Russian government hackers broke into the servers of the
Democratic National Committee and stole a massive trove of data, including all
opposition research into GOP presidential candidate Donald Trump and almost a
year's worth of private e-mail and chat messages, according to committee
officials and security experts who responded to the breach on Tuesday (June 14).
Researchers with Crowdstrike, the security firm DNC
officials hired to investigate and contain the breach, determined the
intrusions were carried out by two separate hacker groups that both worked for
the Russian military intelligence organization. One, dubbed Cozy Bear, gained
access last summer and has been monitoring committee members' e-mail and chat
communications. The other is known as Fancy Bear and is believed to have broken
into the network in late April. It was the latter intrusion that obtained the
entire database of Trump opposition and later tipped off IT team members the
network may have been breached.
The U.S. government, however, has not yet determined that
the hackers who breached the server are connected to the Russian government.
According to Crowdstrike, Cozy Bear was the same group that
in 2014 successfully infiltrated unclassified networks used by the White House,
the State Department, and the Joint Chiefs of Staff. They reportedly have also
hacked numerous corporations and businesses in the defense, energy,
manufacturing and other industries. Fancy Bear has been in operation since
2000.
The networks of presidential candidate Hillary Clinton was
also targeted by Russian spies, as were the computers of some Republican
political action committees. But details on those cases were not available.
The hackers who penetrated the DNC network were expelled
last weekend in a major computer cleanup campaign. No financial, donor or
personal information appears to have been taken, leaving analysts to suspect
the breach was a case of traditional espionage and not the work of criminal
hackers.
CrowdStrike said analysts still aren't sure how the
intruders gained access. Suspicions are being raised that they targeted DNC
employees with spearphishing e-mails that appeared to come from known and
trusted people that contained malicious links or attachments.Researchers with
security firm Palo Alto Networks said that a Russian hacking group it calls
Sofacy sent an unnamed US government agency spearphishing e-mails that appeared
to come directly from the compromised account belonging to the Ministry of
Foreign Affairs of another government.
The government is usually hesitant to publicly blame another
government for a cyberattack and opts to usually remain silent, concerned of the
geopolitical consequences and waiting for strong enough evidence that it might
hold up in court.
It's not the first time that hackers have targeted major
figures in a US presidential election. In 2008, both computer systems for both
the Obama and McCain campaigns were reportedly victims of a sophisticated
attack by a then unknown foreign entity. The two hacking groups identified by CrowdStrike
didn't appear to work together or to coordinate their attacks.
Any U.S. election is of intense interest to overseas
governments, and Trump's candidacy has especially raised his relationship with
Russia throughout the campaign. He has at times spoken admiringly of Russian
President Vladimir Putin, and some of his foreign policies have drawn praise in
Moscow, despite the country's chilly relationship with the U.S.
The intrusions are an example of Russia’s interest in the
U.S. political system and its desire to understand the policies, strengths and
weaknesses of a potential future president.