After the death of opposition leader Alexey Navalny in a Russian prison in February, a group of anti-Kremlin hackers sought revenge. Using their access to a computer network associated with Russia’s prison system, the hackers hacked a prison contractor’s website and posted a message supporting Navalny, along with a photo of him and his wife. They also claim to have stolen a database with information on hundreds of thousands of Russian prisoners and their contacts, including those in the prison where Navalny died. The hackers are sharing this data in hopes of shedding light on what happened to Navalny.
Additionally, the hackers manipulated the Russian prison system’s online commissary by changing the prices of goods to one ruble, significantly lower than their usual prices. It took several hours for the administrators to notice the purchases being made at minimal costs, and three days to fully shut down the unauthorized discounts. The database reportedly contains information on about 800,000 prisoners and their contacts, and a review by CNN found multiple entries corroborating this claim.
The online prison shop that was targeted by the hackers is owned by the Russian state and serves 34 regions in Russia. CNN has reached out to the prison shop, Russia’s Federal Penitentiary Service (FSIN), and the website administrators for comment on the breach. Cybersecurity experts have verified that the leaked data appears to be authentic and originated from the hacked prison shop. The hacking group went as far as warning administrators not to remove the pro-Navalny messages from the website, and retaliated by destroying one of the administrators’ computer servers.
Politically motivated hacking, or “hacktivism,” has been prevalent since Russia’s invasion of Ukraine, with various groups engaging in cyberattacks to express their perspectives, target adversaries, and influence the war’s trajectory. This incident, perpetrated by self-described Russian expatriates, is another example of hacktivism being used as a tool to challenge the Putin regime. Navalny’s death under mysterious circumstances has garnered international attention, with the US holding Russian President Vladimir Putin responsible. The hack of the prison shop and the subsequent data leak are part of a broader trend of cyber activities carried out in response to political events in Russia.
