On Friday, 19,252 emails sent by Democratic National Committee officials leaked on the controversial publishing platform WikiLeaks. The contents of the emails rocked the DNC, led to chair Debbie Wasserman Schultz’s resignation, and created a potentially damaging climate for Hillary Clinton’s presidential run. It’s a lot, but, incredibly, there’s much more to all of this.
The DNC announced in June that it had been hacked and was working with the well-known security firm CrowdStrike to investigate the breach. CrowdStrike said from the beginning that it had discovered two hacking groups lurking on the DNC’s networks—one that had been there for more than a year and one that had cropped up recently. Though it is difficult to definitively determine the source of sophisticated cyberattacks, the firm said it had strong forensic evidence that both hacking groups were tied to the Russian government, and it published its findings in a June report. CrowdStrike concluded that one network intruder was linked to Russia’s Federal Security Service and the other to the GRU military intelligence group.
But then an entity came forward on June 15, claiming to have hacked the DNC alone. “Guccifer 2.0” started publishing blog posts and posting stolen DNC documents. Soon after, WikiLeaks tweeted about a potential data dump, posting an encrypted 88 gigabyte “insurance” file for people to torrent. The idea was that WikiLeaks could publish a decryption key if it ever wanted people to access the trove (which is probably the stolen DNC files). In July, the Hill also published some DNC documents, writing, “Guccifer 2.0, the hacker who breached the Democratic National Committee, has released a cache of purported DNC documents to The Hill in an effort to refocus attention on the hack.”
But CrowdStrike was always skeptical of Guccifer 2.0. As it wrote in reaction to the original Guccifer 2.0 blog post:
CrowdStrike stands fully by its analysis and findings identifying two separate Russian intelligence-affiliated adversaries present in the DNC network in May 2016. ... Whether or not this [Guccifer 2.0 WordPress] posting is part of a Russian Intelligence disinformation campaign, we are exploring the documents’ authenticity and origin. Regardless, these claims do nothing to lessen our findings relating to the Russian government’s involvement, portions of which we have documented for the public and the greater security community.
Multiple prominent CrowdStrike competitors, including Mandiant and Fidelis Cybersecurity, independently confirmed CrowdStrike’s findings. One firm, ThreatConnect, laid out the evidence on both sides and put extensive energy into attempting to prove that Guccifer 2.0 is a real hacker. The firm concluded, though, that the the evidence is sketchy:
There appears to be strong, yet still circumstantial, evidence supporting the assertions that Guccifer 2.0 is part of a [denial and deception] campaign, and not an independent actor. The most compelling arguments for this conclusion are the previously identified Russian D&D campaigns, coupled with remaining questions related to Guccifer 2.0’s persona and backstory.
Similarly, Michael Buratowski, a senior vice president at Fidelis, wrote in June, “Based on our comparative analysis we agree with CrowdStrike. ... The malware samples contain data and programing elements that are similar to malware that we have encountered in past incident response investigations and are linked to similar threat actors.” He added, “We believe this settles the question of ‘who was responsible for the DNC attack.’ ”
In the wake of last week’s data leaks, Democrats are rallying behind this idea and the FBI has announced that it is investigating the hack. The Clinton campaign, which itself was also allegedly breached by Russian hackers, has said that it believes Russia was behind the hacks, and Nancy Pelosi is on board, too. An additional narrative has emerged, exploring potential ties and sympathies between Republican presidential nominee Donald Trump and Russian President Vladimir Putin. It is troubling to consider that Russia may be using hacking to impact a high-profile democratic election. As security researcher Thomas Rid wrote on Motherboard, “American inaction now risks establishing a de facto norm that all election campaigns in the future, everywhere, are fair game for sabotage—sabotage that could potentially affect the outcome and tarnish the winner’s legitimacy.”
Putin’s spokesman is refusing to comment and the Trump campaign is firmly denying any involvement or collaboration with the Russian government. Edward Snowden pointed out on Monday that the National Security Agency probably has bulk surveillance of Web traffic surrounding the hack and could likely produce independent metadata pointing to the real culprit or culprits. Snowden added, though, that the office of the Director of National Intelligence generally doesn’t weigh in or offer assistance on these types of investigations.
Importantly, though, some still have doubts about the evidence that Russia was actually behind the hacks and leaks. It wouldn’t be hard to imagine that an embarrassed Democratic Party is simply seizing on the Russian explanation as a way to distract and deflect from the deeply problematic DNC behavior exposed by the leaks. One outspoken skeptic is Jeffrey Carr, author of Inside Cyber Warfare. Before WikiLeaks published the DNC files, he wrote on Medium, “It’s important to know that the process of attributing an attack by a cybersecurity company has nothing to do with the scientific method. ... Neither are claims of attribution admissible in any criminal case, so those who make the claim don’t have to abide by any rules of evidence (i.e., hearsay, relevance, admissibility).” And even if the Russian government did hack the DNC, some, like journalist and activist Glenn Greenwald, caution against concluding too quickly that Russia invented Guccifer 2.0. They could still be separate entities.
Whoever is behind the hacks clearly wanted to see what was going down at the DNC. And the leaker seemingly wanted to inject a little chaos into the Democratic National Convention, given the timing of the WikiLeaks post. The people or groups involved in this whole debacle are certainly succeeding at stirring things up.
Previously in Slate:
“Vladimir Putin Has a Plan for Destroying the West—and It Looks a Lot Like Donald Trump,” by Frank Foer