Russian Ministry of Defense Operated Fancy Bear Twitter Account

Recent events over the last week are proving that Russian Intelligence is an oxymoron. And computer geeks really suck at being spies.

A coordinated effort between intelligence agencies of several countries tracked down a group of Russian operatives and caught them red-handed while they were in the midst of a hacking Op. These hackers, who call themselves Fancy Bears Hacking Team but are actually members of Russia’s GRU, were so incompetent in their spycraft it’s laughable. They really are Moscow’s version of the Keystone Kops. 

These are the same guys who hacked the DNC and John Podesta. They also hacked individuals and organizations involved with the Olympics and stole the medical records of 250 athletes, including Serena Williams, her sister, Venus Williams, and Simone Biles.

The main mission of the Fancy Bears has been to get info that could be used, or misused, in influence and disinformation campaigns. They’re good at the hacking and smear campaigns but as spies they really suck. Here’s how bad their Operation Security was:

  • They had a taxi receipt for a ride from GRU headquarters to Moscow airport
  • They had a burner cellphone that was activated near GRU offices 
  • They were caught in car sitting outside their target
  • They had wifi hacking equipment with them in the car
  • They were carrying over $20,000 in cash
  • They  had Russian diplomatic passports
  • Two of the passports had consecutive numbers.
  • They had a laptop with info linking to several other hacking ops
  • One of them bought a car in Moscow and used the GRU as his address
  • The GRU address was also used by 300 other GRU agents.

I managed to find another bit of sloppiness. It’s small, but still another example of their bad Op Sec.

The Fancy Bears Hacking Team had a web domain,, where they posted the medical records of Elena Delle Donne, Simone Beals, Serena Williams and her sister, Venus Williams. 

Along with the website, they created a Twitter account, @fancybears, which was suspended on October 4th, the day a grand jury indicted 7 of the hackers. @FancyBears wasn’t shy about claiming credit for hacking WADA, the World Anti Doping Agency, with links to their web site. But it’s the creation of the Twitter account where they proved how bad they are at the spy stuff.

The @FancyBears Twitter account was created with a verified email. For security purposes, Twitter replaces letters with asterisks. The number of asterisks corresponds exactly with the number of missing letters. wr*******@t*******.**

It’s possible the Fancy Bears email address is for the domain  Zvezda is a Russian television network run by the Russian Ministry of Defense which oversees the GRU. 

Since TV Zvezda is used for propaganda, it wouldn’t be a total surprise if they were involved in disseminating fake news based created from the hacked info.

Don’t be surprised if there’s an international condemnation of Russia in the future, along with more sanctions from more countries.