In
the closing days of the 2016 election campaign, hackers believed to be
working for Russian intelligence launched a new wave of attacks on
Hillary Clinton’s campaign and the Democratic National Committee — a
previously unreported cyberoffensive that heightened concerns, now
endorsed by the CIA, that the Russian government was seeking to
influence the outcome of the election in favor of Donald Trump,
according to sources familiar with the investigations into the attempted
intrusions.
The
attacks came in the form of so-called “phishing” emails sent to nearly a
dozen campaign and committee staffers in a renewed effort at
penetrating their networks, said Dmitri Alperovitch, the co-founder and
chief technology officer of CrowdStrike, the cybersecurity firm hired by
the DNC to repel attacks on its network. Staffers at that point were
alert enough to reject entreaties to click on the unsolicited email
messages that would have allowed the hackers into their computers, he
said.
But
at least one top Clinton campaign staffer, communications director
Jennifer Palmieri, told Yahoo News on Sunday that she received an alert
from Google in mid-October informing her that her personal Gmail account
had been targeted by a “foreign state” actor and that her password
needed to be changed.
“They
were targeting us throughout the election,” said another former senior
Clinton campaign staffer, who asked not to be identified. “They never
stopped trying to get back in.”
The
disclosure of the late campaign attack could fuel a mounting
controversy over U.S. intelligence findings that link Russian
intelligence to the cyberattacks for the express purpose of throwing the
election as part of a campaign, orchestrated in Moscow, to defeat
Clinton.
The Washington Post reported
Saturday that the CIA has briefed members of Congress on an assessment
that the Russians targeted Democratic political organizations and
campaign officials as part of a specific effort to defeat Clinton and
elect Trump. This goes beyond an earlier public finding that U.S.
intelligence officials were “confident” that the Russian government was
behind the cyberattacks, but did not ascribe a motive for the Russians
doing so.
One
piece of damning evidence behind the new finding is that the CIA and
the FBI have both identified specific individuals associated with or
close to the Russian government who provided the DNC emails to
WikiLeaks, which began publishing them in July, a senior law enforcement
official told Yahoo News. Despite reports of a clash between the CIA
and the FBI over the motive behind Russia’s intelligence service in
launching the operation, the differences are more a matter of “degree”
and emphasis, with the FBI believing there may have been “mixed” motives
for the Russian effort, the official said. Still, “we all agree they
did these things,” the official said.
But President-elect Trump doubled down on his rejection of the intelligence findings in an interview with Fox News anchor Chris Wallace that aired Sunday, dismissing any conclusion that points to Russian government involvement.
“I think it’s ridiculous,” Trump told Chris Wallace in interview that aired on “Fox News Sunday,” his first Sunday show sit-down since winning the election. “I don’t believe it.”
“If
you look at the story and you take a look at what they said, there’s
great confusion,” Trump added. “Nobody really knows, and hacking is very
interesting. Once they hack, if you don’t catch them in the act you’re
not going to catch them. They have no idea if it’s Russia or China or
somebody. It could be somebody sitting in a bed someplace. I mean, they
have no idea.”
Alperovitch
of CrowdStrike, the cybersecurity firm that first publicly linked the
cyberattacks to Russian intelligence, said Sunday that he was “puzzled”
by Trump’s remarks and assumes he has not yet been fully briefed on the
matter. (CrowdStrike, whose principals include Shawn Henry, the former
chief of the FBI’s cyber division, was initially hired by the DNC to
investigate the cyberattacks and defend its network last May.)
“At
this point, the matter of attribution on the intrusions has been
settled,”Alperovitch said. “There is nobody that looks at the evidence
who disputes this.” Asked his level of confidence in his firm’s
findings, he responded “100 percent.”
Much
of the evidence, he said, revolves around the nature of the
sophisticated tools used by the attackers on the DNC and forensic
evidence showing strong similarities to Russian cyberattacks that have
occurred in Ukraine and other Eastern European countries — as well as to
intrusions of the Joint Chiefs of Staff, the White House and the State
Department and other U.S. government agencies. “The digital fingerprints
are of the same origin,” said Alperovitch.
CrowdStrike
initially identified two sets of attackers on the DNC’s servers: One,
dubbed “Cozy Bear,” was associated with the Russian FSB (the successor
to the Soviet KGB) and which first breached the DNC’s network in the
summer of 2015. Another, dubbed “Fancy Bear,” has been associated with
Russia’s military intelligence service, the GRU. The latter infiltrated
the DNC’s network in late April of this year in what turned into a far
more devastating attack, resulting in the disclosure of 20,000 internal
DNC emails to WikiLeaks — an act, according to Alperovitch, of
“information warfare.” (He acknowledged that a third Russian
intelligence service, the SVR, which has responsibility for foreign
intelligence operations, may also have been involved.)
“When
we look at this over 10 years — literally hundreds of intrusions —
[and] you look at the tradecraft, you look at the victims, it all points
to Russian intelligence services,” Alperovitch said.
In
addition, he said, there was another separate cyberattack discovered in
late September from an undetermined party that penetrated DNC computers
with software containing sensitive voter analytic data that was being
provided in regular memos to Clinton campaign manager Robby Mook, the
sources said.
The
breach was detected by CrowdStrike, and the cyberinvaders were expelled
from a cloud server housing the data; this server was distinct from the
DNC’s internal computer network that had been previously breached, he
said. But the intruders were never identified, and it was never
determined whether the data — containing detailed reports on voter
registration and estimates of likely voter participation in the November
election — was ever actually stolen.
Alperovitch
said he doesn’t know whether these hackers were associated with Russian
intelligence; they used different methods and publicly available
cybertools to pull it off — also he said the DNC never authorized his
firm to conduct a full investigation. But he said the late October
“phishing” attacks on the DNC and the Clinton campaign resembled the
earlier Fancy Bear attacks, leading him to conclude they were likely the
work of the GRU.
Moreover,
attacks by the Cozy Bear intruders have continued throughout the fall,
targeting multiple organizations, including think tanks and universities
whose scholars work on Russian policy issues, he said.
And
even more recently, he said, there was evidence that the separate
“Fancy Bear” hackers are now also attacking political organizations in
Germany and elsewhere in Europe in an apparent attempt to meddle in
their elections as well. (The chief of German domestic intelligence said
last week that there has been a recent increase in “aggressive
cyberespionage” against German politicians and warned about “growing evidence for attempts to influence the [German] federal elections next year.”
“These
activities have not stopped,” said Alperovitch. “Now that they were
executed [in the United States] and they have a successful playbook, I
fully expect they are going to continue.”
0 comments