack
6. Website crashed hack
7. Server crashed hack
8. Sales of Spyware and Keylogger software
9. Retrieval of lost file/documents
10. Erase criminal records hack
11. Databases hack
12. Sales of Dumps cards of all kinds
13. Untraceable IP
14. Individual Computers Hack
15. Money Transfer
16. Crediting
our service is the best online.
CONTACT US ON> [email protected]
for free tutorial on how to hack a facebook account visit my youtube page https://youtu.be/tMnaJp99VyQ

Cain Piggford
Cain Piggford
Feb 1, 2017 11:33 PM

the best news i can ever share on social media,is about this awesome hacker who made me happy and brought joy into my heart, i failed a lot in school.that i almost lost my scholarship, i had to hire DAMIONHACK at GMAIL dot COM who helped me hack my school grades, i am now on B+ , in case you need a hacker,contact him,.asap

pavlovscat7
pavlovscat7
Feb 2, 2017 1:27 AM
Reply to  Cain Piggford

You HAD!.. to hire a hacker? B plus does not rate you high enough you idiot.

John
John
Jan 16, 2017 5:33 AM

The Ross Dell comment looks to me like spam.
I think it should be removed.

Frank
Frank
Feb 1, 2017 1:47 AM
Reply to  John

i thought as much when I saw it and mailed him, he seems very real and passed a personal mail hack text i required of him.

Ross Dell
Ross Dell
Jan 16, 2017 5:01 AM

contact HOMICIDEHACK AT G MAIL DOT COM for your creditscore upgrade, mail hack, criminal records change, facebook hack, whatsapp and viber hack, grades change, bank account hack, credit card hack.

Arrby
Arrby
Jan 10, 2017 8:03 PM

“The exposure (I use the term advisedly) of John Podesta as a very unethical political operative with very strong possibilities of also being a pedophile, resulted from a single phishing expedition by a single hacker who social engineered Podesta into changing his Google email password through an intermediate site that then was able to steal all of Podesta’s email. This hacker is in jail in the US and it is almost certain that he is collaborating with a US intelligence service, not the Russians.” Firstly, This comes from Axis Of Logic, which is included in Off Guardian’s list of links.
In regard to the Podesta and Clinton email ‘leaks’, there was NO HACK BY RUSSIANS!!! Someone here wrote ‘some’ of those emails were hacks, without qualification. That leaves the impression that Russia did do ‘some’ hacking here. That would be a wrong impression.
The one hacker who phished John Podesta and now sits in a US jail almost certainly had nothing to do with Russia. If someone wants to suggest that that’s not so, he (or…) should provide evidence. Please see “The Russians Did Not “Hack” the US Election – A Few Facts from a Former CIA Spy” by Robert David Steele (http://bit.ly/2j2qqlN)

Empire Of Stupid
Empire Of Stupid
Jan 10, 2017 3:36 PM

Meanwhile, over at DNC HQ:
” … so, Marcie’s like, really? And John’s like, well, okay, but … ”
Riiing!
“Yeah, DNC.”
“This is the FBI. Your server’s been compromised.”
“Oh, okay, thanks.”
Click!
“So, yeah, and then Hillary’s like, well, John, it doesn’t matter about … ”
Riiing!
“Yeah, DNC.”
“This is the FBI again. You really need to look at your security.”
“Yeah, right, we’re all over it, bye.”
Click!
“Yeah, so … where was I?”
So it goes in the smaller, more spiderwebbed corridors of power.

maulynvia
maulynvia
Jan 10, 2017 1:39 PM

If email is not encrypted there are many ways in which it could fall into unintended hands. This question “who did the hack?” is the wrong question. Firstly some of the so called “hacks” were actually “leaks”. Secondly, if there is unencrypted data around, then the situation is more like a rabble of predators grouping round a dead carcass. There will be no orderly queue, no single “guilty” one, and little in the way of an audit trail. Amongst that rabble, you may well find stereotype teenage hackers, alongside GCHQ, NSA and other alphabets, domestic and foreign – acting for fun, for the civic good, for money, and/or for more nefarious motivations. I’m no expert – but common sense tells me that much.

Greg Bacon
Greg Bacon
Jan 10, 2017 11:54 AM

Hillary Clinton is caught selling access to her top secret State Department emails to foreigners for a donation to the Clinton Global Initiative slush fund, and all the MSM can blab about is some phony Russian hack story?
The REAL story is Clinton’s treasonous activity, but let’s not talk about that, it’s too awful to consider. The MSM could also do a story on the CGI slush fund, in that it uses 90% of the donations for ‘expenses,’ travel, bonuses, etc, meaning it’s breaking the law, but again, let’s not look into that.

BigB
BigB
Jan 10, 2017 8:56 PM
Reply to  Greg Bacon

You’re absolutely right, the real story is in the content – “there’s a map and it seems p-zza related” – but again, let’s not look into that either!

profecto
profecto
Jan 10, 2017 7:01 AM

It was a LEAK, NOT a hack. BIG difference.

Arrby
Arrby
Jan 10, 2017 1:38 AM

There was no ‘hack’! Craig Murray met the leaker. Gosh! – http://bit.ly/2gSJEam

Arrby
Arrby
Jan 10, 2017 1:40 AM
Reply to  Arrby

Apologies. I gave the wrong link. The Craig Murray link is: http://bit.ly/2hE0U6q

mohandeer
mohandeer
Jan 9, 2017 7:53 PM

The information in this article doesn’t really help in identifying the hacker. Anybody using a remote device can hack into a networked system even on a protected server and many “hackers” for want of a snooper’s alternative description can intercept and redirect downloads to another remote device. Since Killary was using a private server it would have been easy peasy to infiltrate puny malware detectors without anyone – including cum laude IT geniuses, ever being able to prove where the hack came from – only the device which could just as easily have been hijacked for a short while.
This whole pathetic excuse from the DNC hack to Russian hacking to influence the US presidency is just a circus and a sorry assed joke on the American people and the ones trying to pull the wool over their eyes are the very ones who know the truth. Specifically because they spend $billions of dollars (which are then “unaccounted for” or lost, misplaced) poking their noses into every state -national or International, doing exactly what they are so hypocritically accusing others of doing. The UK is no different, our government has introduced their very own state sponsored hacking programme , we call it the snoopers charter. It’s just as illegal as hacking but there is no accountability because it is the government that is doing the hacking and intercepting of data. Nice one.

Jen
Jen
Jan 10, 2017 4:20 AM
Reply to  mohandeer
John
John
Jan 10, 2017 11:23 AM
Reply to  Jen

Or is Podesta just Clinton’s fall guy?
After all, is she not the one who has been using personal unprotected IT systems?
She ought to have known better, especially as she was privy to US taps on Merkel’s mobile phone.
However this is resolved – leak or hack – the fact is that it demonstrates Clinton’s unfitness to be US President.
That is all any of us need to know.

archie1954
archie1954
Jan 9, 2017 6:39 PM

I personally think it was the stuxworm, you know, the cyber warfare device invented and used by the US with the help of Israel against Iran years ago. This was actually the first shot fired in what then became cyberwars. The US started the whole thing!

Emanuel Goldstein
Emanuel Goldstein
Jan 10, 2017 4:27 PM
Reply to  archie1954

Citizen, it appears your news retention circuits are defective and have created unnews. Please report immediately to your nearest reprogramming ceter to have this dengerous defect terminated.

John
John
Jan 9, 2017 6:33 PM

It should equally be noted that the East India Company was wound-up effectively after the events of the 1857-1859 Indian Mutiny and replaced by direct rule by The Crown.
Eventually – after 1947 – India gained independence.
No “empire” or colonial regime lasts for ever.
Israelis should note that.

John
John
Jan 9, 2017 6:35 PM
Reply to  John

This comment was meant for another page. Please ignore.

mohandeer
mohandeer
Jan 9, 2017 7:56 PM
Reply to  John

Israel doesn’t care – why do you think they “acquired” nukes?

John
John
Jan 9, 2017 8:14 PM
Reply to  mohandeer

The British and French Empires had nukes – their empires are gone.
The Soviet Union had nukes – their empire is gone.
The US has nukes – their empire is declining.
What makes you think Israel is so special?

Schlüter
Schlüter
Jan 9, 2017 5:51 PM

Ukrainian “False Flag” to be blamed on Russia?!
Regards

Norman Pilon
Norman Pilon
Jan 9, 2017 6:48 PM
Reply to  Schlüter

Or it may be a case of geopolitical “blame domino:” America blames the Russians; the Russians blame the Ukrops. Next up, the Ukrops will blame the Moskals, and obviously, the blame will at that point redound back up the line, only to come back down again.
Yup. We never quite outgrow our childhood, do we . . .

Norman Pilon
Norman Pilon
Jan 9, 2017 5:39 PM

It’s obvious that the U.S. government should just contract out its intelligence service functions to Russian student, amateur and freelance programmers. They do a hell of a lot better work than the C.I.A., the F.B.I. and the rest of the American alphabet soup security agencies. Someone should forward this piece of work to the Donald. If the security agencies thought they might be in for a little reorganization, this would pretty well clinch it, in my opinion.
Disclaimer: this comment is for entertainment purposes only, or rather, in the time it took me to write it, I had nothing better to do, and I know absolutely nothing about viruses or programming, so that the details of this article are for the time being a bit beyond my ken. I look forward to, then, having it clarified in terms of its significance by a cognoscente of viral coding and its dissemination. if such a person decides to comment in this thread.

Teh Evil Russian Hacker
Teh Evil Russian Hacker
Jan 10, 2017 4:32 PM
Reply to  Norman Pilon

That sounds perfectly fine to me, providing payment is in gold, and not this dollar toilet paper.
http://www.howtoinstructions.org/wp-content/uploads/2013/12/100-Dollar-money-toilet-paper-roll.jpg

John
John
Jan 9, 2017 5:15 PM

Is this where some of the US $ 5 billion spent by Victoria Kagan (nee Nuland) went to?

Jose
Jose
Jan 9, 2017 5:10 PM

So what are we looking at here then? This is the chap that hacked the dnc and passed info to wiki?

Admin
Admin
Jan 9, 2017 5:31 PM
Reply to  Jose

Not exactly no. The malware tool which the DHS claims was used to allegedly hack the DNC can apparently be traced to someone who uses this Ukrainian student’s avatar.
Let’s remember there’s as yet no hard evidence the malware had anything to do with the alleged hacking, or indeed to show there even was such a hack. It’s currently just unsubstantiated and vague claims of the kind we usually see when security serviced are being pressured to say things they can’t prove or know to be untrue. The malware in question is ubiquitous, and for the US media to claim it’s proof of the nationality of the alleged hackers makes as much sense as saying we know a person is Italian because he wears Armani suits.

Norman Pilon
Norman Pilon
Jan 9, 2017 5:45 PM
Reply to  Admin

“The malware in question is ubiquitous . . .
Exactly. Therefore it has long ago been neutralized by anti-viral countermeasures.

John
John
Jan 9, 2017 6:19 PM
Reply to  Norman Pilon

Unless devices being used are not protected, which may explain why the US intelligence agencies were annoyed by Hilary using a private server network?
If she had personal and public data on her devices, this would presumably simplify hacking of the DNC central IT system?
If US agencies want to take up the matter of rendering vulnerable their IT systems, perhaps they should consider prosecuting Mrs Clinton.
What’s that?
They already did – and decided not to prosecute her after Bill spent half an hour in a private jet with a senior Justice official?
Well – who’d a’ thought it?