By ANDY GREENBERG
ABOUT A YEAR ago, the two-decade-old trail of a group of Russian hackers led Thomas Rid to a house in the quiet London suburb of Hartley Wintney. Rid, a cybersecurity-focused political science professor and historian, wrote a long-shot email to David Hedges, a 69-year-old retired IT consultant who lived there. Rid wanted to know if Hedges might somehow still possess a very specific, very old chunk of data: the logs of a computer Hedges had used to run a website for one of his clients in 1998. Back then, Russian spies had commandeered it, and used it to help run one of the earliest mass-scale digital intrusion campaigns in computing history.
A few weeks later, Hedges answered as if he’d almost been expecting the request: The ancient, beige, HP 9000 computer that the Russians had hijacked was still sitting under his office desk. Its logs were stored on a Magneto optical drive in his home safe. “I’d always thought this might be interesting one day,” Hedges says. “So I put it in my safe and forgot about it until Thomas rang me.”
Over the months since then, Rid and a team of researchers from King’s College and the security firm Kaspersky have pored over Hedges’ data, which recorded six months of the Russian hackers’ moves as they breached dozens of American government and military agencies—a history-making series of intrusions that’s come to be known as Moonlight Maze. In research they’re presenting at the Kaspersky Security Analyst Summit Monday, they argue that their archaeological hacker excavation reveals more than just a digital museum piece from the dawn of state cyberespionage. The researchers say they’ve found a piece of vintage malicious code in that trove that survives today, as part of the arsenal of a modern-day team of Russian hackers—believed to have Kremlin ties—known as Turla. And they suggest that contemporary hacking team—though mutated and evolved through the years—could be the same one that first appeared in the late 90s, making it one of the longest-lived cyberespionage operations in history.