2016 Postmortem
Related: About this forumRussian government hackers penetrated DNC, stole opposition research on Trump
Russian government hackers penetrated DNC, stole opposition research on Trump
Russian goverment hackers penetrated the Democratic National Committee and had access to the DNC network for about a year, but all were expelled over the past weekend, officials say. (Kacper Pempel/Reuters)
By Ellen Nakashima National Security
June 14 at 11:30 AM
Russian government hackers penetrated the computer network of the Democratic National Committee and gained access to the entire database of opposition research on GOP presidential candidate Donald Trump, according to committee officials and security experts who responded to the breach.
The intruders so thoroughly compromised the DNCs system they also were able to read all e-mail and chat traffic, said DNC officials and the security experts.
The intrusion into the DNC was one of several targeting American political organizations. The networks of presidential candidates Hillary Clinton and Donald Trump were also targeted by Russian spies, as were the computers of some GOP political action committees, U.S. officials said. But details on those cases were not available.
Some of the hackers had access to the DNC network for about a year, but all were expelled over the past weekend in a major computer clean-up campaign, the committee officials and experts said.
The DNC said that no financial, donor or personal information appears to have been accessed or taken, suggesting that the breach was traditional espionage, not the work of criminal hackers.
The intrusions are an example of Russias interest in the U.S. political system and its desire to understand the policies, strengths and weaknesses of a potential future president much as American spies gather similar information on foreign candidates and leaders.
The depth of the penetration reflects the skill and determination of the United States top cyber adversary as Russia goes after strategic targets from the White House and State Department to political campaign organizations.
Its the job of every foreign intelligence service to collect intelligence against their adversaries, said Shawn Henry, president of CrowdStrike, the cyber firm called in to handle the DNC breach and a former head of the FBIs cyber division. He noted that it is extremely difficult for a civilian organization to protect itself from a skilled and determined state such as Russia.
Were perceived as an adversary of Russia, he said. Their job when they wake up every day is to gather intelligence against the policies, practices and strategies of the U.S. government. There are a variety of ways. [Hacking] is one of the more valuable because it gives you a treasure trove of information.
The purpose of such intelligence gathering is to understand the targets proclivities, said Robert Deitz, former senior councillor to the CIA director and a former general counsel at the National Security Agency. Trumps foreign investments, for example, would be relevant to understanding how he would deal with countries where he has those investments should he be elected, Deitz said. They may provide tips for understanding his style of negotiating. In short, this sort of intelligence could be used by Russia, for example, to indicate where it can get away with foreign adventurism.
Other analysts noted that any dirt dug up in opposition research is likely to be made public anyway. Nonetheless, DNC leadership acted quickly after the intrusions discovery to contain the damage.
The security of our system is critical to our operation and to the confidence of the campaigns and state parties we work with, said Rep. Debbie Wasserman Schultz (D-Fla.), the DNC chairwoman. When we discovered the intrusion, we treated this like the serious incident it is and reached out to CrowdStrike immediately. Our team moved as quickly as possible to kick out the intruders and secure our network.
The Clinton campaign did not immediately respond to a request for comment. A spokeswoman for the Trump campaign referred questions to the Secret Service.
DNC leaders were tipped to the hack in late April. Chief executive officer Amy Dacey got a call from her operations chief saying that their information technology team had noticed some unusual network activity.
Its never a call any executive wants to get, but the IT team knew something was awry, Dacey said. And they knew it was serious enough that they wanted experts to investigate.
That evening, she spoke with Michael Sussmann, a DNC lawyer who is a partner with Perkins Coie in Washington. Soon after, Sussmann, a former federal prosecutor who handled computer crime cases, called Henry, whom he has known for many years.
The firm identified two separate hacker groups, both working for the Russian government, that had infiltrated the network, said Dmitri Alperovitch, CrowdStrike co-founder and chief technology officer. The firm had analyzed other breaches by both groups over the last two years.
One group, which CrowdStrike had dubbed Cozy Bear, had gained access last summer and was monitoring the DNCs email and chat communications, Alperovitch said.
The other, which the firm had named Fancy Bear, broke into the network in late April and targeted the opposition research files. It was this breach that set off the alarm. The hackers stole two files, Henry said. And they had access to the computers of the entire research staff an average of about several dozen on any given day.
The computers contained research going back years on Trump. Its a huge job to dig into the dealings of somebody who has never run for office before, Dacey said.
CrowdStrike is not sure how the hackers got in. The firm suspects they may have targeted DNC employees with spearphishing emails. These are communications that appear legitimate often made to look like they came from a colleague or someone trusted but that contain links or attachments that when clicked on deploy malicious software that enables a hacker to gain access to a computer. But we dont have hard evidence, Alperovitch said.
The lack of coordination is not unusual, he said. Theres an amazing adversarial relationship among the Russian intelligence agencies, Alperovitch said. We have seen them steal assets from one another, refuse to collaborate. Theyre all vying for power, to sell Putin on how good they are.
The two crews have superb operational tradecraft, he said. They often use previously unknown software bugs known as zero-day vulnerabilities to compromise applications. In the DNCs case, the hackers constantly switched tactics to maintain a stealthy presence inside the network and used built-in Windows tools so that they didnt have to resort to malicious code that might trigger alerts. They flew under the radar, Alperovitch said.
This is a sophisticated foreign intelligence service with a lot of time, a lot of resources, and is interested in targeting the U.S. political system, Henry said. He said the DNC was not engaged in a fair fight. Youve got ordinary citizens who are doing hand-to-hand combat with trained military officers, he said. And thats an untenable situation.
Russia has always been a formidable foe in cyberspace, but in the last two years theres been a thousand-fold increase in its espionage campaign against the West, said Alperovitch, who is also a senior fellow at the Atlantic Council. They feel under siege.
Edited to conform to copyright guidelines.
https://www.washingtonpost.com/world/national-security/russian-government-hackers-penetrated-dnc-stole-opposition-research-on-trump/2016/06/14/cf006cb4-316e-11e6-8ff7-7b6c1998b7a0_story.html
yeoman6987
(14,449 posts)NWCorona
(8,541 posts)yeoman6987
(14,449 posts)I blame them more then Debbie or anyone else. The it department waited a year to put updated security measures in even after the Bernie story regardless of true or false. That is when updates should have been implemented.
RandySF
(58,768 posts)JRLeft
(7,010 posts)Wilms
(26,795 posts)RandySF
(58,768 posts)AgingAmerican
(12,958 posts)RandySF
(58,768 posts)And Blane you for it.
Matt_in_STL
(1,446 posts)The DNC freaked out when Bernie asked for an independent investigation and then dropped everything. Meanwhile, at the same time, the Russians were already in the system (which an investigation might have identified). DWS and her incompetency on full display.
NWCorona
(8,541 posts)JudyM
(29,233 posts)tex-wyo-dem
(3,190 posts)floppyboo
(2,461 posts)IT
Chief Technology Officer
Nathaniel Pearlman
Founder and chairman of NGP Software, Inc. Before founding NGP Software, Inc., Pearlman designed several nationally known software packages for other DC-based political technology firms. Degree in computer science from Yale and taught American politics and statistics while a doctoral student at MIT.
Director of IT Bryan Pagliano
Prior to joining the Clinton team, Pagliano was infrastructure team lead at Community IT Innovators for over seven years through to Aug. 2006. University of Maryland - Robert H. Smith School of Business, 2007. B.A. in political science from Emory University, 1998.
Great team! Go Hillary!
bunnies
(15,859 posts)Because none of the establishment Dems seem to have a goddamn clue.
lumberjack_jeff
(33,224 posts)bunnies
(15,859 posts)eastwestdem
(1,220 posts)chascarrillo
(3,897 posts)Octafish
(55,745 posts)In somebody's basement?
Must have been uh a trap.
FSogol
(45,476 posts)JudyM
(29,233 posts)All I can say is
NCTraveler
(30,481 posts)NWCorona
(8,541 posts)That's why IMHO he has become very scripted and has even taken to using teleprompters.
rbrnmw
(7,160 posts)when reading his teleprompter.
NWCorona
(8,541 posts)Maru Kitteh
(28,339 posts)lumberjack_jeff
(33,224 posts)NWCorona
(8,541 posts)I wonder about the financials more than anything. A year is a long time to have unlimited access.
randome
(34,845 posts)Well, that was interesting.
NWCorona
(8,541 posts)I would think the Russians got them too.
randome
(34,845 posts)I'd prefer that DWS be gone, too, but this story doesn't -and shouldn't- have anything to do with that, imo.
NWCorona
(8,541 posts)I kinda agree with you on DWS but as others have said. There should have been a full security assessment after the database incident.
bemildred
(90,061 posts)Orsino
(37,428 posts)DJ13
(23,671 posts)You should keep your eyes open with your bills.