Did a Ukrainian University Student Create Grizzly Steppe?

by Petri Krohn

These ПолтНТУ students have nothing to do with the DNC hack or the tool used in it.

These ПолтНТУ students have nothing to do with the DNC hack or the tool used in it.

1) U.S. Department of Homeland Security claims that the DNC was hacked by Russian intelligence services using a Russian malware tool they have named Grizzly Steppe or “PAS tool PHP web kit”. They have published a YARA signature file that allows anyone to identify it.


The YARA signature file as published by DHS.

The YARA signature file as published by DHS.

2) Security company Wordefence says Grizzly Steppe is actually P.A.S. web shell, a common malware tool on WordPress sites. They have identified its origin to an Ukrainian download site Profexer.name
The download page at profexer.name as seen by Wordfence before the site was disabled.

The download page at profexer.name as seen by Wordfence before the site was disabled.

3) The profexer site presents a SSL certificate that identifies it as pro-os.ru and gives an email address [email protected]
The SSL certificate presented by profexer.name when accessed over the HTTPS protocol.

The SSL certificate presented by profexer.name when accessed over the HTTPS protocol.

4) pro-os.ru is offline with the domain registration expired, but Internet Archive has copies from April and May 2015. The photo on the page indicates that they are experts in “deadly” computer viruses.
Facebook has a cached copy of the pro-os.ru site.

Facebook has a cached copy of the pro-os.ru site.

The contacts given on the pro-os.ru site link to the VK account of Roman Alexeev and the email address [email protected] The VK account has been suspended because of “suspicious activity”. (You need to be logged in to VK to see the “Author” of the application.)
The pro-os.ru site links to a VK aplication which again links to Roman Alexeev's VK profile.

The pro-os.ru site links to a VK aplication which again links to Roman Alexeev’s VK profile.

4b) The site toster.ru links the email address [email protected] to the name Roman Alexeev (Роман Алексеев).
https://toster.ru/user/aazzz (archive)
https://ibazh.com/members/roman.3232/ (archive)
5) “Roman Alexeev” advertises his skills and services as a web developer, linking to his VK account but also giving a skype account (ya.aalexeev) and an email address ([email protected]).
6) One of the sites where “Roman Alexeev” links to his VK account is Freelancehunt.com. His profile contains a photograph and the nick aazzz. He claims he is from Zaporizhia and 25 years old.
https://freelancehunt.com/freelancer/aazzz.html (archive)
The profile photo used by "Roman Alexeev" at the Freelancehunt site.

The profile photo used by “Roman Alexeev” at the Freelancehunt site.

7) The profile photo on Freelancehunt actually belongs to Jaroslav Volodimirovich Panchenko (ПАНЧЕНКО Ярослав Володимирович), an information technology student and member of the student self-government structure of the Poltava National Technical University.
Jaroslav Volodimirovich Panchenko as he apears on the official site of ПолтНТУ.

Jaroslav Volodimirovich Panchenko as he apears on the official site of ПолтНТУ.

The main building of the Poltava National Technical University ПолтНТУ

The main building of the Poltava National Technical University ПолтНТУ

can you spare $1.00 a month to support independent media

OffGuardian does not accept advertising or sponsored content. We have no large financial backers. We are not funded by any government or NGO. Donations from our readers is our only means of income. Even the smallest amount of support is hugely appreciated.

newest oldest most voted
Notify of
Petri Krohn

The New York Times reported and this story in August 2017, confirming the identity of Profexer, without actually naming him.

In Ukraine, a Malware Expert Who Could Blow the Whistle on Russian Hacking
But while Profexer’s online persona vanished, a flesh-and-blood person has emerged: a fearful man who the Ukrainian police said turned himself in early this year, and has now become a witness for the F.B.I.
Mr. Gerashchenko described the author only in broad strokes, to protect his safety, as a young man from a provincial Ukrainian city. He confirmed that the author turned himself in to the police and was cooperating as a witness in the D.N.C. investigation. “He was a freelancer and now he is a valuable witness,” Mr. Gerashchenko said.

Once again confirmation that “Fancy Bear” is not the Russian military intelligence agency GRU or any other Russian government agency. It is simply a collection of hacking tools available online on Runet, the Russian language part of the Internet and the Russian language darknet.


Contact: [email protected]
Are you in search of a reliable Hacking Services?
Then We offer the best of hacking service with our dedicated hackers
with track records.
We offer various Services
1.School Grades Change
2.Drivers License
3.Provide solutions on professional exams
4.Hack email, Database hack & Facebook, Whatsapp
5.Retrieve, deleted data and recovery of messages on cell phone
6.Crediting , Money Transfer.
7. Clearing of criminal records and many others .
We Provide high grades techs and hacking chips and gadgets if you are
interested in Spying on anyone.
Contact us Via: [email protected]

mekus lasgidy
mekus lasgidy

Do you want to get your job done urgently? Are you face with delay and unnecessary excuses and error on your job. Worry no more for we are the best in any hacking job. What do you want from hacking service. We can render it with swift response and no delay on your job 100% guarantee.
Our service list is outline as follows
1. University grades changing
2. WhatsApp Hack
3. Bank accounts hack
4. Twitters hack
5. Email accounts hack
6. Website crashed hack
7. Server crashed hack
8. Sales of Spyware and Keylogger software
9. Retrieval of lost file/documents
10. Erase criminal records hack
11. Databases hack
12. Sales of Dumps cards of all kinds
13. Untraceable IP
14. Individual Computers Hack
15. Money Transfer
16. Crediting
our service is the best online.
CONTACT US ON> [email protected]
for free tutorial on how to hack a facebook account visit my youtube page https://youtu.be/tMnaJp99VyQ

Cain Piggford

the best news i can ever share on social media,is about this awesome hacker who made me happy and brought joy into my heart, i failed a lot in school.that i almost lost my scholarship, i had to hire DAMIONHACK at GMAIL dot COM who helped me hack my school grades, i am now on B+ , in case you need a hacker,contact him,.asap


You HAD!.. to hire a hacker? B plus does not rate you high enough you idiot.


The Ross Dell comment looks to me like spam.
I think it should be removed.


i thought as much when I saw it and mailed him, he seems very real and passed a personal mail hack text i required of him.

Ross Dell

contact HOMICIDEHACK AT G MAIL DOT COM for your creditscore upgrade, mail hack, criminal records change, facebook hack, whatsapp and viber hack, grades change, bank account hack, credit card hack.


“The exposure (I use the term advisedly) of John Podesta as a very unethical political operative with very strong possibilities of also being a pedophile, resulted from a single phishing expedition by a single hacker who social engineered Podesta into changing his Google email password through an intermediate site that then was able to steal all of Podesta’s email. This hacker is in jail in the US and it is almost certain that he is collaborating with a US intelligence service, not the Russians.” Firstly, This comes from Axis Of Logic, which is included in Off Guardian’s list of links.
In regard to the Podesta and Clinton email ‘leaks’, there was NO HACK BY RUSSIANS!!! Someone here wrote ‘some’ of those emails were hacks, without qualification. That leaves the impression that Russia did do ‘some’ hacking here. That would be a wrong impression.
The one hacker who phished John Podesta and now sits in a US jail almost certainly had nothing to do with Russia. If someone wants to suggest that that’s not so, he (or…) should provide evidence. Please see “The Russians Did Not “Hack” the US Election – A Few Facts from a Former CIA Spy” by Robert David Steele (http://bit.ly/2j2qqlN)

Empire Of Stupid

Meanwhile, over at DNC HQ:
” … so, Marcie’s like, really? And John’s like, well, okay, but … ”
“Yeah, DNC.”
“This is the FBI. Your server’s been compromised.”
“Oh, okay, thanks.”
“So, yeah, and then Hillary’s like, well, John, it doesn’t matter about … ”
“Yeah, DNC.”
“This is the FBI again. You really need to look at your security.”
“Yeah, right, we’re all over it, bye.”
“Yeah, so … where was I?”
So it goes in the smaller, more spiderwebbed corridors of power.


If email is not encrypted there are many ways in which it could fall into unintended hands. This question “who did the hack?” is the wrong question. Firstly some of the so called “hacks” were actually “leaks”. Secondly, if there is unencrypted data around, then the situation is more like a rabble of predators grouping round a dead carcass. There will be no orderly queue, no single “guilty” one, and little in the way of an audit trail. Amongst that rabble, you may well find stereotype teenage hackers, alongside GCHQ, NSA and other alphabets, domestic and foreign – acting for fun, for the civic good, for money, and/or for more nefarious motivations. I’m no expert – but common sense tells me that much.

Greg Bacon

Hillary Clinton is caught selling access to her top secret State Department emails to foreigners for a donation to the Clinton Global Initiative slush fund, and all the MSM can blab about is some phony Russian hack story?
The REAL story is Clinton’s treasonous activity, but let’s not talk about that, it’s too awful to consider. The MSM could also do a story on the CGI slush fund, in that it uses 90% of the donations for ‘expenses,’ travel, bonuses, etc, meaning it’s breaking the law, but again, let’s not look into that.


You’re absolutely right, the real story is in the content – “there’s a map and it seems p-zza related” – but again, let’s not look into that either!


It was a LEAK, NOT a hack. BIG difference.


There was no ‘hack’! Craig Murray met the leaker. Gosh! – http://bit.ly/2gSJEam


Apologies. I gave the wrong link. The Craig Murray link is: http://bit.ly/2hE0U6q


The information in this article doesn’t really help in identifying the hacker. Anybody using a remote device can hack into a networked system even on a protected server and many “hackers” for want of a snooper’s alternative description can intercept and redirect downloads to another remote device. Since Killary was using a private server it would have been easy peasy to infiltrate puny malware detectors without anyone – including cum laude IT geniuses, ever being able to prove where the hack came from – only the device which could just as easily have been hijacked for a short while.
This whole pathetic excuse from the DNC hack to Russian hacking to influence the US presidency is just a circus and a sorry assed joke on the American people and the ones trying to pull the wool over their eyes are the very ones who know the truth. Specifically because they spend $billions of dollars (which are then “unaccounted for” or lost, misplaced) poking their noses into every state -national or International, doing exactly what they are so hypocritically accusing others of doing. The UK is no different, our government has introduced their very own state sponsored hacking programme , we call it the snoopers charter. It’s just as illegal as hacking but there is no accountability because it is the government that is doing the hacking and intercepting of data. Nice one.


Or is Podesta just Clinton’s fall guy?
After all, is she not the one who has been using personal unprotected IT systems?
She ought to have known better, especially as she was privy to US taps on Merkel’s mobile phone.
However this is resolved – leak or hack – the fact is that it demonstrates Clinton’s unfitness to be US President.
That is all any of us need to know.


I personally think it was the stuxworm, you know, the cyber warfare device invented and used by the US with the help of Israel against Iran years ago. This was actually the first shot fired in what then became cyberwars. The US started the whole thing!

Emanuel Goldstein
Emanuel Goldstein

Citizen, it appears your news retention circuits are defective and have created unnews. Please report immediately to your nearest reprogramming ceter to have this dengerous defect terminated.


It should equally be noted that the East India Company was wound-up effectively after the events of the 1857-1859 Indian Mutiny and replaced by direct rule by The Crown.
Eventually – after 1947 – India gained independence.
No “empire” or colonial regime lasts for ever.
Israelis should note that.


This comment was meant for another page. Please ignore.


Israel doesn’t care – why do you think they “acquired” nukes?


The British and French Empires had nukes – their empires are gone.
The Soviet Union had nukes – their empire is gone.
The US has nukes – their empire is declining.
What makes you think Israel is so special?


Ukrainian “False Flag” to be blamed on Russia?!

Norman Pilon

Or it may be a case of geopolitical “blame domino:” America blames the Russians; the Russians blame the Ukrops. Next up, the Ukrops will blame the Moskals, and obviously, the blame will at that point redound back up the line, only to come back down again.
Yup. We never quite outgrow our childhood, do we . . .

Norman Pilon

It’s obvious that the U.S. government should just contract out its intelligence service functions to Russian student, amateur and freelance programmers. They do a hell of a lot better work than the C.I.A., the F.B.I. and the rest of the American alphabet soup security agencies. Someone should forward this piece of work to the Donald. If the security agencies thought they might be in for a little reorganization, this would pretty well clinch it, in my opinion.
Disclaimer: this comment is for entertainment purposes only, or rather, in the time it took me to write it, I had nothing better to do, and I know absolutely nothing about viruses or programming, so that the details of this article are for the time being a bit beyond my ken. I look forward to, then, having it clarified in terms of its significance by a cognoscente of viral coding and its dissemination. if such a person decides to comment in this thread.

Teh Evil Russian Hacker
Teh Evil Russian Hacker

That sounds perfectly fine to me, providing payment is in gold, and not this dollar toilet paper.


Is this where some of the US $ 5 billion spent by Victoria Kagan (nee Nuland) went to?


So what are we looking at here then? This is the chap that hacked the dnc and passed info to wiki?


Not exactly no. The malware tool which the DHS claims was used to allegedly hack the DNC can apparently be traced to someone who uses this Ukrainian student’s avatar.
Let’s remember there’s as yet no hard evidence the malware had anything to do with the alleged hacking, or indeed to show there even was such a hack. It’s currently just unsubstantiated and vague claims of the kind we usually see when security serviced are being pressured to say things they can’t prove or know to be untrue. The malware in question is ubiquitous, and for the US media to claim it’s proof of the nationality of the alleged hackers makes as much sense as saying we know a person is Italian because he wears Armani suits.

Norman Pilon

“The malware in question is ubiquitous . . .
Exactly. Therefore it has long ago been neutralized by anti-viral countermeasures.


Unless devices being used are not protected, which may explain why the US intelligence agencies were annoyed by Hilary using a private server network?
If she had personal and public data on her devices, this would presumably simplify hacking of the DNC central IT system?
If US agencies want to take up the matter of rendering vulnerable their IT systems, perhaps they should consider prosecuting Mrs Clinton.
What’s that?
They already did – and decided not to prosecute her after Bill spent half an hour in a private jet with a senior Justice official?
Well – who’d a’ thought it?