As the Democratic National Convention continues its week-long stay in Philadelphia, accusations of Russian hacking continue to cloud the proceedings. At this point, it seems likely that Russia is responsible. What’s less clear is what that will mean going forward.
It’s been a bad stretch for the Democratic National Committee. Hackers broke into its servers months ago, stealing private emails, opposition research, and campaign correspondence. Last Friday, Wikileaks made nearly 20,000 of those private emails public, revealing embarrassing details of the political machine’s inner workings. DNC official allege that the Russian government is behind the breach. The New York Times reports that US intelligence agencies increasingly share that opinion. According to a number of top cybersecurity researchers, they’re probably right.
News of the hack of the Democratic National Committee first broke in mid-June. That’s when Crowdstrike, a firm that analyzes threats to network security, revealed that the DNC had called it in to inspect the party’s servers, where it found “two separate Russian intelligence-affiliated adversaries present in the DNC network.” Crowdstrike released a comprehensive report of its findings on June 14, which accompanied a Washington Post article detailing the attacks. One of the hacking groups, Crowdstrike found, had access to the DNC servers for almost a year.
A day after that report, someone calling themselves Guccifer 2.0 (an allusion to notorious hacker Guccifer) claimed responsibility for the hack in a blog post. Through the blog and an accompanying Twitter account, Guccifer 2.0 refuted Crowdstrike’s claims that this was a Russian operation, instead calling himself a “lone hacker.” He also claimed to have handed much of the DNC bounty to Wikileaks.
The following week, two cybersecurity firms, Fidelis Cybersecurity and Mandiant, independently corroborated Crowdstrike’s assessment that Russian hackers infiltrated DNC networks, having found that the two groups that hacked into the DNC used malware and methods identical to those used in other attacks attributed to the same Russian hacking groups.
But some of the most compelling evidence linking the DNC breach to Russia was found at the beginning of July by Thomas Rid, a professor at King’s College in London, who discovered an identical command-and-control address hardcoded into the DNC malware that was also found on malware used to hack the German Parliament in 2015. According to German security officials, the malware originated from Russian military intelligence. An identical SSL certificate was also found in both breaches.
The evidence mounts from there. Traces of metadata in the document dump reveal various indications that they were translated into Cyrillic. Furthermore, while Guccifer 2.0 claimed to be from Romania, he was unable to chat with Motherboard journalists in coherent Romanian. Besides which, this sort of hacking wouldn’t exactly be outside of Russian norms.
“It doesn’t strain credulity to look to the Russians,” says Morgan Marquis-Boire, a malware expert with CitizenLab. “This is not the first time that Russian hackers has been behind intrusions in US government, and it seems unlikely that it will be the last.” Last year Russian hackers were able to breach White House and State Department email servers, gleaning information even from President Obama’s Blackberry.
Meanwhile, the Kremlin has denied Russian involvement in the DNC breach. But the reverberations continue; DNC Chairwoman Debbie Wasserman Schultz will resign at the end of the week, after emails revealed what many view as the unfair treatment of Bernie Sanders.
As compelling as the evidence is, there’s still a small amount of room to argue that Guccifer 2.0 was a lone actor, an individual motivated by hacktivist ideals of dismantling state power. He wouldn’t be the first. And in a recent interview on NBC, Julian Assange of Wikileaks gave a soft disavowal of claims that his whistleblowing organization is in cahoots with Russian intelligence, “Well, there is no proof of that whatsoever,” he said. “We have not disclosed our source, and of course, this is a diversion that's being pushed by the Hillary Clinton campaign.”
This is, of course, the same Assange who boasts responsibility for helping find Snowden a home in Russia and Wikileaks publicly criticized the Panama Papers for implicating Putin in financial misdeeds. He's also an outspoken frequent critic of Hillary Clinton’s time at the State Department. A damning document dump the weekend before Clinton’s nomination arguably aligns with both Russian interests and his own.
If the allegations do prove correct, this is an unprecedented step for Russia. Hacking is nothing new, but publicizing documents to attempt to sway an election certainly is. Putin would clearly prefer a Trump presidency. The billionaire Republican candidate is a longtime admirer of Putin’s, and has publicly stated that he wouldn't necessarily defend NATO allies against a Russian invasion. To top it all off, Trump’s campaign manager, Paul Manafort, formerly worked as an advisor to Viktor Yanukovych, the Russian-backed President of Ukraine before he was ousted in 2014.
“Due to the nature and timing of this hack, it all seems very political,” says Marquis-Boire.
And there’s a whole lot of election left---and likely more leaks to come with it. On Sunday, a Twitter user asked Wikileaks if more DNC leaks were on their way. The reply: “We have more coming.”
Update: In a press conference Wednesday, Republican presidential candidate Donald Trump invited Russia to retrieve "missing" emails from Hillary Clinton's campaign and release them. Cybersecurity experts described the remarks as "unprecedented" and "possibly illegal."
