|
U.S. theory on Democratic Party breach:
Hackers meant to leave Russia's mark
Send a link to a friend
 [July 28, 2016]
By John Walcott, Joseph Menn and Mark Hosenball
WASHINGTON (Reuters) - Some U.S.
intelligence officials suspect that Russian hackers who broke into
Democratic Party computers may have deliberately left digital
fingerprints to show Moscow is a "cyberpower" that Washington should
respect.
Three officials, all speaking on condition of anonymity, said the
breaches of the Democratic National Committee (DNC) were less
sophisticated than other cyber intrusions that have been traced to
Russian intelligence agencies or criminals.
For example, said one official, the hackers used some Cyrillic
characters, worked during Russian government business hours but not on
Russian religious or political holidays."Either these guys were
incredibly sloppy, in which case it’s not clear that they could have
gotten as far as they did without being detected, or they wanted us to
know they were Russian," said the official.
Private sector cyber security experts agreed that the evidence clearly
points to Russian hackers but dismissed the idea that they intentionally
left evidence of their identities.
These experts - who said they have examined the breach in detail - said
the Cyrillic characters were buried in metadata and in an error message.
Other giveaways, such as a tainted Internet protocol address, also were
difficult to find.
Russian hacking campaigns have traditionally been harder to track than
China’s but not impossible to decipher, private sector experts said. But
the Russians have become more aggressive and easier to detect in the
past two years, security experts said, especially when they are trying
to move quickly.
False flags have grown more common, but the government and private
experts do not believe that is involved in the DNC case.
The two groups of hackers involved are adept at concealing their
intrusions, said Laura Galante, head of global threat intelligence at
FireEye, whose Mandiant subsidiary conducted forensic analysis of the
attack and corroborated the findings of another cyber company,
CrowdStrike.
Russian officials have dismissed the allegations of Moscow's involvement
as absurd. Russian Foreign Minister Sergei Lavrov, in his only response
to reporters, said: "I don't want to use four-letter words."
EMBARRASSING EMAILS
While private cyber experts and the government were aware of the
political party's hacking months ago, embarrassing emails were leaked
last weekend by the WikiLeaks anti-secrecy group just as the Democratic
Party prepared to anoint Hillary Clinton as its presidential candidate
for the Nov. 8 election.
DNC chairwoman, Debbie Wasserman Schultz, resigned after the leaked
emails showed party leaders favoring Clinton over her rival in the
campaign for the nomination, U.S. Senator Bernie Sanders of Vermont. The
committee is supposed to be neutral.
The U.S. intelligence officials conceded that they had based their views
on deductive reasoning and not conclusive evidence, but suggested
Russia’s aim probably was much broader than simply undermining Clinton's
campaign.
They said the hack fit a pattern of Russian President Vladimir Putin
pushing back on what he sees as the United States and its European
allies trying to weaken Russia.
[to top of second column] |
A lock icon, signifying an encrypted Internet connection, is seen on
an Internet Explorer browser in a photo illustration in Paris April
15, 2014. REUTERS/Mal Langsdon
"Call it the cyber equivalent of buzzing NATO ships and planes using
fighters with Russian flags on their tails," said one official.
Two sources familiar with Democratic Party investigations into the
hacking said the private email accounts of Democratic Party
officials were targeted as well as servers.
They said that the FBI had advised the DNC that it was looking into
the hacking of the individual officials' private accounts. They also
said the FBI also requested additional information identifying the
personal email accounts of certain party officials.
The DNC hired CrowdStrike to investigate the hack. It spent about
six weeks, from late April to about June 11 or 12, monitoring the
systems and watching while the hackers - who they believed were
Russian - operated inside the systems, one of the sources said.
What actions, if any, the Obama administration will take are unclear
and could depend on what diplomatic considerations may ultimately be
involved, a former White House cyber security official said.
In past cases, administration officials have decided to publicly
blame North Korea and indict members of China’s military for hacking
because the administration decided that the net benefit of public
shaming – and increased awareness brought to cyber security –
outweighed potential risks, the former official said.
But "the Russia calculation is far more difficult and precarious,"
the former official said. "Russia is a much more aggressive, capable
foreign actor both in the traditional military sense and in the
cyber realm" and that made public attribution or covert retaliation
much less likely.
The former official, and a source familiar with the Democratic Party
investigations, said that they also were unaware of any U.S.
intelligence clearly demonstrating that WikiLeaks had received the
hacked materials directly from Russians or that WikiLeaks’ release
of the materials was in any way directed by Russians.
(Reporting By John Walcott, Joseph Menn and Mark Hosenball;
Additional reporting by Dustin Volz; Editing by David Rohde and
Grant McCool)
[© 2016 Thomson Reuters. All rights
reserved.]
Copyright 2016 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed. |
