Russian hackers have had access to Democratic National Committee secret files — including opposition research on Donald Trump — for over a year, according to a new report in The Washington Post.
The revelation comes a month after the director of national intelligence, James R. Clapper Jr., said that the agency had seen evidence of possible intrusions from foreign hackers into political sites.
In the most recent hacks, data thieves were able to abscond with an entire database of opposition research on Trump in addition to monitoring email and chat traffic from the DNC’s system for the better part of a year.
DNC officials made the discovery of the hackers’ presence last week during a major cleanup campaign, according to committee officials and security experts consulted by the Post.
No donor or personal information was accessed, according to the report, and most of the opposition research would have been released during the course of the campaign, according to the DNC.
The breach was discovered by the security organization, CrowdStrike, whose chief, Shawn Henry, was a former head of the FBI’s cyber division.
The suspected Russian hackers also targeted the individual websites of Trump and Hillary Clinton, according to the Post’s report.
The attack just serves to underscore the woeful state of national cybersecurity (and is just damn embarrassing for the DNC). And it isn’t the first time hackers have targeted U.S. presidential campaigns.
Back in the summer of 2008, the campaign websites of then-candidates Barack Obama and John McCain were hacked by the Chinese government.
Rep. Debbie Wasserman Schultz, the chairwoman of the DNC, told the Post:
“The security of our system is critical to our operation and to the confidence of the campaigns and state parties we work with. When we discovered the intrusion, we treated this like the serious incident it is and reached out to CrowdStrike immediately. Our team moved as quickly as possible to kick out the intruders and secure our network.”
CrowdStrike identified two separate hacker organizations that were responsible for the attacks (both allegedly working for the Russian government). According to CrowdStrike co-founder and chief technology officer, Dmitri Alperovitch, the two groups, dubbed Cozy Bear and Fancy Bear had broken into the networks last June and late April of this year (respectively). It was the April breach that set off alarm bells.
According to the security firm, the security breaches were likely the result of “spearphishing” emails that look legitimate but contain links or attachments that, when opened, deploy malicious software that give hackers access to internal networks (which is why I never open attachments).
“While the current lack of evidence forces us to speculate all too much, it is worth noting that one of the alleged breaches, the case of CozyBear aka. the Dukes, is said to originate from the summer of 2015. This is before the same group appears to have gone quiet in response to wide-spread industry and media attention (The Dukes: 7 Years Of Russian Cyber – Espionage),” wrote Artturi Lehtio, a researcher at the security firm F-Secure Labs, in an email. “The breach by FancyBear aka. Sofacy, on the other hand, allegedly is much newer, suggesting an even more active push to gain insight into the ongoing presidential elections in the US.”