The news that the Democratic National Committee has been infiltrated by foreign hackers is deeply disturbing. Regardless of specific material in the documents that have been published by Wikileaks (addressed later), the timing of the leak, immediately following the Republican nominating convention and preceding the Democratic one, appears to be the disruption of the nomination of Hillary Clinton, likely designed to nullify her predicted post-convention “bump” and to ultimately lead to the election of Donald Trump.
If the Russian government is directly responsible for this crime, it would be a clear attempt for a foreign power to directly influence an upcoming election — a serious allegation.
And as we’ll see, a review of the evidence leaves little room for doubt as to the identity of the culprits — Vladimir Putin’s spy networks. Furthermore, this hack also suggests that the Wikileaks network itself is either a direct Russian intelligence asset or is working toward furthering the same ends.
Multiple independent analyses of the DNC hack, by disparate cyber security firms and by the FBI itself, point the finger squarely at Putin.
According to a report published by The Daily Beast, sources within the FBI say that the Russian government is the prime suspect in this attack. Other US officials have gone further and have openly stated that the hacks benefit Clinton’s opponent, Donald Trump, who has deep ties with Russia:
Officials also noted Trump’s own connections to the Russian government. Putin has publicly praised the nominee, who said he was “honored” by the compliment. Trump’s campaign manager, Paul Manafort, was a consultant for Viktor Yanukovych, the former president of Ukraine who was ousted for his pro-Moscow orientation (and now lives in Russia). One of Trump’s top national security advisers, retired Army Gen. Michael Flynn, sat with Putin at a dinner celebrating the 10th anniversary of Kremlin-backed media network RT and was paid to give a speech at the event; Flynn later retweeted an anti-semitic message that called into question any Kremlin-Trump link. Another Trump adviser, Carter Page, recently denounced America’s “often-hypocritical focus on democratization” while in Moscow. And last week, Trump said that he might not come to the aid of U.S. NATO allies in the face of Russian aggression unless they paid what he thinks they owe for Europe’s common defense.
Officials also thought it was telling that the emails were given to WikiLeaks, which is perceived as being hostile to the U.S. government. “This wasn’t surprising to us,” said one U.S. official familiar with the investigation.
FBI Suspects Russia Hacked DNC; U.S. Officials Say It Was to Elect Donald Trump
TARGET ACQUIRED The FBI suspects that Russian government hackers breached the networks of the Democratic National Committee and stole emails that were posted to the anti-secrecy site WikiLeaks on Friday. It's an operation that several U.S. officials now suspect was a deliberate attempt to influence the presidential election in favor of Donald Trump, according to five individuals familiar with the investigation of the breach.
These officials are all but coming straight out and saying that the Russian government is actively attempting to swing the US election in favor of Donald Trump. One would assume that they have access to information which is not public, but separate analyses of the information that is available also backs up this claim.
Evidence strongly implicates the Kremlin, not the cover story
Perhaps the best analysis of the technical aspects of the hack has been written by Thomas Rid. Rid looks at three specific issues: can the hackers be traced back to the Russian government, does Wikileaks’ version of the story add up, and does the hack fit the pattern of actions taken by the Russian government.
First, Rid looks to the forensic evidence surrounding the hack itself, and notes that the evidence linking the attacks to the Russian government are very strong:
The forensic evidence linking the DNC breach to known Russian operations is very strong. On June 20, two competing cybersecurity companies, Mandiant (part of FireEye) and Fidelis, confirmed CrowdStrike’s initial findings that Russian intelligence indeed hacked Clinton’s campaign. The forensic evidence that links network breaches to known groups is solid: used and reused tools, methods, infrastructure, even unique encryption keys. For example: in late March the attackers registered a domain with a typo—misdepatrment[.]com—to look suspiciously like the company hired by the DNC to manage its network, MIS Department. They then linked this deceptive domain to a long-known APT 28 so-called X-Tunnel command-and-control IP address, 45.32.129[.]185.
One of the strongest pieces of evidence linking GRU to the DNC hack is the equivalent of identical fingerprints found in two burglarized buildings: a reused command-and-control address—176.31.112[.]10—that was hard coded in a piece of malware found both in the German parliament as well as on the DNC’s servers. Russian military intelligence was identified by the German domestic security agency BfV as the actor responsible for the Bundestag breach. The infrastructure behind the fake MIS Department domain was also linked to the Berlin intrusion through at least one other element, a shared SSL certificate.
This contrasts sharply with the account of the attack put forth by Wikileaks. As Rid explains, in June, following the initial news that two hacking groups, both backed by separate Kremlin intelligence agencies, hacked the DNC, a counter-narrative soon formed that a “lone hacker,” Guccifer 2.0, was responsible for the hacks, and he eventually shared the fruits of his cyber crimes with Wikileaks. However, as Rid explains, there are reasons to believe that Guccifer 2.0 is just a cover story for the activities of the Russian military intelligence service, the GRU:
The metadata in the leaked documents are perhaps most revealing: one dumped document was modified using Russian language settings, by a user named “Феликс Эдмундович,” a code name referring to the founder of the Soviet Secret Police, the Cheka, memorialised in a 15-ton iron statue in front of the old KGB headquarters during Soviet times. The original intruders made other errors: one leaked document included hyperlink error messages in Cyrillic, the result of editing the file on a computer with Russian language settings. After this mistake became public, the intruders removed the Cyrillic information from the metadata in the next dump and carefully used made-up user names from different world regions, thereby confirming they had made a mistake in the first round.
Then there is the language issue. “I hate being attributed to Russia,” the Guccifer 2.0 account told Motherboard, probably accurately. The person at the keyboard then claimed in a chat with Motherboard’s Lorenzo Franceschi-Bicchierai that Guccifer 2.0 was from Romania, like the original Guccifer, a well-known hacker. But when asked to explain his hack in Romanian, he was unable to respond colloquially and without errors. Guccifer 2.0’s English initially was also weak, but in subsequent posts the quality improved sharply, albeit only on political subjects, not in technical matters—an indication of a team of operators at work behind the scenes.
This means that Wikileaks likely did not receive the leaked documents via Guccifer, or if they did then that account was just passing along the information as part of the Russian intelligence op. Either way, Wikileaks published information that global security services said was illegally obtained by a state-run cyber attack:
All Signs Point to Russia Being Behind the DNC Hack
Written by Thomas Rid In the wee hours of June 14, the Washington Post revealed that "Russian government hackers" had penetrated the computer network of the Democratic National Committee. Foreign spies, the Post claimed, had gained access to the DNC's entire database of opposition research on the presumptive Republican nominee, Donald Trump, just weeks before the Republican Convention.
Rid also cites other work by different security firms which bolster the Kremlin hypothesis.
But the DNC hack described above did not happen in isolation. According to Yahoo! News, DNC consultant Alexandra Chalupa was targeted by hackers once she began an investigation into Donald Trump’s campaign chairman Paul Manafort and his political and business ties to Russia. Once Chalupa started to coordinate with sources in Ukraine and began to email her colleagues about Manafort’s Russia dealings, she began to receive notifications from Yahoo! that her account may have been the target of “state sanctioned” cyberattacks:
Chalupa’s message, which had not been previously reported, stands out: It is the first indication that the reach of the hackers who penetrated the DNC has extended beyond the official email accounts of committee officials to include their private email and potentially the content on their smartphones. After Chalupa sent the email to Miranda (which mentions that she had invited this reporter to a meeting with Ukrainian journalists in Washington), it triggered high-level concerns within the DNC, given the sensitive nature of her work. “That’s when we knew it was the Russians,” said a Democratic Party source who has knowledge of the internal probe into the hacked emails. In order to stem the damage, the source said, “we told her to stop her research.”
A Yahoo spokesman said the pop-up warning to Chalupa “appears to be one of our notifications” and said it was consistent with a new policy announced by Yahoo on its Tumblr page last December to notify customers when it has strong evidence of “state sponsored” cyberattacks. “Rest assured we only send these notifications of suspected attacks by state-sponsored actors when we have a high degree of confidence,” wrote Bob Lord, the company’s Chief Information Security Officer, in the Tumblr post.
Exclusive: Hacked emails of DNC 'oppo researcher' point to Russians – and wider penetration
Just weeks after she started preparing "oppo" – opposition – research files on Donald Trump's campaign chairman Paul Manafort last spring, Democratic National Committee consultant Alexandra Chalupa got an alarming message when she logged into her personal Yahoo email account. "Important action required," read a pop-up box from a Yahoo security team that is informally known as "the Paranoids."
Means, motive, and opportunity
The Russian government’s love for cyberwar, hacking, and online disinformation campaigns is well established, and all three appear to have come together for this mission.
The Interpreter’s editor-in-chief Michael Weiss has written a history of Russian “active measures” — disinformation campaigns designed specifically at altering the course of politics beyond Russia’s borders. “The style and purpose of this intrusion bears an uncanny resemblance to old Cold War tradecraft,” Weiss warns. He also notes that, while this hack appears to be “the boldest intrusion ever by a past and present Cold War adversary into America’s political decision-making,” other recent Russian government “active measures” against Germany and Ukraine suggest that the Kremlin is once again revisiting these tactics:
Putin's Wicked Leaks Didn't Start With the DNC
Lord Byron once observed, in skewering one of his favorite poetic targets of derision, that while the English have no word so good as the French longueurs to describe tedious, uninterrupted stretches of writing, they nevertheless "have the thing."
Meanwhile, back at the troll farm…
But an observation by another expert on Russian disinformation suggests that the Kremlin’s disinformation arsenal is now trained on the US elections.
A must-read article for anyone seeking to understand Russia’s disinformation campaign is called “The Agency,” written by Adrian Chen for New York Times Magazine. Chen profiles, in great detail, the inner workings of the now-infamous ‘Kremlin Troll Farm‘ in St. Petersburg.
But at 10 minutes after 9 p.m., still no crowd had entered or left 55 Savushkina. Finally, around 9:30, a group of five young people approached the building and walked inside. Savchuk perked up, grabbed the camera and began to film the scene.
Chen is once again making headlines for some of his observations which appear to be particularly relevant in light of the DNC hack.
In December 2015 Chen, who follows pro-Kremlin internet trolls, gave an interview in which he noted that many of them were now changing their formats to openly support then-GOP-frontrunner Donald Trump:
In other words, the Kremlin is converting its troll army to focus on electing Donald Trump.
Furthermore, few Russia experts doubt that the Putin regime really wants Donald Trump to win. Even The Guardian, which has worked with Wikileaks in the past, has to admit that Trump advocates positions that are in line with the Kremlin’s, while Clinton would oppose the Kremlin on several key issues:
Putin is surely supporting Trump, whether or not Russia backed DNC hack
Allegations that the Kremlin is responsible for the damaging hack of Democratic National Committee emails may never be conclusively proven, but there is plenty of evidence suggesting that Donald Trump's presidential bid can count on at least some backing from Moscow.
Besides expressing mutual admiration for each other, Trump has recently made statements that suggest that if he were to be elected the NATO alliance could be re-imagined. In particular, in an interview with David Sanger of The New York Times, Trump opened the question of whether he would abide by the NATO treaty if Putin attacked an ally. Sanger said that some of the Baltic states are concerned about the state of the alliance, and far from assuaging those concerns, Trump exacerbated them:
SANGER: I was just in the Baltic States. They are very concerned obviously about this new Russian activism, they are seeing submarines off their coasts, they are seeing airplanes they haven’t seen since the Cold War coming, bombers doing test runs. If Russia came over the border into Estonia or Latvia, Lithuania, places that Americans don’t think about all that often, would you come to their immediate military aid?
TRUMP: I don’t want to tell you what I’d do because I don’t want Putin to know what I’d do. I have a serious chance of becoming president and I’m not like Obama, that every time they send some troops into Iraq or anyplace else, he has a news conference to announce it.
SANGER: They are NATO members, and we are treaty-obligated ——
TRUMP: We have many NATO members that aren’t paying their bills.
SANGER: That’s true, but we are treaty-obligated under NATO, forget the bills part.
TRUMP: You can’t forget the bills. They have an obligation to make payments. Many NATO nations are not making payments, are not making what they’re supposed to make. That’s a big thing. You can’t say forget that.
SANGER: My point here is, Can the members of NATO, including the new members in the Baltics, count on the United States to come to their military aid if they were attacked by Russia? And count on us fulfilling our obligations ——
TRUMP: Have they fulfilled their obligations to us? If they fulfill their obligations to us, the answer is yes.
As The Atlantic reports, some NATO leaders took to social media to blast the comments. As far as some of them are concerned, Trump was right when he said “I think Putin and I will get along very well,” but only because they believe Putin wants to gobble up Eastern Europe and they doubt Trump would stop him:
Donald Trump's NATO Remarks Stuns U.S. Allies
Donald Trump's apparent rejection of the cornerstone of global security after World War II has stunned U.S. partners in the alliance. For us to continue writing great stories, we need to display ads. Please select the extension that is blocking ads. Please follow the steps below Updated at 10:21 a.m.
Trump’s response, and other even more concerning comments made by Trump supporter Newt Gingrich about Estonia, prompted Michael Weiss to write that “the Donald might be talking tough, but he’s on his knees in front of Russia if he betrays the Western alliance. And that’s what he’s doing.”
Without specifying what these obligations are, Trump declines to say when the answer might be “no” or whether or not, as president, he’d endorse an Article V resolution to rescue Estonia, Latvia, or Lithuania if “little green men” or paratroopers or Spetsnaz descended upon them.
I think we can be reasonably assured that he would not, given what one of his GOP cheerleaders, prospective vice presidential consideration and mind-melded anti-Muslim bigot Newt Gingrich has just told CBS This Morning: “Estonia is in the suburbs of St. Petersburg… I’m not sure I would risk nuclear war.”
Is Maine in the suburbs of Quebec? It may soon wish it was, depending on how Nov. 8 shakes out. But there is no understating what is now happening: A political party that once campaigned almost exclusively on American power projection and national security has just given license to a revanchist adversary to sow mischief across its borders and face no serious repercussions.
Donald Trump Is Sucking Up and Selling Out to Putin
Not long ago, I was sitting with the foreign minister of a European NATO country and thought I might, after a long discussion on Russia, Ukraine, ISIS, and Syrian refugees, bring up the subject of Donald J. Trump.
In Europe, far-right politicians have championed Euroskepticism and have been vocally opposed to efforts to stand up to Russia or its ally in the Middle East, Bashar al-Assad. Trump’s misguided statements that we should “let Russia fight ISIS,” when in fact Russia is bombing groups that are fighting the so-called Islamic State, is another area where the GOP candidate and the Russian president agree.
Contrast this with Hillary Clinton. Clinton favors a more robust NATO, has vocally opposed Russian expansionism, and has advocated a more aggressive approach toward Russia’s allies in the Middle East. Her choice for Vice President, Tim Kaine, has been referred to as a “foreign policy heavyweight” at a time when the Republican nominee is intensely isolationist, and has advocated the establishment of a no-fly zone in Syria as recently as October:
Syria activists cheer Kaine pick
Supporters of a more interventionist Syria policy are cheering 's pick of Sen. (D-Va.) for vice president. "In March 2014, Senator Tim Kaine (now Hillary's VP) stood with us in the freezing cold at the Capitol to remember the thousands and thousands of children killed in Syria, mostly by Assad's barrel bombs," wrote Kenan Rahmani, a Syrian-American activist and law school graduate on his Facebook page.
Even some foreign policy experts who are Clinton critics have written with alarm at the actions taken by the Russian government.
John Schindler, former National Security Agency analyst and counterintelligence officer and an ardent critic of Hillary Clinton, has written a scathing report for Observer, stating that “by stepping into the middle of our Presidential race, the obvious Russian front has outed themselves.” Schindler writers that the content of the DNC leaks make Clinton look bad an add to the narrative that she is dishonest and someone who is untrustworthy. In other words, the hack appears specifically designed to echo Trump talking points:
On the eve of the four-day Democratic convention extravaganza, this data-dump could not have been timed better to damage Hillary and her efforts to move back into the White House this November. Although it’s doubtful that leaked RNC internal emails would make any more pleasant a read for the public, Clinton will emerge from this tarred with the indelible brush of corruption and collusion with her party’s leadership to fix the Democratic presidential nomination.
Wikileaks has delivered as promised on its public threats of damaging Team Clinton with hacked emails. Although the DNC can’t deny that many of the leaked messages appear authentic—they wouldn’t have forced the chair’s resignation if they were fake, obviously—there remains the important question of how the vaunted “privacy organization” got its hands on them.
The most damaging aspect to the DNC leak is the certainty that Moscow has placed disinformation—that is, false information hidden among facts—to harm the Democrats and the Clinton campaign. Disinformation is a venerable Russian spy trick that can be politically devastating to its target.
Disinformation is most effective when it plays upon essential truths. Since Hillary really is corrupt and less than honest, and the DNC actually has done her bidding in shady ways, lies that amplify those themes will be readily believed by many Americans. It’s obvious that Moscow prefers Trump over Clinton in this election, which ought not surprise given the important role of Putin-friendly advisors in the Trump campaign, and what better way to help is there than to discredit Team Clinton?
Wikileaks Dismantling of DNC Is Clear Attack by Putin on Clinton
The recent Wikileaks dump of 20,000 emails belonging to the Democratic National Committee has caused political sensation and scandal on a grand scale. These internal communications reveal nothing flattering about the DNC or Hillary Clinton, who is set to be anointed as the Democrats' presidential nominee at their party convention in Philadelphia that gets underway with fanfare today.
The Russian government had the means, motive, and opportunity to conduct this attack, and the evidence places them at the scene of the crime. The attack represents a dramatic escalation in the lengths it is willing to go to steer the international political landscape. Putin’s propaganda machine openly supported UK’s vote to leave the European Union, and now Putin is working to ensure that, come November, the American people pick someone whom he can “get along” with.
The question remains whether the plan will work.
For a look at how the Russian media is covering this story, see our separate analysis here:
Russia's Election Coverage: Muted At Home, Biased Abroad
When Russian hackers were reported to have broken into the computers of the Democratic National Committee on June 14, the Russian media – state, pro-Kremlin and independent – covered the event, but briefly, and using only Western media reports