Clues in DNC Hacking Point to Russia 07/29 06:14
WASHINGTON (AP) -- Republican presidential nominee Donald Trump said is
reasserting that whoever hacked the Democratic National Committee and stole
years of internal emails remains a mystery. But private security experts ---
although not yet any U.S. government agencies --- say they found persuasive
clues that point to hacking groups whose previous targets track closely with
the strategic interests of Russia's government, especially its civilian and
military intelligence and security agencies.
Q: Who got hacked? What happened?
A: During the primary elections in April, months before Hillary Clinton had
effectively clinched her party's presidential nomination, the Democratic
National Committee said it noticed unusual activity on its internal computer
network. It hired Crowdstrike Services Inc. of Irvine, California, to
investigate, which secretly monitored the hackers and discovered evidence of
separate break-ins by two groups it recognized. The first happened in mid-2015
and the second was earlier in April.
The hackers stole opposition research on Trump, information about Democratic
donors and years' worth of internal DNC emails before Crowdstrike cut off their
access last month. Most of the DNC emails appeared to have been stolen on May
25. The committee publicly acknowledged the hacking on June 14.
The website Gawker said June 15 a hacker claiming responsibility gave it the
Trump research report. The same hacker set up a website June 15 and a Twitter
account June 20. The Smoking Gun website said June 21 the hacker provided it
with stolen files, and the trade publication Motherboard said June 23 it
interviewed the hacker. The Hill news organization said July 13 the hacker gave
it stolen DNC files, and WikiLeaks on July 22 published on its website more
than 19,000 stolen DNC emails.
The emails showed DNC staffers supporting Clinton when they were publicly
promising to remain neutral during the primary elections between her and rival
Sen. Bernie Sanders. The head of the DNC, Debbie Wasserman Schultz, resigned
July 24 over the disclosures and the DNC formally apologized July 25 to Sanders
about its staffers' remarks in the emails.
Q: Trump says the identity of the hackers is a mystery? Why is Russia the
A: Trump said Wednesday and repeated Thursday that no one knows who was
responsible for hacking the DNC. "They have no idea if it's Russia, if it's
China, if it's somebody else," Trump said. "Who knows who it is?"
But Crowdstrike and another security firm, ThreatConnect Inc. of Arlington,
Virginia, said they found compelling clues pointing to Russia's government when
they analyzed the hackers' methods and efforts to distribute the stolen emails
and other files. The hacker groups, identified by Crowdstrike as Cozy Bear and
Fancy Bear, used different but sophisticated techniques to break into the DNC
and try to avoid detection.
"Our team considers them some of the best adversaries out of all the
numerous nation-state, criminal and hacktivist-terrorist groups we encounter on
a daily basis," the company said.
Comparing the groups' tools, techniques and previous known targets,
CrowdStrike said the groups were affiliated with Russia's civilian and military
intelligence agencies, including the GRU.
Separately, ThreatConnect said it studied the communications between the
hacker and news organizations using French computers and a Russian-based
privacy-masking technology that it said was characteristic of a careful,
government-controlled hacker. "The persona is a Russia-controlled platform that
can act as a censored hacktivist," the company wrote. "Moscow determines what
(the hacker) shares and thus can attempt to selectively impact media coverage,
and potentially the election, in a way that ultimately benefits their national
Leo Taddeo, chief security officer at Cryptzone who previously oversaw FBI
cyber investigations in New York, said he believed CrowdStrike was correct in
blaming Russia. He said the company had been thorough in tying malicious code
from the DNC hack to samples previously used by the suspected hackers, and
correlating programming features and other indicators. "I think if you follow a
straight line, there's reason to believe that the Russians were likely the ones
to provide that information to WikiLeaks," he said.
Director of National Intelligence James Clapper said at an Aspen Institute
conference on Thursday that "I don't think we're quite ready yet to make a call
on attribution" but added that "we all know there are only just a few usual
suspects out there."
Q: Who is Guccifer 2.0? Did he openly claim responsibility?
A: A self-described Romanian hacker, calling himself Guccifer 2.0, has
claimed responsibility and delivered stolen DNC materials to news
organizations. His name is a rip-off of another hacker, Marcel Lehel Lazar of
Romania, who called himself Guccifer and pleaded guilty to hacking charges in
May in U.S. District Court in Virginia.
Lazar admitted hacking into the email and social media accounts of U.S.
politicians and celebrities between October 2012 and January 2014, including
former Secretary of State Colin Powell and the family of former presidents
George W. and George H.W. Bush. Lazar is expected to be sentenced to prison
The new Guccifer has denied working for Russia, but Motherboard said when it
interviewed him online he did not appear to be a native Romanian speaker. And
Crowdstrike and ThreatConnect concluded that the hacker was a ruse intended to
obfuscate Russia's involvement. "Guccifer 2.0 is a Russian propaganda effort
and not an independent actor," ThreatConnect said.
Q: Who gave the stolen DNC emails to WikiLeaks?
A: WikiLeaks won't say. "We never identity our sources," it wrote Wednesday
in a tweet. WikiLeaks founder Julian Assange has said in television interviews
there is no proof Russia was behind the hack and has promised that more
material was on its way. He has also declined to say how WikiLeaks got the
documents and would not say whether Guccifer 2.0 was involved.
Q: If the U.S. government decides Russia is responsible, will it go public
with that conclusion?
A: Probably yes, if past is any precedent.
The Obama administration's inclination in the last few years has been to
"name and shame" foreign governments believed to be responsible for attacks on
American corporations and infrastructure. Federal officials have tied North
Korea to the hack on Sony Pictures Entertainment, accused Chinese military
officials of siphoning secrets from nuclear power and solar companies and
indicted Iranian hackers in connection with a cyberattack on a small dam
outside New York City.
Though foreign hackers may never see the inside of an American courtroom,
Justice Department officials believe public attribution can function as an
Pointing the finger at Russia isn't as simple as blaming North Korea, given
Russia's significant diplomatic clout and America's dependence on it for
critical national security matters.
Even so, there will be pressure on the administration to make its findings
"I would hope that when the administration feels comfortable with the
attribution, they would be blamed, they would be shamed, they would potentially
be indicted," Rep. Adam Schiff of California, the ranking Democrat on the House
Intelligence Committee, said in an interview.