Donald Trump claims the Democratic National Convention hacked itself

Did the DNC really hack itself to deflect media attention from Hillary Clinton?

David bisson
David Bisson
@
@DMBisson

Donald Trump claims the Democratic National Convention hacked itself

Presumptive Republican presidential nominee Donald Trump says the Democratic National Convention (DNC) hacked itself to distract from issues facing his presumed opponent Hillary Clinton.

On Tuesday, news first broke about an intrusion into the DNC’s computer network that might have occurred more than a year ago.

In late-April, executives at the DNC contacted the security firm CrowdStrike after its IT teams detected suspicious activity on its network.

Sign up to our free newsletter.
Security news, advice, and tips.

Democrats

CrowdStrike analyzed the DNC’s network traffic and subsequently identified two Russian hacker groups that had gained unauthorized access to the affected system.

One group, known as COZY BEAR, is believed to have gained access back in the summer of 2015, whereas the second group, FANCY BEAR, most likely gained access in April 2016.

CrowdStrike CTO Dmitri Alperovitch claims that COZY BEAR’s and FANCY BEAR’s attacks are some of the most sophisticated he has ever seen:

“In fact, our team considers them some of the best adversaries out of all the numerous nation-state, criminal and hacktivist/terrorist groups we encounter on a daily basis. Their tradecraft is superb, operational security second to none and the extensive usage of ‘living-off-the-land’ techniques enables them to easily bypass many security solutions they encounter. In particular, we identified advanced methods consistent with nation-state level capabilities including deliberate targeting and ‘access management’ tradecraft – both groups were constantly going back into the environment to change out their implants, modify persistent methods, move to new Command & Control channels and perform other tasks to try to stay ahead of being detected. Both adversaries engage in extensive political and economic espionage for the benefit of the government of the Russian Federation and are believed to be closely linked to the Russian government’s powerful and highly capable intelligence services.”

CrowdStrike along with the DNC said they removed both hacker groups from the networks over the weekend. They also confirmed that no financial or donor information had been compromised in the breach, but the hackers had managed to monitor email traffic and steal the DNC’s opposition research into Donald Trump.

Oh…you mean this?

Screen shot 2016 06 16 at 11.52.52 am

Just one day later, a 237-page dossier of what appears to be the DNC’s opposition research on Republican presidential nominee Donald Trump began circulating online.

No one claiming to be affiliated with either hacker group published the information.

It was instead released by someone known as “Guccifer 2.0,”.

Guccifer 2.0 is a reference to Romanian hacker Marcel Lazăr Lehel, who under the pseudonym of “Guccifer” hacked into email accounts belonging to the family of George W Bush, and released private photos of former president George H W Bush.

Lehel, who is currently awaiting sentencing, was also linked to the theft of a Downton Abbey script, and has claimed to have hacked into Hillary Clinton’s private email server.

In a blog post, Guccifer 2.0 disputed CrowdStrike’s attribution of a recently disclosed hack at the DNC:

“Worldwide known cyber security company CrowdStrike announced that the Democratic National Committee (DNC) servers had been hacked by ‘sophisticated’ hacker groups. I’m very pleased the company appreciated my skills so highly))) But in fact, it was easy, very easy. Guccifer may have been the first one who penetrated [Democratic presidential nominee] Hillary Clinton’s and other Democrats’ mail servers. But he certainly wasn’t the last. No wonder any other hacker could easily get access to the DNC’s servers. Shame on CrowdStrike: Do you think I’ve been in the DNC’s networks for almost a year and saved only 2 documents? Do you really believe it?”

They also published a file that appears to list about two dozen people who donated at least $500,000 to the DNC as well as files containing other donor information and attendance information for fundraising events.

Bd

It’s not clear whether those documents are legitimate.

At this time, CrowdStrike is standing by its findings, stating:

“CrowdStrike stands fully by its analysis and findings identifying two separate Russian intelligence-affiliated adversaries present in the DNC network in May 2016.On June 15, 2016 a blog post to a WordPress site authored by an individual using the moniker Guccifer 2.0 claiming credit for breaching the Democratic National Committee. This blog post presents documents alleged to have originated from the DNC. Whether or not this posting is part of a Russian Intelligence disinformation campaign, we are exploring the documents¹ authenticity and origin. Regardless, these claims do nothing to lessen our findings relating to the Russian government¹s involvement, portions of which we have documented for the public and the greater security community.”

“The Donald,” however, is less than convinced.

U.s. republican presidential candidate donald trump stops speaking while waiting for protesters to be removed at a campaign rally at the university of iowa in iowa city, iowa

In a statement, he expressed his belief that none other than the DNC was behind the “hack”:

“This is all information that has been out there for many years. Much of it is false and/or entirely inaccurate. We believe it was the DNC that did the ‘hacking’ as a way to distract from the many issues facing their deeply flawed candidate and failed party leader. Too bad the DNC doesn’t hack Crooked Hillary’s 33,000 missing emails.”

Quite what evidence Donald Trump has that the Democrats hacked themselves in unclear. Although he has had some entanglements with the world cybercrime, it has been more in relation to having his hotel chains hacked than accurately identifying the miscreants.

Some more versed in fighting online crime have noted that Russian hackers might have used the hack to sow disinformation and draw attention away from the substantive political issues dominating the ongoing election season in the United States.

If that was their intention, they certainly succeeded… at least for the short term.

Guccifer 2.0 claims to have sent the rest of the documents to WikiLeaks, who said they will be publishing them soon. Perhaps that will provide some clarity about this incident.

Stay tuned!


David Bisson is an infosec news junkie and security journalist. He works as Contributing Editor for Graham Cluley Security News and Associate Editor for Tripwire's "The State of Security" blog.

5 comments on “Donald Trump claims the Democratic National Convention hacked itself”

  1. Ash

    Trump is a hack politician. Gary Johnson for President 2016!

  2. Nigel

    After so many decades of antagonism between the U.S.S.R. and the west, it's utterly naive to think that all of that enmity evaporated when the iron curtain was lifted. So, I have no difficulty believing that the Russian state is capable of very deliberate and very effective mischief, including meddling with the American political circus.

    It also wouldn't surprise me if it turned out that they did so in an effort to aid the clown (…well, clownette, actually) most likely to play into their hands, namely "Mrs." Clinton.

    Not that Mr. Trump is a better choice. It's not a coincidence that the word "hack" should be associated with either Trump or Clinton. The American electoral process seems tailor-made to bring the least-principled, most accomplished egomaniacs floating to the top.

  3. dennis

    another conspiracy by Trump again.

  4. Susan V. Hogan

    It's certainly possible.

    1. coyote · in reply to Susan V. Hogan

      I realise it's quite late but I can't help but laugh – quite a lot – at such a ridiculous – and it is extremely ridiculous and more than that (I'll let anyone fill in the blanks as they see fit) – statement. It's certainly possible. Really? As someone who has been in the 'underground' as it were (though nothing malicious it couldn't be called anything but 'underground') I rather resent (though accept it as it is what it is) the misappropriation of the words 'hack' and 'hacker'. But you do realise that by definition if they were to do it themselves it wouldn't be 'hacked'? Clearly not but that's the reality nonetheless. It says a lot about you…

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.