Suspected DNC & German Parliament Hacker Used His Name As His Email Password

from the opsec-yo dept

You may have seen the news reports this week that German prosecutors have issued an arrest warrant for Dmitry Badin for a massive hack of the German Parliament that made headlines in 2016. The reports about the German arrest warrant all mention that German authorities “believe” that Badin is connected to the Russian GRU and its APT28 hacking group.

The folks over at Bellingcat have done their open source intelligence investigation thing, and provided a ton of evidence to show that Badin almost certainly is part of GRU… including the fact that he registered his 2018 car purchase to the public address of a GRU building. This is not the first time this has happened. A few years back, Bellingcat also connected a bunch of people to the GRU — including some accused of hacking by the Dutch government — based on leaked car registration info.

There’s much, much more in the Bellingcat report, but the final paragraph really stands out. Bellingcat also found Badin — again, a hacker who is suspected in multiple massive and consequential hacks, including of email accounts — didn’t seem to be all that careful with his own security:

The most surreal absence of ?practice-what-you-breach? among GRU hackers might be visible in their lackadaisical attitude to their own cyber protection. In 2018, a large collection of hacked Russian mail accounts, including user name and passwords, was dumped online. Dmitry Badin?s email ? which we figured out from his Skype account, which we in turn obtained from his phone number, which we of course got from his car registration ? had been hacked. He had apparently been using the password Badin1990. After this, his email credentials were leaked again as part of a larger hack, where we see that he had changed his password from Badin1990 to the much more secure Badin990.

Yes, the password for at least one of his email accounts… was apparently his own last name and the year he was born. The cobbler’s kids go shoeless again.

Filed Under: , , , , , , , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Suspected DNC & German Parliament Hacker Used His Name As His Email Password”

Subscribe: RSS Leave a comment
Anonymous Coward says:

Re: Re: Re:

The first suspect and most likely only guilty party is almost always China.

In the event it’s not China, then it’s India.

North Korea, Japan, Germany, and possibly Spain, were the old guilty crowd but they appear to have completely lost the "cyber" conflict completely at this point.

North Korea probably still has some kind of declared conflict that it created itself on its books that blames everyone else and can be used as a "state sponsor" of the activity.

The cyber terrorists that attacked me blamed Bhutan for a while which is not functionally possible to my knowledge.

If it was Russia that was the source of the global cyber terror menace then the Soviet Union would be more than a collection of treaties in some archive today like the Roman Empire turned into.

Scary Devil Monastery (profile) says:

Re: Re: Re: Re:

"If it was Russia that was the source of the global cyber terror menace then the Soviet Union would be more than a collection of treaties in some archive today…"

The soviet union which ended in 1991 at which point in time "cyberwarfare" consisted of individual hackers and the various governments of the world still thought a 14.4k modem was a revolutionary invention?

Honestly, everything else being equal then yes, China will have the most hackers of anyone today, simply because they’ve spent the most on state-wide IT monitoring and supervision.
But russia isn’t exactly lacking either. And it’s a mistake to assume that just because one of their most clumsy managed to screw himself it means they lack skilled crews.

Like the ones who hacked the NSA to lift and spread the code that agency built for "monitoring and surveillance" – which was then used by criminals to create the Wcry cryptoworm.

Anonymous Coward says:

Re: Re: Re:2 Re:

cyberwarfare is outlawed by all countries and is not a form of warfare

the "cyberwarfare", which is almost purely terrorism today, was in fact developed more than 1000 years ago when people noticed you could poison or kill someone with an EM field

It was called witchcraft or sorcery and people got burned at the stake for it

Anon says:

Common Registration technique

IIRC one of the guys who poisoned the Russian ex-agent in Britain (and his daughter) was outed with among other things, proof that he’d registered his car to a GRU office despite claims he was not connected with them.

Is there a benefit to sending local police looking to collect on outstanding traffic tickets to the address of the GRU?

Koby (profile) says:


I remember years ago watching a tv show about scam artists. Police investigators who traced these types of crimes said that many of the victims of scams were perfectly intelligent, and that the common theme that tied scam victims together was mostly personal greed. This hacker demonstrates to me that proper online security practices are not tied to intelligence. Laziness perhaps? Convenience? But it’s not intelligence.

Anonymous Coward says:

Re: Convenience

That (you mean ashley madison?) isnt good evidence against Russia being involved in Germany

That said, the title is misleading as the way the GRU operates, even the timing of the U.S. hacks don’t add-up ro his entering Germany

So i disagree with both this article and your analysis

Russia is behind Germany but this had nothing to do with DNC, Techdirt, c’mon, don’t assume if 1 Russian is behind 1, even if you believe they’re somehow the only actor…

(Everybody hacks everybody),.

That this must contend a lack of supply, hackers. There are many people the GRU pickup. i personally doubt Russia was behind Podesta. that said, i fully accept they’re behind much

Let’s not go to extremes of never-guilty, always guilty, bull claims of USB transfer or attempting to connect every campaign to 1 actor let alone 1 individual

Anonymous Coward says:

Re: Convenience

Unfortunately many have forgotten objectivity. it is always a dichotomy

Things are more complex

You’re wrong, Koby as is Mike wrong

Everybody’s wrong. That said, i’d sooner believe Mike despite totally disagreeing with his claim

Why? Plausibility versus probability

It is impossible what you say, plausible what he says but neither is probable

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...