Was the DNC Breach the Work of Russian Hackers?

The recent breach of sensitive data stored on the DNC server has been making waves since the stolen information was published on WikiLeaks just a few days ago. As the information is sifted through (exposing problematic behavior on the part of handfuls of DNC higher-ups), questions have gone unanswered regarding the expertly-planned cyber espionage attack that was so successfully carried out against the national committee.

dnc leak2Cyber experts have noted that the scale, timeliness, and sensitivity of the data released imply a level of sophistication that would be difficult to find outside of state-sponsored activity. WikiLeaks’ decision to publish the documents into a search engine has indexed that data, making it that much easier for those looking for damning data to locate it. Email conversations between democratic party leaders revealing a collusion to give the nomination to Hillary Clinton, remarks regarding Bernie Sanders’ lack of religious emphasis, and many other sensitive topics have been sentenced to the public eye, with largely embarrassing results.

It’s worth mentioning that the documents were well-timed; all confidential information was exposed strategically; their surfacing just before the Democratic National Convention allowed for the highest possible level of chaos upon the convention’s onset.

As for who actually carried out the hacking? American authorities seem to be unanimously pinning the blame on Russian hackers, an allegation that gains evidence daily. For example, in mid-June when the DNC called in the the cyber threat analysis firm Crowdstrike to examine the committee’s servers, the company found “two separate Russian intelligence-affiliated adversaries present in the DNC network.” Crowdstrike then released a comprehensive report of its findings, which were released on June 14. Among its many discoveries, Crowdstrike found that one of the hacking groups had been snooping in the DNC’s servers for almost a year. The next week, two different cybersecurity firms independently confirmed Crowdstrike’s reports. The additional firms also found that the two hackers used malware and methods identical to those used in other attacks attributed to the suspected Russian hacking groups.

dnc leakThe day after Crowdstrike’s report was published, a hacker calling themselves “Guccifer 2.0” took credit for the hack and claimed that he or she was not affiliated with the Russian government and was instead a stand-alone hacker. Guccifer 2.o went on to claim that he had handed off much of what he had found to Wikileaks.

More compelling evidence linking the DNC breach to Russian state-sponsored hacking was found by King’s College in London professor Thomas Rid. Rid found that there was an identical command-and-control address hardcoded into the DNC malware that was also on the malware that was used to hack the German Parliament back in 2015. German officials had stated that the malware originated from Russian military intelligence.

Additional evidence includes that documents were translated into Cyrillic and that Guccifer, who claimed to be Romanian, did not speak coherent Romanian.

“It doesn’t strain credulitiy to look at the Russians,” said malware expert with CitizenLab Morgan Marquis-Boire. “This is not the first time that Russian hackers have been behind intrusions in US government, and it seems unlikely that it will be the last.”

The Kremlin has denied any Russian involvement in the leak.

 

Leave a Reply