The hack of DNC emails bears the hallmarks of a Russian intelligence operation
FBI hasn't officially attributed attack to Russian government hackers yet
Federal investigators tried to warn the Democratic National Committee about a potential intrusion in their computer network months before the party moved to try to fix the problem, U.S. officials briefed on the probe tell CNN.
The revelation raises questions about whether the DNC could have done more to limit the damage done by hackers suspected of working for Russian intelligence.
The DNC brought in consultants from the private security firm CrowdStrike in April. And by the time suspected Russian hackers were kicked out of the DNC network in June, the hackers had been inside for about a year.
A person briefed on the DNC’s response says the warning from the FBI and other agencies wasn’t specific, and that the extent of the problem wasn’t clear when the initial warnings came. DNC officials hired outside help after additional indications surfaced that their systems were compromised.
The DNC breach occurred around the same time as breaches of U.S. government systems at the State Department and the White House. Analysts from the National Security Agency found signatures in those breaches that led them to suspect there were other intrusions outside the government, including at the DNC.
“I talked to the general counsel of the DNC today and he assures me that every step along the way when we were notified of these issues that we changed systems, changed procedures,” said DNC vice chairwoman Donna Brazile to CNN’s Wolf Blitzer. “But these hackers are so sophisticated that they changed procedures. So yes, it went on for more than a year, but at no time did we ignore the warning from the FBI or any other federal officials.”
Earlier on Monday, the FBI confirmed it was investigating a hack into the DNC, the first acknowledgment from the agency that they are probing the incident, which U.S. officials suspect came from a Russian cyber attack.
Fallout over the emails led DNC Chairwoman Debbie Wasserman Schultz to announce her resignation Sunday.
“The FBI is investigating a cyber intrusion involving the DNC and are working to determine the nature and scope of the matter,” the agency said in a statement. “A compromise of this nature is something we take very seriously, and the FBI will continue to investigate and hold accountable those who pose a threat in cyberspace.”
The suspected Russian hack is part of a wave of Russian cyber attacks aimed at political organizations and academic think tanks in Washington, U.S. officials briefed on the investigations say.
Over the weekend, Wikileaks began publishing emails from the DNC. The group didn’t identify the source. But the campaign of presumptive Democratic nominee Hillary Clinton pointed the finger at Russia, saying the release of stolen emails was intended to help Republican nominee Donald Trump.
The FBI has sent experts to meet with the Republican National Committee, as well as the major campaigns, to discuss their security measures, the officials say. No similar intrusions have so far been detected at the RNC or the campaigns of the two major party candidates, the officials say.
Clinton campaign manager Robby Mook told CNN’s Jake Tapper on “State of the Union” Sunday about that “changes to the Republican platform to make it more pro-Russian,” which could provide some of the motive behind the hacks.
“I don’t think it’s coincidental that these emails were released on the eve of our convention here, and I think that’s disturbing,” he said.
Trump told The New York Times in an interview last week, that if he’s elected the U.S. wouldn’t defend NATO allies against Russian aggression if they haven’t “fulfilled their obligation to us.”
Trump’s son, Donald Trump Jr., denied that his father’s campaign had anything to do with encouraging Russians to hack the DNC.
“I can’t think of bigger lies, but that exactly goes to show you what the DNC and what the Clinton camp will do,” Trump told Tapper on “State of the Union”.
Even before the emails were posted on Wikileaks, the White House convened a security meeting to review what was known, U.S. officials told CNN.
Democrats, including some in Congress, are trying to pressure the White House to publicly name Russia as the perpetrator, in the way the government named North Korea in the Sony hack and China for hacking various U.S. companies. The Obama administration has resisted publicly naming Russia despite evidence gathered by U.S. government investigators showing Russian behind cyber-attacks on U.S. government agencies and even the public release in 2014 of a hacked phone call between U.S. diplomats in Ukraine that was caused embarrassment for the U.S.
At the State Department Monday, spokesman John Kirby refused to say Russia was responsible, citing the ongoing investigation.
“It goes without saying that issues of cyber security will be a topic of discussion between us and our Russian interlocutors on a continuous basis. I don’t have any specific conversations to speak to and nor would I as this matter’s under investigation by the FBI,” Kirby said. “I think we need to let the FBI do their work before we try to form any conclusions here in terms of what happened and what the motivation was behind it. The FBI’s spoken to this. We’re going to respect that process.”
James Trainor, assistant director for FBI’s cyber division, told CNN in a recent interview that the bureau has been working with political organizations and think tanks to put more resources into the security of their computer networks. He wouldn’t discuss the DNC or the role of Russia, but spoke generally about the increased number of such intrusions.
“There’s been aggressive targeting of that sector, the various campaigns, think tanks in the Washington, DC area,” Trainor said.
The “targeting of any candidate or any party (that) has political intelligence,” Trainor said. “There’s value in information there if you’re a nation state actor, so (it) shouldn’t be surprising.”
Private-sector cyber security investigators hired by the DNC concluded that hackers working for the Russian government were behind the year-long breach of the DNC. The investigation found intrusions by two Russian hacking groups.
Russian Foreign Minister Sergey Lavrov, however, dismissed claims. When asked by a reporter, “What do you say of the U.S. accusations that Russia hacked the Democratic Party emails?,” Lavrov replied “Well, I don’t want to use four-letter words.”
At least one of the DNC intruders is believed to be behind other breaches of non-classified U.S. government systems at the White House, State Department and other agencies, security experts believe, based on an analysis of malicious software in the breaches.
The FBI and other U.S. agencies involved haven’t yet officially attributed the DNC attack to Russian government hackers. But evidence gathered by the FBI so far points to groups that are known to U.S. counter-intelligence for carrying out intrusions for the Russian government, the officials briefed on the probe say.
The release of the emails over the weekend, however, raised new questions among government and private sector security officials.
It’s possible that other hackers took advantage of the DNC’s vulnerabilities and also stole information, U.S. officials said. But the intrusion so far appears to bear the hallmarks of a Russian intelligence operation.
Foreign spy agencies routinely try to collect information on U.S. elections, and there were some cyber attacks against political campaigns detected during the 2012 election cycle.
Typically, spy agencies collect such information to try to better inform their governments about U.S. politics. U.S. spy agencies do the same overseas.
Russian spy agencies have published embarrassing information to try to influence political events in countries they consider part of their sphere of influence. But to publicly release vast troves of stolen data to try to influence a U.S. election is beyond the scale of what U.S. counterintelligence officials have seen.
Whether Russian intelligence agencies provided the stolen information to Wikileaks, either directly or through middlemen, is now a top issue for U.S. investigators to resolve, the U.S. officials briefed on the probe say. The answer won’t likely come until well after the election.
The impact of the release of the DNC hacked emails was almost immediate, prompting the ouster of the head of one of the two major political parties.
Since the hackers were in the DNC systems for about a year, U.S. officials expect more data releases.