By RAPHAEL SATTER, JEFF DONN and NATALIYA VASILYEVA
PARIS (AP) — Russian television anchor Pavel Lobkov was in the studio getting ready for his show when jarring news flashed across his phone: Some of his most intimate messages had just been published to the web.
Days earlier, the veteran journalist had come out live on air as HIV-positive, a taboo-breaking revelation that drew responses from hundreds of Russians fighting their own lonely struggles with the virus. Now he'd been hacked.
"These were very personal messages," Lobkov said in a recent interview, describing a frantic call to his lawyer in an abortive effort to stop the spread of nearly 300 pages of Facebook correspondence, including sexually explicit messages. Even two years later, he said, "it's a very traumatic story."
The Associated Press found that Lobkov was targeted by the hacking group known as Fancy Bear in March 2015, nine months before his messages were leaked. He was one of at least 200 journalists, publishers and bloggers targeted by the group as early as mid-2014 and as recently as a few months ago.
The AP identified journalists as the third-largest group on a hacking hit list obtained from cybersecurity firm Secureworks, after diplomatic personnel and U.S. Democrats. About 50 of the journalists worked at The New York Times. Another 50 were either foreign correspondents based in Moscow or Russian reporters like Lobkov who worked for independent news outlets. Others were prominent media figures in Ukraine, Moldova, the Baltics or Washington.
The list of journalists provides new evidence for the U.S. intelligence community's conclusion that Fancy Bear acted on behalf of the Russian government when it intervened in the U.S. presidential election. Spy agencies say the hackers were working to help Republican Donald Trump. The Russian government has denied interfering in the American election.
Previous AP reporting has shown how Fancy Bear — which Secureworks nicknamed Iron Twilight — used phishing emails to try to compromise Russian opposition leaders, Ukrainian politicians and U.S. intelligence figures, along with Hillary Clinton campaign chairman John Podesta and more than 130 other Democrats.
Lobkov, 50, said he saw hacks like the one that turned his day upside-down in December 2015 as dress rehearsals for the email leaks that struck the Democrats in the United States the following year.
"I think the hackers in the service of the Fatherland were long getting their training on our lot before venturing outside."
"CLASSIC KGB TACTIC"
New Yorker writer Masha Gessen said it was also in 2015 — when Secureworks first detected attempts to break into her Gmail — that she began noticing people who seemed to materialize next to her in public places in New York and speak loudly in Russian into their phones, as if trying to be overheard. She said this only happened when she put appointments into the online calendar linked to her Google account.
Gessen, the author of a book about Russian President Vladimir Putin's rise to power, said she saw the incidents as threats.
"It was really obvious," she said. "It was a classic KGB intimidation tactic."
Other U.S.-based journalists targeted include Josh Rogin, a Washington Post columnist, and Shane Harris, who was covering the intelligence community for The Daily Beast in 2015. Harris said he dodged the phishing attempt, forwarding the email to a source in the security industry who told him almost immediately that Fancy Bear was involved.