Four decades ago, breaking into the files of the Democratic National Committee mean burglarizing the headquarters at the Watergate hotel. Today's spies and saboteurs can violate the DNC's computer network far more quietly.
On Tuesday, security firm Crowdstrike revealed that not one but two groups of hackers believed to be based in Russia had done simply that. The intruders, according to Crowdstrike and the DNC officials who spoke to the Washington Post , fully accessed the campaign organization's emails and chats, and stole opposition research on Republican presidential front-runner Donald Trump.
The security of our system is critical to our operating and to the confidence of the campaigns and parties to the we work with, congresswoman and DNC chair Debbie Wasserman Schultz wrote in a press statement. When we detected the intrusion, we treated this like the serious incident it is and reached out to CrowdStrike immediately. Our squad moved as soon as it is kick out the invaders and secure our network.
In a blog post detailing the attack, Crowdstrike pointed to two groups of known Russian government-aligned hackers, one dubbed Cozy Bear and another called Fancy Bear. According to Crowdstrike, the two teams apparently run independently, either unaware of each others' existence or even vying for predominance within the strange, internally competitive intelligence apparatus of Vladimir Putin's regime.
Cozy Bear, Crowdstrike says, first breached the DNC a year ago, while Fancy Bear struck more recently, with the targeted objective of accessing the Trump research files. Crowdstrikes writes that though Cozy Bear typically uses spearphishing emails as its initial entrypoint, Fancy Bear has in previous attacks created spoofed web login pages for the organizations it targets to steal staffers' credentials and gain a foothold. It's unclear which techniques were used here. Once in, both groups installed malware on the DNC's servers and PCs to continually steal and send information back to “command-and-control” servers.
In fact, Crowdstrike writes that different groups changed their malware on a regular basis and frequently altered their “persistence” techniques to avoid deletion by antivirus programs or other security measures. All of that, along with the two groups' histories of breaching targets from the White House to the State Department, drawn attention to Russian government espionage as the breach's motive.
” We identified advanced methods consistent with nation-state level abilities including deliberate targeting and access management tradecraft ,” Crowdstrike's co-founder Dmitri Alperovitch wrote in his blog post.” Both antagonists engage in extensive political and economic espionage for the benefit of the government of the Russian Federation and are believed to be closely linked to the Russian governments powerful and highly capable intelligence services .”
The DNC's breach should create alarm bell beyond the Democratic campaign–and not just in the Trump camp, where the candidate's staff are no doubt wondering what political clay Putin's snoops have accessed and how it might be leveraged.( Devoted that Putin has showered Trump with praise—and vice versa–Trump may not be worried about how the Russian despot would use it, but rather how the DNC and Clinton campaign ultimately might .) Neither the Trump nor Clinton campaigns responded to WIRED's request for comment.
It's the same thing we do: Let's suck this target totally dry and turn it into signals intelligence product.Dave Aitel of security firm Immunity
The same hackers who breached the DNC have also probed the networks of both the Trump and Clinton campaigns, as well as some Republican political action committee, officials told the Post . And within the security community, there's doubts about that well-resourced state-sponsored hackers can bypass the cybersecurity teams of those organizations, which despite their political ties don't have the direct protection of the NSA or the Department of Homeland Security. Both the Obama and McCain campaigns were compromised by hackers in 2008, for example. As Thomas Ptacek, the co-founder of security firm Matasano wrote on Twitter Tuesday,” The only thing interesting about the DNC hack is that they got caught this time .”
The only thing interesting about the DNC hack is that they got caught this time.
— Thomas Ptacek (@ tqbf) June 14, 2016
All of that has meant that the focus on the DNC's opposition files may be a mere distraction for the Trump-obsessed media, says Dave Aitel, a former NSA analyst who now operates the security firm Immunity. He argues that both Republican and Democratic campaigns have likely been targeted by hackers seeking all sorts of data–not only Russian, but also Chinese and even Iranian–and that Crowdstrike's efforts to remove those intruders won't inevitably keep them from coming back for more.” Person get confounded since they are presume theyre after one thing. But this is about long-term collect , not any particular piece of information ,” says Aitel. He compares the Russian hackers with America's own elite espionage squads in the signals intelligence division of the NSA.” Its the same thing we do: Lets suck this target wholly dry and turn it into signals intelligence product. This is not a one-time event .”
How Serious is This?
Crowdstrike's Alperovitch echoes the warning that the DNC breach may not be the last hacker of the 2016 election season.” The 2016 general elections has the worlds attention, and leaders of other nations are anxiously watching and planning for possible outcomes ,” Crowdstrike's Alperovitch writes.” Attacks against electoral candidates and the parties they represent are likely to continue up until the election in November .”
In fact, the threat of hackers assaulting campaign organizations could widen well beyond November. While opposition research datum represents a juicy digital target, more troubling still would be the possibility for foreign governments' intelligence agencies to influence domestic electoral politics by choosing a side and interrupting the other's campaign strategy. U.S. federal agencies, for all their cybersecurity disasters, at the least have massive national resources backing them. Political campaigns often don't. And foreign cyberspies, both parties can agree, are one special interest group that has no place in American democracy.