(TFC) – Recently, hackers breached the Democratic National Committee’s (DNC) servers, making off with political opposition files. Although initial reports outed a collective of Russian hackers, a lone infiltrator now claims full responsibility. What the files reveal, as well as the drama surrounding their identities, offers an unusual view of modern digital espionage.
It began with the infiltration of the DNC’s servers by adept virtual spies, and the confidential files they downloaded. Hackers, noticed a month ago, first accessed DNC data for over a year. Their breach of communications was described as “unimpeded” by New York Times, requiring outside intervention. Cyber-security firm CrowdStrike, founded in 2011, was then recruited to expel and identify the hackers.
After penetrating DNC servers, hackers attacked Hillary Clinton’s campaign base in Brooklyn, a senior official said. According to NYT, it’s unclear whether any data was taken during this effort. The Democratic National Committee’s apparently standard cyber-protections were outmatched by what NYT called “state-sponsored hackers.”
Hacker groups FancyBear and CozyBear were named by CrowdStrike, and thereafter linked to Russia. Interestingly, NYT reports, these two were veteran collectives associated with competing government agencies. CrowdStrike claimed CozyBear downloaded unclassified State Department and White House communications in recent years. In 2014 and 2015, efforts to scrub breached systems resulted in system shutdowns during key Iran negotiations.
“These are incredibly sophisticated groups”, says CrowdStrike co-founder Dmitri Alperovitch, NYT reports. Alperovitch claimed hackers “covered their tracks well”, uncovered only after Trump files were accessed. Of course, there are many obvious reasons why political opposition data is of interest to foreign governments. Such files not only give intelligence on particular candidates, but also the state of both main political parties.
If correct, then this rings shades of recent findings that foreign intelligence entities monitored 2008’s election. As outlined by a recently declassified document, intelligence officials warned incoming nominee’s of the various forms of espionage that was occurring and likely still is. Candidates were warned that foreign agents hacked campaign data, and even posed as staffers. Foreign agents reputedly engaged in “perception management”, which has yet to be defined by government officials. “Be cautious”, intelligence officials warned, “the reality of foreign intelligence operations is more nuanced and subtle than you may expect.”
CrowdStrike later identified FancyBear as under the control of the G.R.U intelligence agency associated with Russia. According to NYT, the group has previously targeted US, Canadian, South Korean, European, and Japanese military and aerospace organizations. Although reputedly Russian affiliates, evidence indicates CozyBear and FancyBear weren’t working together. “One would steal a password”, says Alperovitch, “and the next day the other group would steal the same password.
Hillary Clinton later denied her campaign information was accessed, but was disturbed by the infiltration. Clinton did, however, take the opportunity to pin cyber-security as something she’s “absolutely focused on.” She built on polarizing language surrounding the hacking issue, “whether it’s Russia or China, Iran or North Korea”. “More countries are using hacking to steal our information”, says Clinton, NYT reports, “to use it to their advantage.”
Unfortunately, things aren’t always so simple when stripped of geopolitical rhetoric. A day after the breach another, a more mysterious hacker surfaced and claimed responsibility. Proving their point, the hacker dubbed “Guccifer 2.0” leaked documents from the digital raid, whist blasting CrowdStrike’s findings. The hackers chosen moniker, Newsmax reports, is a reference to an imprisoned Romanian hacker who targeted American political figures in 2013.
According to Newsweek, DNC officials refuted Guccifer’s claims, asserting their cyber-security guards confirmed the hackers were Russian. The official later claimed that “Guccifer 2.0” is, instead, part of a Russian-manufactured misinformation campaign. After Guccifer dropped the first leaks, Softpedia reports, the Democratic Party’s Debbie Schultz claimed the hacker acquired no sensitive information.
Guccifer was apparently watching, or listening, and dropped 20 more files a day after Schultz’s rebuttal. Embarrassingly, these files reputedly included information regarding private donors of the Democratic Party. According to Softpedia, the addresses, occupations, and phone numbers of donors were included in a spreadsheet leaked by Guccifer 2.0. Other files included an analysis of Clinton’s speech and body language, as well as memos between DNC staffers. The data proved authentic enough to provoke security experts to suggest Guccifer themselves may be a Russian agent.
According to Newsmax, about 200 pages were leaked of a document entitled the “Donald Trump Report.” It included hundreds of pages documenting Trumps tendency to quickly change his position, and outlined attacks against him. It described the republican candidate as “a bad businessman” and a “misogynist in chief”.
Trump appeared unimpressed by the documents, calling it either old information or inaccurate. Following a usual provocative pattern, he later suggested perhaps the DNC hacked itself. Maybe the best is yet to come, however, as Newsmax reports Guccifer 2.0 possesses 100 gigabytes including financial reports, donor lists, and more. Some information was reputedly given to Julian Assange’s outfit at Wikileaks for future release, and safe keeping.
While CrowdStrike continues to claim the hack was Russian, they have no idea how they’d gotten in. In a blog published in response to Guccifer, CrowdStrike said it’s unsure of the hackers nature, and is examining the leaks. Claiming Guccifer’s leaks “do nothing to lessen our findings related to the Russian government’s involvement”, CrowdStrike rehashed it’s explanation.
The firm asserts CozyBear and FancyBear exhibited state-sponsored capabilities, and linked both to previous attacks on US data. Despite the lengthy counter-blog, Guccifer 2.0 remains just as mysterious, and continues to release information. As it appears the hacker is paying attention to news, and responds accordingly, perhaps further proofs will surface in the coming days.