The following is excerpted from a report released yesterday by the Associated Press. Well-known priest and scholar, Archimandrite Cyril (Hovorun), served as one of the sources. The original contains a screen shot of a Russian phishing attempt on Father John Jillions, chancellor of the Orthodox Church in America (OCA). We strongly urge you to read the report in its entirety at the link provided below.
Nothing Sacred: Russian Spies Tried Hacking Orthodox Clergy
The Russian hackers indicted by the U.S. special prosecutor last month have spent years trying to steal the private correspondence of some of the world’s most senior Orthodox Christian figures, The Associated Press has found, illustrating the high stakes as Kiev and Moscow wrestle over the religious future of Ukraine.
The targets included top aides to Ecumenical Patriarch Bartholomew I, who often is described as the first among equals of the world’s Eastern Orthodox Christian leaders.
The Istanbul-based patriarch is currently mulling whether to accept a Ukrainian bid to tear that country’s church from its association with Russia, a potential split fueled by the armed conflict between Ukrainian military forces and Russia-backed separatists in eastern Ukraine.
The AP’s evidence comes from a hit list of 4,700 email addresses supplied last year by Secureworks, a subsidiary of Dell Technologies.
The AP has been mining the data for months, uncovering how a group of Russian hackers widely known as Fancy Bear tried to break into the emails of U.S. Democrats , defense contractors , intelligence workers , international journalists and even American military wives . In July, as part of special counsel Robert Mueller’s ongoing investigation into Russian interference in the 2016 U.S. election, a U.S. grand jury identified 12 Russian intelligence agents as being behind the group’s hack-and-leak assault against Hillary Clinton’s presidential campaign.
The targeting of high-profile religious figures demonstrates the wide net cast by the cyberspies.
The Russian Orthodox Church said it had no information about the hacking and declined comment. Russian officials referred the AP to previous denials by the Kremlin that it has anything to do with Fancy Bear, despite a growing body of evidence to the contrary.
[Ecumenical Patriarch] Bartholomew, who is 78, does not use email, those church officials told AP. But his aides do, and the Secureworks list spells out several attempts to crack their Gmail accounts.
Among them were several senior church officials called metropolitans, who are roughly equivalent to archbishops in the Catholic tradition. Those include Bartholomew Samaras, a key confidante of the patriarch; Emmanuel Adamakis, an influential hierarch in the church; and Elpidophoros Lambriniadis, who heads a prestigious seminary on the Turkish island of Halki.
The nexus between Russia’s intelligence and religious establishments survived the 1991 fall of the Soviet Union and the KGB’s reorganization into the FSB, according to Moscow-based political analyst Dmitry Oreshkin.
“Our church leaders are connected to the FSB and their epaulettes stick out from under their habits,” Oreshkin said. “They provide Vladimir Putin’s policy with an ideological foundation.”
That might make one target found by the AP seem curious: The Moscow Patriarch’s press secretary, Alexander Volkov.
But Orthodox theologian [Father] Cyril Hovorun said he wouldn’t be surprised to see a Russian group spying on targets close to home, saying, “they’re probably checking him out just in case.”
Volkov did not return AP emails seeking comment.
Hovorun is unusually qualified to speak on the issue. In 2012 he — like Volkov — was an official within the Moscow Patriarchate. But he resigned after someone leaked emails showing that he secretly supported independence-leaning Ukrainian clergy.
Hovorun has since been targeted by the Russian hackers, according to the data from Secureworks, which uses the name Iron Twilight to refer to the group.
Hovorun said he believes that those who published his emails six years ago weren’t related to Fancy Bear, but he noted that their modus operandi — stealing messages and then publishing them selectively — was the same.
“We’ve known about this tactic before the hacking of the Democrats,” Hovorun said, referring to the email disclosures that rocked America’s 2016 presidential campaign. “This is a familiar story for us.”
The Russian hackers’ religious dragnet also extended to the United States and went beyond Orthodox Christians, taking in Muslims, Jews and Catholics whose activities might conceivably be of interest to the Russian government.
[Father] John Jillions, the chancellor of the Orthodox Church in America [OCA], provided the AP with a June 19, 2015, phishing email that Secureworks later confirmed was sent to him by Fancy Bear.
Read the entire report at the Associated Press.
Raphael Satter has been writing for the Associated Press since 2005. His main journalistic interests interest include cybersecurity, espionage, biometrics, civil liberty, corruption, tax evasion, money laundering, theft, fraud, and terrorism.