Intelligence officials have 'high confidence' Russian gov hacked DNC

News by Max Metzger

Highly placed intelligence officials are pretty sure that the hackers who breached the Democratic party just over a month ago were backed by the Russian government.

American intelligence officials believe with ‘high confidence' that the Russian government is behind the recent hack of the Democratic National Committee (DNC), the US Democratic Party's governing body.

The New York Times reported the revelation yesterday, adding that intelligence officials uttered the claim in a briefing with the White House.

Its sources were unsure whether the release of documents were, as some have claimed, an attempt to swing the presidential election in the favour of Donald Trump, the Republican presidential nominee.

The hack produced several embarrassing results for the DNC. The first was the publication of a dossier on Donald Trump, detailing the various ways the Republican candidate might be publicly attacked. With that was a spreadsheet of various donors to the Democratic Party and the Clinton campaign.

The real hammer blow however came on 21 July when the leaker database, Wikileaks, published nearly 20,000 emails from internal DNC servers which showed clear bias and even an attempt to manipulate the Democratic primaries between Hillary Clinton and her outsider opponent Bernie Sanders.

The revelations elicited outrage across the political spectrum and resulted in the resignation of Debbie Wasserman-Schultz, the chairperson of the DNC. At this week's Democratic National Convention, where Hillary Clinton was crowned the party's candidate for President, heavy tension was noted from left-leaning Sanders supporters who booed pro-Clinton speakers.

Donald Trump made much of the scandal, capitalising on his reputation as a foil to corrupt Washington elites, by saying of the Democratic party, “the system's rigged” and courting Sanders voters to move to his camp.

Figures within the Clinton campaign were quick to float the idea that this may be a way for Russian premier Vladimir Putin to swing votes away from Clinton, a noted international adversary, and towards Trump, a man who has long expressed his admiration for Putin and cited their mutual hostility towards NATO.

Robby Mook, the head of Clinton's campaign told ABC news, "Experts are telling us that Russian state actors broke into the DNC, took all these emails and now are leaking them out through these websites.”

Mook continued: “It's troubling that some experts are now telling us this was done by the Russians for the purpose of helping Donald Trump.”

In specific contention here is Article 5, the central NATO principle, which calls for collective defence. That is to say, if one member is attacked, then all will assist that member against the hostile force. It's something that both men have expressed scepticism or even hostility to.

Ewan Lawson, a fellow at the Royal United Services Institute and expert in cyber-warfare, gave some insight on the matter. He told, “Foreign powers interfering in elections is nothing new but arguably this is one of the first times when this has been enabled by cyber.”

“In the case of the US election it is perhaps significant that Trump has indicated that he would not support an Article 5 response by NATO in the case of a country that doesn't reach NATOs two percent defence spending target. Undermining Article 5 seems to be a part of Russian strategy at present and therefore a Trump presidency with all that entails could well be in Russia's interests.”

The Trump campaign was quick to brush off such accusations, with Donald Trump himself calling the connection “the new joke in town” on his ever-combative Twitter stream.

A hacker named Guccifer 2.0 initially claimed responsibility for the hack saying in a blogpost, “This is my personal project and I'm proud of it”. However, Crowdstrike, who were called in by the DNC after the initial disclosure of the counter-dossier on Trump, came to the conclusion that two Russian linked APT groups were responsible.

Although both are known by a number of names, Fancy Bear and Cozy Bear are considered two of the premier APT groups in the world. Other cyber-security experts, like those at Fireeye, backed that choice of attribution.

Lawson told SC that APT 28 “operates with many of the technical characteristics of a state actor. For example, they were also linked to the attack on TV5 Monde which was originally claimed by the Cyber Caliphate. The suggestion is that this group and possibly others are used by elements of the Russian state to undertake activity in a way that allows plausible deniability.”

An interview on with Jack Goldsmith, a Harvard Law school professor, former member of George W. Bush's Justice Department as well as an expert in 21st century warfare, was released on Monday. Goldsmith put it plainly that although it might look as though Russian hands were pulling the strings here, that doesn't constitute a solid case.

He told Slate: “I have no basis to question these reports. But the truth is that there is no public evidence whatsoever tying Russia to the hack.”

Attribution is typically a difficult job, particularly because cyber-warfare typically inhabits the realms of espionage and those who engage in it try their best to leave as little evidence as possible.

Furthermore, when we say ‘Russia' what exactly do we mean?  The Russian state is notorious for its use of proxies on the cyber-battlefield as well as the real one.

Jarno Limnéll, a former military man and professor of cyber-security at Aalto University in Finland told SC that a pronounced feature of the Russo-Ukrainian conflict “has been the role of non-state ‘proxy' hacker groups. Some of them have acted by their own, some likely in the guidance of government.”

One reason for using proxies, said Limnéll, “has been that the war has not appeared to the need to mobilise the most sophisticated state´s cyber capabilities. Political incentive for states to use proxies can be summed up by the concept of ‘plausible deniability'.”

One of the largest shows of Russian cyber-hostility still left little hard evidence of culpability. In 2007, when a Soviet era memorial in Estonia's capital Tallinn was removed, the small country suffered a  full cyber-assault. A flood of DDoS attacks targeting public institutions caused chaos in the country.

When the smoke cleared, Russia was considered the first suspect. Clearly, the scale and power of the attacks outstripped that of your garden variety cyber-criminal or hacktivist; only a nation state could deploy an assault of this power. But it was a pro-Kremlin youth group, Nashi, that came forward to claim responsibility, saying they acted in service of but not directed by the Kremlin.  It is still not clear where the attack came from.

Much like the DNC hack this may have come from within the state apparatus, but independent of the orders of that state apparatus. We may never know.


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews