Russian groups accused of hacking Democratic computers, seeking opposition research on Trump

Donald Trump speaks at Saint Anselm College in Manchester, N.H., on June 13.
Donald Trump speaks at Saint Anselm College in Manchester, N.H., on June 13.
(Jim Cole / Associated Press)

Hackers affiliated with the Russian government have been tapping into the files of the Democratic National Committee for nearly a year, targeting in particular the party’s opposition research about Donald Trump, officials say.

DNC officials on Tuesday confirmed the break-in, which was first reported by the Washington Post. The party’s research on Trump had been obtained by the hackers, they said, adding that the party’s internal emails and chat communications also were accessible to them.

The cybersecurity firm CrowdStrike, which the DNC brought in to shore up its system once the breaches were discovered, detailed on its website how it had traced the intruders back to the Russian government.


The hackers were also believed to have targeted the Trump and Hillary Clinton campaigns. Neither campaign has publicly reported any related breaches.

In an interview with Telemundo, Clinton called the incident “troubling.” As far as her aides are aware, her campaign’s computers have not been hacked, but “we’re obviously looking hard at that,” she said, adding that the security breach at the DNC was another warning that such threats are on the rise.

DNC officials said they did not believe any sensitive donor information was compromised. Instead, the hackers took aim at the thousands of pages of research DNC staffers compiled to use in attacking Trump during the presidential race.

In some respects, the files are a puzzling target: The most damning information was gathered for the express purpose of being made public. But security experts said that extensive files on a potential U.S. president would be the sort of information that foreign spy agencies would devote considerable resources to obtain.

“Donald Trump is probably not someone the foreign intelligence services had too much of a dossier on, unlike Clinton,” who has been in public life for decades, said Paulo Shakarian, a cybersecurity scholar at Arizona State University. “What better database to get for someone who wants to know his dirty secrets?”

Robert Morgus, a cybersecurity analyst at the nonpartisan New America Foundation, noted that foreign security and intelligence agencies have always seen gathering as much information as possible on serious candidates as part of their mission, dating back to before campaigns used computers.


“Russia is doing exactly what we’d expect them to do: looking for information on the major candidates in preparation for dealing with either of them come next year,” he said.

“I would not be surprised if the Russians are looking for information on Donald Trump that they could use as leverage for extortion should he assume office. If that’s the case, what better resource could there be than the other side’s opposition research?”

In the last presidential campaign, Chinese hackers took aim at the systems of both President Obama and Mitt Romney.

“The capabilities of these hackers are very well defined and continue to increase,” said CrowdStrike President Shawn Henry, who headed computer crime investigations for the FBI. “Their ability to hide themselves, their ability to maintain a presence on the network, and their ability to move throughout the network are regularly increasing.”

The break-in is a disturbing development for the DNC, which has already been struggling with its computer systems this election. In December, the contractor that maintains sensitive voter files for candidates experienced a software glitch that allowed staffers from the campaign of Bernie Sanders to view confidential material owned by the Clinton campaign. The Sanders campaign sued the DNC after the party locked it out of its system while it investigated.


“The security of our system is critical to our operation and to the confidence of the campaigns and state parties we work with,” the DNC chairwoman, Rep. Debbie Wasserman Schultz of Florida, said in a statement. “When we discovered the intrusion, we treated this like the serious incident it is and reached out to CrowdStrike immediately. Our team moved as quickly as possible to kick out the intruders and secure our network.”

The latest cyberattacks follow a familiar pattern of online espionage. The Russians have been aggressively probing U.S. government and political data systems in efforts to collect any information that can help them better understand the inner workings of Washington and the motivations and vulnerabilities of the people who run it. It is textbook intelligence-gathering, which is increasingly done online.

“If they find something about a particular candidate of value that they can exploit, they will do it,” said Henry.

The extended period during which the hackers had access to the DNC files did not necessarily suggest the party had done a poor job of securing its network, Shakarian said. Such lengthy breaches have become common as sophisticated hackers develop methods that allow them to leave little trace of their activities.

“The Russians are generally regarded as being some of the best in the world at breaking into the systems,” he said. “They do things a lot more stealthy and with a lot less notice than others, such as the Chinese.”

The Russian government denied any involvement with the hacking incident. But in its report, CrowdStrike identified the culprits as two hacking organizations who have deep ties to Moscow.


Election 2016 | Live coverage on Trail Guide | Track the delegate race | Sign up for the newsletter

Experts say online espionage in Russia is often the handiwork of freelance hackers like these two groups, which CrowdStrike identified with the labels Cozy Bear and Fancy Bear. The latter group is believed to work for the Russian military intelligence agency, the GRU, while the Cozy Bear group may work for the FSB, the successor agency to the KGB internal security agency, which President Vladimir Putin once headed.

“Our team considers them some of the best adversaries out of all the numerous nation-state, criminal and hacktivist/terrorist groups we encounter on a daily basis,” said the CrowdStrike report, written by firm cofounder Dmitri Alperovitch.

“Both adversaries engage in extensive political and economic espionage for the benefit of the government of the Russian Federation and are believed to be closely linked to the Russian government’s powerful and highly capable intelligence services.”

The Cozy Bear group had earlier managed to infiltrate unclassified networks of the White House, U.S. State Department and the Joint Chiefs of Staff.

CrowdStrike suggested the two groups were more likely competing than cooperating with each other.


“While you would virtually never see Western intelligence agencies going after the same target … for fear of compromising each other’s operations, in Russia this is not an uncommon scenario,” Alperovitch wrote.


How Trump’s and Clinton’s claims in their speeches after the Orlando shooting stack up

Donald Trump’s attack echoes old suggestion of an Obama secret agenda

News coverage of campaign greatly aided Trump and hurt Clinton, study finds


Follow me: @evanhalper