Russian Hackers Penetrate Democratic National Committee, Steal Trump Research | KUOW News and Information

Russian Hackers Penetrate Democratic National Committee, Steal Trump Research

Jun 14, 2016
Originally published on June 15, 2016 5:53 am

This post was updated at 3:10 PM

Russian hackers have been accessing the Democratic National Committee's computer network for the past year, and have stolen information including opposition research files on presumptive Republican presidential nominee Donald Trump.

According to CrowdStrike, the security firm the DNC called in to deal with the massive data breach, one group of hackers tied to the Russian government has been stealing information from the national party for about a year.

"They infiltrated the DNC's network last summer and were monitoring their communications, their email servers, and the like," company co-founder Dmitri Alperovitch told NPR.

A second group, also tied to Russia, accessed the DNC's network in April. "They went straight for the research department of the DNC and exfiltrated opposition materials on Mr. Trump," Alperovitch said.

The Washington Post first reported the DNC break-in.

CrowdStrike doesn't believe the two distinct groups of Russian hackers — which the company has internally nicknamed COZY BEAR and FANCY BEAR — collaborated with each other.

"Instead," company co-founder Dmitri Alperovitch wrote in a lengthy blog post, "we observed the two Russian espionage groups compromise the same systems and engage separately in the theft of identical credentials."

Alperovitch said CrowdStrike was able to clear the hackers out of the computer network last weekend.

In a statement, DNC Chairwoman Debbie Wasserman Schultz said, "The security of our system is critical to our operation and to the confidence of the campaigns and state parties we work with. When we discovered the intrusion, we treated this like the serious incident it is and reached out to CrowdStrike immediately. Our team moved as quickly as possible to kick out the intruders and secure our network."

It's not unusual for hackers to break into presidential candidates' websites. In fact, it's happened during the last two presidential campaigns. In the most high-profile incident, hackers shut down Mitt Romney's campaign site for several hours in 2012.

Last month, Director of National Intelligence James Clapper told lawmakers, "We've already had some indications of [political hacking]. And a combination of [the Department of Homeland Security] and FBI are doing what they can to educate both campaigns against a potential cyberthreat."

This isn't the DNC's first high-profile data breach, either. Last December, a breakdown in the server that Democrats use to store information about voters allowed staffers from Bernie Sanders' presidential campaign to briefly access files from the Clinton campaign.

But a campaign-to-campaign data breach is much different from the penetration of a network by foreign hackers. According to CrowdStrike, the two Russian hacking groups have also "previously infiltrated the unclassified networks of the White House, State Department, and US Joint Chiefs of Staff," as well as private companies in the energy, media and aerospace sectors.

Alperovitch said it's still not clear how the hackers were able to gain their initial access to the DNC's network, as they covered their digital tracks. But, he said, "typical tradecraft for these groups is to compromise the network through what is known as spearphishing, where they send fake emails to individuals within the organization, and getting them to click on a link or an attachment."

Copyright 2018 NPR. To see more, visit http://www.npr.org/.

KELLY MCEVERS, HOST:

And now for a story that kind of sounds like the plot of a TV show. The Democratic Party today confirmed that its computer network here in Washington had been hacked sometime last summer, and the suspected culprits had ties to the Russian intelligence services. Their target was Democrats' opposition files on Donald Trump. NPR's Brian Naylor has the details.

BRIAN NAYLOR, BYLINE: There were actually two separate hacks on the DNC's network, one last summer called COZY BEAR. It eavesdropped on the party's emails and communications. Then this past spring, a second hack occurred. Dmitri Alperovitch is co-founder of CrowdStrike, the cybersecurity firm the Democrats brought in to clean up their servers.

DMITRI ALPEROVITCH: And the second actor, who we call FANCY BEAR, which we actually believe is the GRU - the military intelligence agency of the Russian government - infiltrated that network this April. And they went straight for the research department of the DNC and exfiltrated opposition materials on Mr. Trump.

NAYLOR: Now, Alperovitch says neither of the two BEARs - COZY or FANCY - knew the other was lurking about because they were the work of separate spy groups - FANCY BEAR from military intelligence and COZY BEAR probably from the FSB, Alperovitch says, Russia's security intelligence agency. Both of the BEARs, he says, were competing for the attention of Russian leader Vladimir Putin.

ALPEROVITCH: And this is actually not atypical of Russian intelligence agencies. They have a very adversarial relationship. They don't share information with each other. They don't cooperate. In fact, there's one-upsmanship that they're often involved in to show off to Putin who is better and to get more budget and more power.

NAYLOR: DNC chairwoman Debbie Wasserman Schultz said democratic officials moved as quickly as possible to kick out the intruders and secure the network. There's no indication there was any financial motive for the breach. Alperovitch says it's possible the hackers got into the system by spearfishing, sending a fake email and hoping the recipient will click on a link and let them in the door. He says the Russians are very good at this sort of thing.

ALPEROVITCH: These are very, very sophisticated actors. Their tradecraft is absolutely superb. They're some of the best that we ever encounter in terms of cyber threats. So I think any organization would be highly vulnerable to this threat.

NAYLOR: And in fact, Alperovitch says, Russian intelligence has targeted the White House, the State Department and the Joint Chiefs of Staff in the past. And political campaigns have been victims, too. Director of National Intelligence James Clapper warned a few weeks ago that the presidential campaigns would be likely targets. Frank Cilluffo directs the George Washington University's Center for Cyber and Homeland Security.

FRANK CILLUFFO: It would be naive to suggest that other candidates and their campaigns aren't being targeted by foreign intelligence services as well. If you recall, Mitt Romney's campaign was allegedly hacked, as were others. So I think this is becoming a bit of a new norm.

NAYLOR: Nor, says Cilluffo, is it surprising that Trump would be of special interest to Russians and other foreign powers.

CILLUFFO: With Donald Trump in particular, since he's a relatively newcomer to the political scene, it's not surprising that they're trying to glean additional insight into his positions and policies not only with respect to Russia but beyond, and also to dig up political dirt - which in Russian is compromat - very consistent with Russian politics.

NAYLOR: The Russian government has denied any involvement in the DNC hack, but cyber experts warn that this is unlikely to be the last attack on a political website and that they'll probably continue up until the November election. Brian Naylor, NPR News, Washington. Transcript provided by NPR, Copyright NPR.