Republican presidential candidate Donald Trump speaks during a rally, Friday, May 27.
Russian government hackers broke into DNC servers, stole Trump oppo
The hackers had access to the information for approximately one year.
By Daniel Strauss Russian government hackers broke into the computer systems of the Democratic National Committee and accessed information about Democratic candidates as well as a database on opposition research against Donald Trump, POLITICO has confirmed.
The hackers had access to the information for approximately one year but that access was wiped clean last weekend, the Washington Post reported, noting that the DNC said that no personal, financial or donor information had been accessed or taken.
In late April, the DNC’s IT department noticed some suspicious behavior and contacted DNC chief executive officer Amy Dacey, according to a DNC official. Dacey then reached out to DNC lawyer Michael Sussman, a partner at the Perkins Coie law firm and a former federal prosecutor specializing in cyber crimes. Sussman then called Shawn Henry, the president of cyber security firm CrowdStrike, to get his company’s help. Within 24 hours of the first signals that something was amiss, cyber firm CrowdStrike was brought in to install monitoring software to analyze the details of who was responsible. The DNC has also been in contact with the FBI since the hack was discovered.
“The security of our system is critical to our operation and to the confidence of the campaigns and state parties we work with,” said Rep. Debbie Wasserman Schultz (D-Fla.), the DNC chairwoman, in a statement. “When we discovered the intrusion, we treated this like the serious incident it is and reached out to CrowdStrike immediately. Our team moved as quickly as possible to kick out the intruders and secure our network.”
CrowdStrike designated two groups that gained access to the DNC’s info. One, codenamed Cozy Bear, broke into the DNC last summer and had been monitoring the committee’s emails and chats. The other group CrowdStrike dubbed Fancy Bear. It hacked into the DNC in April aiming to get opposition research files. The Fancy Bear breach is what tipped off DNC officials. Fancy Bear was able to gain access to all of the DNC’s research staff computers.
In a blog post, CrowdStrike co-founder Dmitri Alperovitch said there was no coordination between the groups.
“At DNC, COZY BEAR intrusion has been identified going back to summer of 2015, while FANCY BEAR separately breached the network in April 2016. We have identified no collaboration between the two actors, or even an awareness of one by the other. Instead, we observed the two Russian espionage groups compromise the same systems and engage separately in the theft of identical credentials,” Alperovitch wrote.
DNC officials say that no personal employee information or voter or donor information seems to have been taken, but the investigation into the breach is ongoing.
Michael McFaul, who served as U.S. ambassador to Russia from 2012 to 2014, called it “meddling in our personal affairs.”
“I am sure they intended to do this without being caught,” he told POLITICO. “They wanted to obtain the information without it being detected. That’s a kind of target that would make sense — in terms of them wanting to know things about what is going on here. Whether they were doing it to try to try to manipulate our political process, I’d have to think about that.”
He added: “Russia has tremendous capabilities, both the Russian government and their proxies and people somewhat affiliated with the government. We always underestimate their capabilities.”
There is as yet no evidence the two groups were coordinating. One group may be connected to Russia’s GRU intelligence service and the other might be the Federal Security Service, Russia’s influential security arm, CrowdStrike told the Post.
A spokesman for the Russian Embassy told the Post that he had no knowledge of the hacking.
Russian hackers have long served as a major digital foil for the Obama administration. Last August, Defense Department officials blamed Moscow for orchestrating a successful cyberattack on the Pentagon Joint Staff’s unclassified email system. The incident came just months after Defense Secretary Ash Carter acknowledged Russian hackers had broken into the DOD’s unclassified networks.
In late 2014, suspected Moscow-backed hackers also cracked into the State Department and White House networks, accessing sensitive materials such as President Barack Obama’s personal schedule. It took months for the agencies to fully eradicate the digital invaders and repair their systems.
Shawn Henry, the president of CrowdStrike, told MSNBC moments after the story broke that the DNC was “very responsive” to the hack.
“They immediately recognized and had a high degree of urgency that this was important by calling us in,” Henry said. “The key piece is moving towards remediation. How are we able to quickly kind of stop the flow of intelligence that’s leaving that network and move the attackers off the network and provide the organization, allow them to build a network that is free from this type of tools that the Russians had put on to the network.”
Henry, a former executive assistant director at the FBI, said the DNC had contacted his organization through its legal counsel.
“We deployed certain pieces of technology that we use to try to get some visibility into the extent, the depth and breadth of this particular breach. In the course of this, working very closely with the I.T. staff of the DNC, we were able to identify with a very high degree of confidence a group that we have attributed back to the Russian government targeting that DNC network,” Henry said. “We know with certainty my time in the bureau and now at Crowd Strike that foreign intelligence services are constantly interested in political processes. They’re interested in strategies. They’re interested in foreign policy, et cetera. And the DNC and other NGOs that have been targeted over the years by this very, very sophisticated group with a high degree of capability and some very, very sophisticated technology.”
The DNC hack comes after two straight election cycles in which intelligence officials said foreign government cyber espionage was rampant.
In 2008, the campaigns for both Sen. John McCain (R-Ariz.) and President Barack Obama were bombarded by suspected Chinese hackers, according to U.S. intelligence officials. The digital intruders were reportedly after internal policy papers and the emails of top advisers.
During the next presidential election cycle, Mitt Romney’s personal email was reportedly infiltrated after hackers correctly guessed his password, “Seamus,” the name of the Romney family dog. The alleged hacker claimed to have not stolen any information.
National Intelligence Director James Clapper alluded to these past incidents earlier this year and warned that the 2016 race would be no different.
“As the campaign intensifies we’ll probably have more” attacks, he said in May. Indeed, the DNC hack would appear to be much more severe than these previous reported incidents, as the infiltrators reportedly had full access to all email and chat access for up to a year.
The immediate reaction in Congress was surprise.
“It’s unfortunate, and we ought to do everything we can to prevent it but I can’t opine with any great thoughts. It sort of takes us back to Watergate. So, unfortunate,” Sen. Dianne Feinstein said.
Asked if it gave him pause that information on Trump was stolen as the presumptive Republican nominee for president habitually praises Russian President Vladimir Putin, Sen. Richard Burr pivoted to Hillary Clinton.
“It gives me pause to believe that Secretary Clinton’s [email] wasn’t hacked,” Burr said.
Cory Bennett, Nick Gass, and Bryan Bender contributed to this report.
Read more: http://www.politico.com/story/2016/06/russian-government-hackers-broke-into-dnc-servers-stole-trump-oppo-224315#ixzz4Ba8PjuNt
Follow us: @politico on Twitter | Politico on Facebook