Presumptive Republican presidential nominee Donald Trump says the Democratic National Convention (DNC) hacked itself to distract from issues facing his presumed opponent Hillary Clinton.
On Tuesday, news first broke about an intrusion into the DNC’s computer network that might have occurred more than a year ago.
In late-April, executives at the DNC contacted the security firm CrowdStrike after its IT teams detected suspicious activity on its network.
CrowdStrike analyzed the DNC’s network traffic and subsequently identified two Russian hacker groups that had gained unauthorized access to the affected system.
One group, known as COZY BEAR, is believed to have gained access back in the summer of 2015, whereas the second group, FANCY BEAR, most likely gained access in April 2016.
CrowdStrike CTO Dmitri Alperovitch claims that COZY BEAR’s and FANCY BEAR’s attacks are some of the most sophisticated he has ever seen:
“In fact, our team considers them some of the best adversaries out of all the numerous nation-state, criminal and hacktivist/terrorist groups we encounter on a daily basis. Their tradecraft is superb, operational security second to none and the extensive usage of ‘living-off-the-land’ techniques enables them to easily bypass many security solutions they encounter. In particular, we identified advanced methods consistent with nation-state level capabilities including deliberate targeting and ‘access management’ tradecraft – both groups were constantly going back into the environment to change out their implants, modify persistent methods, move to new Command & Control channels and perform other tasks to try to stay ahead of being detected. Both adversaries engage in extensive political and economic espionage for the benefit of the government of the Russian Federation and are believed to be closely linked to the Russian government’s powerful and highly capable intelligence services.”
CrowdStrike along with the DNC said they removed both hacker groups from the networks over the weekend. They also confirmed that no financial or donor information had been compromised in the breach, but the hackers had managed to monitor email traffic and steal the DNC’s opposition research into Donald Trump.
Oh…you mean this?
Just one day later, a 237-page dossier of what appears to be the DNC’s opposition research on Republican presidential nominee Donald Trump began circulating online.
No one claiming to be affiliated with either hacker group published the information.
It was instead released by someone known as “Guccifer 2.0,”.
Guccifer 2.0 is a reference to Romanian hacker Marcel Lazăr Lehel, who under the pseudonym of “Guccifer” hacked into email accounts belonging to the family of George W Bush, and released private photos of former president George H W Bush.
Lehel, who is currently awaiting sentencing, was also linked to the theft of a Downton Abbey script, and has claimed to have hacked into Hillary Clinton’s private email server.
In a blog post, Guccifer 2.0 disputed CrowdStrike’s attribution of a recently disclosed hack at the DNC:
“Worldwide known cyber security company CrowdStrike announced that the Democratic National Committee (DNC) servers had been hacked by ‘sophisticated’ hacker groups. I’m very pleased the company appreciated my skills so highly))) But in fact, it was easy, very easy. Guccifer may have been the first one who penetrated [Democratic presidential nominee] Hillary Clinton’s and other Democrats’ mail servers. But he certainly wasn’t the last. No wonder any other hacker could easily get access to the DNC’s servers. Shame on CrowdStrike: Do you think I’ve been in the DNC’s networks for almost a year and saved only 2 documents? Do you really believe it?”
They also published a file that appears to list about two dozen people who donated at least $500,000 to the DNC as well as files containing other donor information and attendance information for fundraising events.
It’s not clear whether those documents are legitimate.
At this time, CrowdStrike is standing by its findings, stating:
“CrowdStrike stands fully by its analysis and findings identifying two separate Russian intelligence-affiliated adversaries present in the DNC network in May 2016.On June 15, 2016 a blog post to a WordPress site authored by an individual using the moniker Guccifer 2.0 claiming credit for breaching the Democratic National Committee. This blog post presents documents alleged to have originated from the DNC. Whether or not this posting is part of a Russian Intelligence disinformation campaign, we are exploring the documents¹ authenticity and origin. Regardless, these claims do nothing to lessen our findings relating to the Russian government¹s involvement, portions of which we have documented for the public and the greater security community.”
“The Donald,” however, is less than convinced.
In a statement, he expressed his belief that none other than the DNC was behind the “hack”:
“This is all information that has been out there for many years. Much of it is false and/or entirely inaccurate. We believe it was the DNC that did the ‘hacking’ as a way to distract from the many issues facing their deeply flawed candidate and failed party leader. Too bad the DNC doesn’t hack Crooked Hillary’s 33,000 missing emails.”
Quite what evidence Donald Trump has that the Democrats hacked themselves in unclear. Although he has had some entanglements with the world cybercrime, it has been more in relation to having his hotel chains hacked than accurately identifying the miscreants.
Some more versed in fighting online crime have noted that Russian hackers might have used the hack to sow disinformation and draw attention away from the substantive political issues dominating the ongoing election season in the United States.
If that was their intention, they certainly succeeded… at least for the short term.
Guccifer 2.0 claims to have sent the rest of the documents to WikiLeaks, who said they will be publishing them soon. Perhaps that will provide some clarity about this incident.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.