On 14 June the Washington Post reported a security breach of the Democratic National Committee's computer network. Citing committee officials and security experts, reporter Ellen Nakashima wrote Russian government hackers were responsible, specifically two groups known as Cozy Bear and Fancy Bear. It was a sophisticated attack, Nakashima concluded:
The depth of the penetration reflects the skill and determination of the United States’ top cyber-adversary as Russia goes after strategic targets, from the White House and State Department to political campaign organizations.
Nakashima quoted Shawn Henry, president of CrowdStrike, the cyber firm called in to handle the DNC breach and a former head of the FBI’s cyber division. He said it was extremely difficult for a civilian organisation to protect itself from 'a skilled and determined state such as Russia'.
A day after this report appeared, CrowdStrike co-founder Dmitri Alperovitch said in a blog post that the firm remained convinced the breach was the work of Cozy Bear and Fancy Bear, even after a blog post to a WordPress site, authored by an individual using the moniker Guccifer 2.0, claimed credit. Alpervovich said of Cozy Bear and Fancy Bear:
We’ve had lots of experience with both of these actors attempting to target our customers in the past and know them well. In fact, our team considers them some of the best adversaries out of all the numerous nation-state, criminal and hacktivist/terrorist groups we encounter on a daily basis. Their tradecraft is superb, operational security second to none and the extensive usage of ‘living-off-the-land’ techniques enables them to easily bypass many security solutions they encounter.
Then, late last week, came the release by WikiLeaks of thousands of emails from the DNC that were guaranteed to stir up already riled Bernie Sanders fans gathered in Philadelphia for the Democratic National Convention. Who was responsible this time?
This comprehensive account at the Vice Media Motherboard blog suggested the forensic evidence linking the DNC network breach to Russian operations was 'very strong', noting that two other cybersecurity companies had confirmed CrowdStrike’s findings.
Motherboard also made contact with Guccifer 2.0 and concluded that the team at work behind the persona is indeed the WikiLeaks conduit and the link back to Russian operators is real. Writer and cyber security expert Thomas Rid finished the post thus:
It is time for the United States (and the United Kingdom) to pull their weight: by publishing more evidence, by signalling political consequences for the perpetrators, by treating Wikileaks as a legitimate counter-intelligence target, and by providing not only physical but also improved digital security to candidates and campaigns in the future.
Many commentators took the link from the hackers to the Putin government as a given. Here's Fred Kaplan writing in Slate:
It’s nothing new that the Russian government has hacked into the Democratic National Committee’s email. What is new—and alarming—is that it seems to have leaked the files in an attempt to influence an American presidential election...
No doubt the Russians have also hacked the Republican National Committee’s emails, which almost certainly contain critical missives about Donald Trump that would embarrass the GOP and its candidate today. But no one has leaked those memos to WikiLeaks.
Others are not so certain it was the Russians. Another cybersleuth, Jeffrey Carr, painstakingly combed through the analysis and concluded CrowdStrike's identification was based on some 'seemingly crasy assumptions'.
Attribution is hard enough without cybersecurity companies picking the evidence they need to support the conclusion that they want with threat actor models that are completely devoid of common sense. We can do better.
On the Techdirt blog, Mike Masnick had this to say:
Of course, who did the hack and got the info is absolutely a news story. But it's an entirely separate one from whether or not the leaked emails contain anything useful or newsworthy. And yet, because this is the peak of political silly season, some are freaking out and claiming that anyone reporting on these emails "has been played" by Putin and Russia. Leaving aside the fact that people like to claim that Russia's behind all sorts of politicians that some don't like, that should be entirely unrelated to whether or not the story is worth covering.
Certainly Bernie Sanders fans weren't phased at all by the Russian connection. As far as they were concerned, the story was the emails, not who handed them over to Wikileaks. They felt vindicated, and really, really angry. Just as they had suspected, the party's national committee had actively plotted against their man. Already convinced they had been robbed after months of feeling the Bern, they were in no mood to look the other way.
— The Liberty Eagle (@TheLibertyEagle) July 26, 2016
It's too early to say what note this Convention will end on, and how it will reverberate over the next few months. But it's fair to say it was a horrible start. And you can't blame Putin for that.
Photo by Joe Raedle/Getty Images