Russian hackers posing as ISIS threatened the U.S military wives
Army wife Angela Ricketts was soaking in a bubble bath in her Colorado home, leafing through a memoir, when a message appeared on her iPhone from hackers threatening to slaughter her family.
“Dear Angela!” the Facebook message read. “Bloody Valentine’s Day!”
“We know everything about you, your husband and your children,” the message continued, claiming that the hackers operating under the flag of Islamic State militants had penetrated her computer and her phone. “We’re much closer than you can even imagine.”
Ricketts was one of five military wives who received death threats from the self-styled CyberCaliphate on the morning of Feb. 10, 2015. The warnings led to days of anguished media coverage of Islamic State militants’ online reach.
Except it wasn’t IS.
The Associated Press has found evidence that the women were targeted not by jihadists but by the same Russian hacking group that intervened in the American election and exposed the emails of Hillary Clinton’s presidential campaign chairman, John Podesta.
The brazen false flag is a case study in the difficulty of assigning blame in a world where hackers routinely borrow one another’s identities to throw investigators off track. The operation’s attempt to hype the threat of radical Islam also presaged the inflammatory messages pushed by internet trolls during the U.S. presidential race.
Links between CyberCaliphate and the Russian hackers — typically nicknamed Fancy Bear or APT28 — have been documented previously. On both sides of the Atlantic, the consensus is that the two groups are closely related.
But that consensus never filtered through to the women involved, many of whom were convinced they had been targeted by Islamic State sympathizers right up until the AP contacted them.
“Never in a million years did I think that it was the Russians,” said Ricketts, an author and advocate for veterans and military families. She called the revelation “mind blowing.”
“It feels so hilarious and insidious at the same time.”
As Ricketts scrambled out of the tub to show the threat to her husband, nearly identical messages reached Lori Volkman, a deputy prosecutor based in Oregon who had won fame as a blogger after her husband deployed to the Middle East; Ashley Broadway-Mack, based in the Washington, D.C., area and head of an association for gay and lesbian military family members; and Amy Bushatz, an Alaska-based journalist who covers spouse and family issues for Military.com.
Liz Snell, the wife of a U.S. Marine, was at her husband’s retirement ceremony in California when her phone rang. The Twitter account of her charity, Military Spouses of Strength, had been hacked. It was broadcasting public threats not only to herself and the other spouses, but also to their families and then-first lady Michelle Obama.
Snell flew home to Michigan from the ceremony, took her children and checked into a Comfort Inn for two nights.
“Any time somebody threatens your family, Mama Bear comes out,” she said.
The women determined they had all received the same threats. They were also all quoted in a CNN piece about the hacking of a military Twitter feed by CyberCaliphate only a few weeks earlier. In it, they had struck a defiant tone and suspected that CyberCaliphate decided to single them out for retaliation.
“Fear is exactly what — at the time — we perceived ISIS wanted from military families,” said Volkman, using another term for the Islamic State group.
Volkman was quoted in half a dozen media outlets; Bushatz wrote an article describing what happened; Ricketts, interviewed as part of a Fox News segment devoted to the menace of radical Islam, told TV host Greta Van Susteren that the nature of the threat was changing.
“Military families are prepared to deal with violence that’s directed toward our soldiers,” she said. “But having it directed toward us is just complete new ground.”