This combination of photos shows, top row from left, Hillary Clinton, the logo of the defense contractor Lockheed Martin, and former Russian oil tycoon Mikhail Khodorkovsky; middle row from left, tanks at a military parade in Kiev, Ukraine, former US Secretary of State Colin Powell and the Democratic National Committee headquarters in Washington; bottom row from left, former Secretary of State John Kerry, former Nato Supreme Commander Wesley Clark and Maria Alekhina of the Russian punk band Pussy Riot. These people and organisations were among the thousands targeted by the hacking group Fancy Bear, which disrupted the 2016 US presidential election.— AP
The hackers didn't just go after Hillary Clinton's presidential campaign.
They tried to break into the private email of the sitting US secretary of state, attempted to steal the private correspondence of a manager working on Lockheed Martin's stealth fighter program, and sought to break into the accounts of thousands of others, including the punk band Pussy Riot and Russian opposition leader Alexei Navalny.
About 19,000 lines of data, recently shared by cybersecurity firm Secureworks, show that Fancy Bear, the hacking group blamed by US intelligence agencies for disrupting last year's presidential election, tried to break into more than 4,700 Gmail inboxes between March 2015 and May 2016.
It's effectively a hit list, one that experts say points to the Kremlin.
“There is only one country whose interests this list would serve,” said Keir Giles, the director of the Conflict Studies Research Center in Cambridge, England, and one of five experts who reviewed the AP's findings.
“Regardless of the inevitable denials from Moscow, it is the only explanation that makes sense,” he said.
Russian officials have described claims that they orchestrated the hacking as “ludicrous” and “verging on fantasy”. On Wednesday, Russian Deputy Foreign Minister Sergei Ryabkov said there was “not a single piece of evidence” to back the allegations.
But the Fancy Bear targets identified by the AP tell a different story. In more than 100 interviews, many blamed Moscow for the hacking.
“We have no doubts about who is behind these attacks,” said Artem Torchinskiy, a Navalny lieutenant who was targeted by Fancy Bear in 2015. “I am sure these are hackers controlled by Russian secret services.”
The largest groups of targets were in the United States, Ukraine, Russia, Georgia and Syria. The hackers tried to compromise employees of major US defence contractors and attempted to steal the emails of more than 130 Democrats and members of Clinton's inner circle, including her campaign chairman John Podesta, whose correspondence was leaked in the closing days of the presidential race. Others targeted include then-secretary of state John Kerry and former US Army Gen Wesley Clark.
They also tried to hack a swath of Ukrainian politicians, including Serhiy Leshchenko, who helped uncover the off-the-books payments allegedly made to Donald Trump campaign chairman Paul Manafort. Islamist rebels fighting the Russia-backed government of Syrian President Bashar Assad were targeted, too, as was Pussy Riot's Maria Alekhina.
Vasily Gatov, a US-based Russian media analyst who was among those targeted by Fancy Bear, said the list provides a global context to the hack of the Democrats in early 2016.
“It complements the puzzle,” said Gatov, who was initially skeptical of the idea that Russian intelligence had singled out the Democrats.
“Now I'm convinced.”
Allegations that Fancy Bear works for Russia aren't new. But raw data has been hard to come by. The US intelligence community has made little proof available publicly.
The hit list made its way to AP after Secureworks stumbled upon a Bitly account being used by Fancy Bear to craft its malicious emails.
Over the course of its reporting, the AP found a direct line from Fancy Bear to the leaks that rocked the presidential contest in its final stages. All the Democrats whose private correspondence was published in the run-up to the election had previously been targeted by Fancy Bear either at their professional Gmail addresses or through the Democratic National Committee, the AP found.
Even if only a fraction of the 4,700 Gmail accounts targeted by Fancy Bear were successfully hacked, the data drawn from them could run into terabytes putting the operation in the same league as some of the largest leaks in journalistic history.
Merely identifying and sorting the targets took a team of six AP reporters eight weeks.
The AP's effort offers “a little feel for how much labour went into this” hacking endeavour, said Thomas Rid, a professor of strategic studies at Johns Hopkins University's School of Advanced International Studies.
He said the investigation should put to rest any theories like the one then-candidate Donald Trump floated last year that the hacks could be the work of “someone sitting on their bed that weighs 400 pounds”.
“The notion that it's just a lone hacker somewhere is utterly absurd,” said Rid.