By now, it’s pretty clear that Russian hackers are responsible for breaches of the Democratic National Committee networks that occurred last summer and in April of this year ― several forensic security firms have found evidence that traces the breach back to Russia. Now that DNC emails harvested during the breaches are starting to appear on Wikileaks, pundits are speculating that Russia leaked the emails in a bid to land Donald Trump in the Oval Office.But is the email leak also attributable to hackers on Russia’s government payroll?
A new analysis released by security consulting firm ThreatConnect has marshaled more evidence to prove that hackers linked to the Russian government communicated with journalists about the leaked documents.
A hacker set up a website and Twitter account to take credit for the DNC breach soon after it was initially reported, calling himself Guccifer 2.0 (a moniker modeled after aRomanian hacker who is recently pleaded guiltyto hacking American political operatives).That claim shed doubt on initial reports from The Washington Post and others that laid the responsibility for the breach squarely at the feet of organizations with ties to the Russian government and its president, Vladimir Putin. But ThreatConnect’s research suggests that Guccifer 2.0 is simply an invention of the Russian government to deflect attention from its involvement in the breach.
The ideathata non-governmental actor pursuing a personal political agenda could hackthe DNC and potentially sway an election is bad enough, an act of cyberwarfare by a foreign state is arguably much worse.
“Guccifer 2.0 has been part of a Russian denial and deception program,” said Toni Gidwani, director of research operations at ThreatConnect on a conference call today. Gidwani believes that the Russian hack may have initially been intended for low-level intel that could be used to support Russian narratives about the U.S., but morphed into an attempt to influence the U.S. presidential election.
Atthe outset, the Guccifer 2.0 releases were following that pattern. Gidwani characterized the information leaked had very little impact on the U.S. news cycle, but became great agit-prop tools in Russia, whose state-affiliated news agencies picked up on each morsel as yet another example of the cornucopia of electoral corruption in the decadent West.
It’s not just the technical nature of the leaks themselves that have some outlets saying Russia’s fingerprints were all over this hack.
An investigative report from Yahoo released yesterday indicates that one of the hack’s earliest targets was DNC consultant Alexandra Chalupa , who was conductingopposition research on Donald Trump’s campaign adviser Paul Manafort, who allegedly made millionsworking as a campaign adviser for the now-ousted former Ukrainian president (and ostrich lover), Viktor Yanukovych .
Quotingan email Chalupa sent to the DNC ― released as part of theWikileaksdata dump―Yahoo reports that Chalupa began receiving security notices informing her that her email account was being targeted by state actors:“Since I starteddigging into Manafort, these messages have been a daily occurrence on my Yahoo account despite changing my password often,” [Chalupa]wrote in a May 3 email to Luis Miranda , the DNC’s communications director, which included an attached screengrab of the image of the Yahoo security warning.
Why is Russia so involved? The theory among some Democrats and left-leaning news outlets is that Russian President Vladimir Putin would (unsurprisingly) prefer to deal with an isolationist-minded President Trump than a more hawkish (andmuch less friendly) President Clinton and is using cybercrime as a way to influence the U.S. election. The New York Times alsoraised the specter of Russian involvement.
“What happened over the weekend started to move us toward this middle course of action. … This game-changer scenario ofRussia trying to influence the results of a U.S. election,” said Gidwani of the Wikileaks release, the resulting resignation of DNC chairwoman Debbie Wasserman Schultz, and the attendant chaos that resulted over the weekend and on a divisive first night of the Democratic National Convention in Philadelphia.
But other security experts saythat a sloppy email leak, filled with evidence of Russian involvement, would be uncharacteristic for the country’s sophisticated spy agencies.“There’s the breach and then there’s someone leaking emails to Wikileaks. Those two things don’t necessarily have anything to do with each other,” said Oren Falkowitz, CEO ofthe security firm Area 1 and a former NSA analyst. “The most salacious emails go back to a different time in the campaign. To release them at the beginning of the [general election] campaign isn’t consistent with a nation state’s objective to change the outcome.”
The most contentious DNC emails released so far trashed Bernie Sanders’ campaign as “a mess,” and Falkowitz points out these messages could have had a stronger impact if released during the primary race.“They probably would have released it when it was really tight between Hillary and Bernie,” he said, adding, “To think the [Russian security service] FSB would not recognize the difference in impact of timing there is ridiculous. It’s spurious to say they’re trying to influence the election, and if they are, they are doing a really shitty job. You’re talking about one of the premier intelligence organizations in the world.” However, if Russia is behind the email leak,this wouldn’t b