The capability of Russian hackers has amazed many and shocked some as more details emerge about their dealings. Investigators have now found out that the hackers hired servers registered to a company in the UK. They used these servers to perform various activities including hacking the German parliament, targeting Apple’s devices, and hijacking traffic for a website of the Nigerian government. The attack on Apple was serious. The malware installed by the hackers could steal text messages and activate voice recording. The UK company known as Crookservers, claimed its location to be in Oldham for some time. The firm claims that when it got knowledge that the people it hired its servers to were engaging in illegal activities, it ejected them immediately. At the time, the firm said they referred to themselves as Fancy Bear.
It seems that Fancy Bear left but forgot to clear the records of the activities. The servers had their financial and technical operations records. The records suggest that the hackers utilized online financial services. However, anti-laundering authorities closed some of these services later. Some investigators link the Fancy Bear to the Russian Intelligence. Other names that the Fancy Bear used include Pawn Storm, Sofacy, Iron Twilight, and APT28. They played a critical role in an attack on US Democratic National Committee which took place in 2016. Investigators found an IP address from the servers hired by the Fancy Bear team in UK in the malicious code used in the attack.
Crookserver’s claim to be server resellers. Further, the information reveals it is entirely an online business with no physical office anywhere as it claims. The servers that it is subletting are for companies located in Canada and France. The BBC found out the operator of Crookserver to be Usman Ashraf. Details of his online accounts and social media indicate that he was present in the Oldham area between 2010 and 2014 and now it seems he moved to Pakistan. Ashraf declined a recorded interview but provided very detailed responses through mail. According to his responses, he claimed that he did not know that the clients who hired the servers were hackers. He further stated that they could not determine how a client was using the servers that they rented to them. However, he accepts after getting information that Fancy Bear were hackers, he acted swiftly and closed all their accounts.