Wednesday, June 15, 2016

Russian Government Hackers Penetrated DNC Network


Why the Russians take an interest in U.S. political candidates. Do the Russians have a horse in the current race?

by Gaius Publius

Before I present the news part of the story, note the following:
  • These are competing government-associated hackers. One hacker is associated with military intelligence. The other is associated with what was the KGB. These are competing organizations within the Russian government orbit.
  • One hack was in place since last summer. The other was initiated in April. The second could have eventually involved massive data downloads, since the target was the DNC's oppo research.
  • The ability of the Russian government to hack their enemies is excellent.
  • The article says the Russians "perceive" us as enemies. No, we are enemies, based on our own actions and rhetoric.
  • Finally, what does this tell you about Clinton's unprofessionally managed homebrew server? The question hangs in the air. We looked at one law applying to national secrets here. Clearly, the requisite "gross negligence" is present; all that's missing is evidence of a hack. Could that be coming?
Now the story, via the Washington Post and Ellen Nakashima (my emphasis throughout):
Russian government hackers penetrated DNC, stole opposition research on Trump

Russian government hackers penetrated the computer network of the Democratic National Committee and gained access to the entire database of opposition research on GOP presidential candidate Donald Trump, according to committee officials and security experts who responded to the breach.

The intruders so thoroughly compromised the DNC’s system that they also were able to read all email and chat traffic, said DNC officials and the security experts.

The intrusion into the DNC was one of several targeting American political organizations. The networks of presidential candidates Hillary Clinton and Donald Trump were also targeted by Russian spies, as were the computers of some GOP political action committees, U.S. officials said. But details on those cases were not available.

A Russian Embassy spokesman said he had no knowledge of such intrusions.

Some of the hackers had access to the DNC network for about a year, but all were expelled over the past weekend in a major computer cleanup campaign, the committee officials and experts said.
About the skill of the hackers:
The depth of the penetration reflects the skill and determination of the United States’ top cyber adversary as Russia goes after strategic targets, from the White House and State Department to political campaign organizations....

The firm identified two separate hacker groups, both working for the Russian government, that had infiltrated the network, said Dmitri Alperovitch, CrowdStrike co-founder and chief technology officer. The firm had analyzed other breaches by both groups over the last two years.

One group, which CrowdStrike had dubbed Cozy Bear, had gained access last summer and was monitoring the DNC’s email and chat communications, Alperovitch said.

The other, which the firm had named Fancy Bear, broke into the network in late April and targeted the opposition research files. It was this breach that set off the alarm. The hackers stole two files, Henry said. And they had access to the computers of the entire research staff — an average of about several dozen on any given day.
Who are "Cozy Bear" and "Fancy Bear"?
The two groups did not appear to be working together, Alperovitch said. Fancy Bear is believed to work for the GRU, or Russia’s military intelligence service, he said. CrowdStrike is less sure of whom Cozy Bear works for but thinks it might be the Federal Security Service or FSB, the country’s powerful security agency, which was once headed by Putin.

The lack of coordination is not unusual, he said. “There’s an amazing adversarial relationship” among the Russian intelligence agencies, Alperovitch said. “We have seen them steal assets from one another, refuse to collaborate. They’re all vying for power, to sell Putin on how good they are.”

The two crews have “superb operational tradecraft,” he said.
And now for the most disingenuous (propagandistic) part of the article — about the Russian attitude to the U.S.:
We’re perceived as an adversary of Russia,” [Shawn Henry, president of CrowdStrike] said. “Their job when they wake up every day is to gather intelligence against the policies, practices and strategies of the U.S. government. There are a variety of ways. [Hacking] is one of the more valuable because it gives you a treasure trove of information.” ...

Russia has always been a formidable foe in cyberspace, but in the last two years “there’s been a thousand-fold increase in its espionage campaign against the West,” said Alperovitch, who is also a senior fellow at the Atlantic Council. “They feel under siege.”

Western sanctions, imposed after Russia’s annexation of Crimea in Ukraine, have hurt the economy and led the government to increase its theft of intellectual property to limit the impact of import restrictions, he said. And Russia’s growing isolation has increased the need for intelligence to understand and influence political decisions in other countries, he added.
Notice especially the first sentence — "We're perceived as an adversary of Russia." Perceived? Consider the constant "Putin is the devil" propaganda in the U.S. press and from public officials. Then look at the map at the top. We're not just perceived as an adversary of Russia. We are an adversary of Russia, and we act like it. Why would they not treat us as they do?

Why Is This Being Revealed at All? And Why Now?

Finally, what's the effect of this story appearing now? And why now? There are few clues in the story. To find out why this story is appearing, consider these snippets:
Russian government hackers penetrated the computer network of the Democratic National Committee ... according to committee officials and security experts who responded to the breach. ...

The networks of presidential candidates Hillary Clinton and Donald Trump were also targeted by Russian spies, as were the computers of some GOP political action committees, U.S. officials said. ...

Some of the hackers had access to the DNC network for about a year, but all were expelled over the past weekend in a major computer cleanup campaign, the committee officials and experts said. ...

DNC leaders were tipped to the hack in late April. ...

CrowdStrike is continuing the forensic investigation, DNC lawyer Sussmann said. “But at this time, it appears that no financial information or sensitive employee, donor or voter information was accessed by the Russian attackers,” he said. ...
To reconstruct: The hack was discovered in April. Other political candidates' networks were also targeted. The cleanup was finished "last weekend" (June 11-12). All is now well, according to one of the few DNC officials cited, Michael Sussmann, a "DNC lawyer who is a partner with Perkins Coie in Washington."

So how did this story get released? Unnamed DNC "committee officials and security experts" and unnamed "U.S. officials" are cited above, which leads to the CrowdStrike official commenting officially and to Sussman, DNC lawyer, commenting. But what's the source for this story? Why wasn't it just buried?

The fact it wasn't buried suggests this isn't a friendly leak, one of those "let's pretend we're leaking in order to get our official messages out" leaks. This leak is (a) embarrassing to the DNC, and (b) supports the theory that the Clinton home-brew server was also hacked. It seems likely that someone not named in the story clued the Post (if they were first to receive it), and the Post went digging. I just don't see the DNC volunteering this information.

As to why it was published now, the timing seems unfortunate, especially in light of a spate of these kind of stories, which have started appearing recently. First, from, a pro-industry website, but one which is also solid analytically:
Russia Is Reportedly Set To Release Clinton's Intercepted Emails

Reliable intelligence sources in the West have indicated that warnings had been received that the Russian Government could in the near future release the text of email messages intercepted from U.S. Presidential candidate Hillary Clinton’s private e-mail server from the time she was U.S. Secretary of State. The release would, the messaging indicated, prove that Secretary Clinton had, in fact, laid open U.S. secrets to foreign interception by putting highly-classified Government reports onto a private server in violation of U.S. law, and that, as suspected, the server had been targeted and hacked by foreign intelligence services.

The reports indicated that the decision as to whether to reveal the intercepts would be made by Russian Federation President Vladimir Putin, and it was possible that the release would, if made, be through a third party, such as Wikileaks.
This has been picked up in mainly right-wing venues, so perhaps it's questionable information, though "Reliable intelligence sources in the West have indicated that warnings had been received" could well be true. Note, however, no attribution as to who sent or who received the warnings.

Note also the mention of Wikileaks. Hot on these heels we also find this story, from Wikileaks head Julian Assange himself, via USuncut. Assange speaks on an ITV interview program.
In a recent interview with ITV, Assange said the whistleblowing website will soon be leaking documents that will provide “enough evidence” for the Department of Justice to indict the presumptive Democratic nominee. ...

Assange hinted that the emails slated for publication contain additional information about the Clinton Foundation. ...
The ITV video, trimmed to just the Clinton comment, is below.

If the video fails to play, you can access it here (start at 4:02).

Not sure what to make of all this. The "DNC got hacked" news is certainly news, and worrisome. The timing is unfortunate. Will another shoe drop? The situation is certainly suggestive.

Last note. I can't imagine living in a country where Trump is president. I don't think I'm in any position to do anything but watch, however. My own preference for nominee (there's still time) is Bernie Sanders. But if Clinton is the nominee, we can only hope the castle the Party is building doesn't crumble around her. Because it sure seems there's a storm coming.

(Just the messenger, and a reluctant one, speaking.)


Labels: , , , , , , , , , ,


At 11:27 AM, Anonymous Anonymous said...

I fully expect the NYT, WaPo and NPR to blame Sanders for having hired the Russians to hack the DNC.

All seriousness aside, if Putin leaks sensitive US government info hacked from HRC's personal server, he will have done Obumma's job a second time in the last few months, the first being the direct intervention in Syria, without invoking the highly idiotic notion of "moderate" terrorists.

John Puma

At 2:21 PM, Blogger Bob In Portland said...

Remember when Dubya invaded Iraq (in part, reasons were flying by the minute back then) to pay back bad man Saddam for an alleged assassination plot against his Dad?

This looks like a setup for the fall race. Now any criticism or negative news against H. Clinton can be categorized as Russian propaganda. And despite the Cold War being long over, Cold War 2.0 is happening and Americans are ready to gobble down anti-Russian propaganda.

Also, this story can be reprised after inauguration as a rationale for whatever military action against Russia and its allies, because "this time it's personal."

At 10:38 PM, Anonymous Anonymous said...

Follow up from Reuters: "'Lone hacker' claims responsibility for cyber attack on Democrats"

John Puma

At 4:45 PM, Anonymous Anonymous said...

What with the insecure nature of today's networks and systems (seriously... Windows?!?!?!? Linux??? IP?? is that the best we can do? Are we really that stupid?), one should presume that everything is being viewed by someone/everyone. The NSA if nobody else. Russia or China or Iran... anyone with an actual educated populace -- unlike here, if they want something, can get it pretty easily.

The reporting doesn't actually make much sense.. unless the Russians already KNOW all they need to know about the virulent Russophobe $hillbillary. Maybe they're just "polling" for info about the empty-skulled drumpf, though as stupid and racist as they come, he does not betray russophobia.

Anyone paying attention for the past 56 years can pretty well predict what $hillbillary will do (for money and empire) but even drumpf has no idea what he will do from moment to moment.

At 7:54 PM, Blogger jvb2718 said...

5 weeks have passed since this report and WikiLeaks has released some DNC stuff that proves that the DNC stole the primaries from Bernie and that the corrupt DNC really doesn't like Bernie... DUH!!!

Not yet released is anything (more) damning to $hillbillary wrt her illegal private state dept. server and the corrupt influence peddling Clinton foundation. I'm hoping that Assange will do it real soon so the DNC performance art of this week can be appreciated for just how NOT REALITY it was.

Unanswered today (but maybe some day) is whether WHEN it is proven that $hillbillary should be indicted (make Comey and the AG resign in shame!?!?!) and that the foundation is simply the Clintons' private family mint... will the corrupt DNC impeach their own chosen corrupt money whore and let Bernie beat drumpf? Or will they light themselves on fire further and keep the ticket as is and lose?

Mr. Assange... PUHLEEEEEEEEEEZE release what you promised very soon.


Post a Comment

<< Home