FBI Launches Probe Into DNC Email Hack

The FBI on Monday confirmed it has opened an investigation into allegations that the Wikileaks email dump of nearly 20,000 Democratic National Committee emails over the weekend might be linked to the Russian government. Hackers connected to Russian intelligence agencies allegedly have been working to help tilt the United States presidential election.

Hillary Clinton’s campaign manager, Robby Mook, made a bombshell allegation on Sunday, claiming that the hack of thousands of DNC emails that revealed efforts to undermine the Bernie Sanders campaign was the work of Russian intelligence.

DNC Chair Debbie Wasserman Schultz announced she would resign her post after the convention ended, succumbing to pressure following the leaks.

“The FBI is investigating a cyber intrusion involving the DNC and is working to determine the nature and scope of the matter,” the agency said in a statement provided to TechNewsWorld by spokesperson Jillian Stickels. “A compromise of this nature is something we take very seriously and the FBI will continue to investigate and hold those accountable who pose a threat in cyberspace.”

The Wiki Dump

The Clinton campaign was informed that the release of the emails to Wikileaks, which published the files on Friday, was part of an effort to aid the campaign of Republican nominee Donald Trump, who is seen as being more favorable to Russian President Vladimir Putin, Mook told CNN’s Jake Tapper.

Cybersecurity experts linked the email hack to a number of Russian groups connected to past attempts to infiltrate several U.S. government agencies and private think tanks, Mook said.

The most damaging of the leaks involved Brad Marshall, the CFO of the DNC, suggesting in a May email that the party plant a story in Kentucky or West Virginia that questioned whether Sanders was an atheist or embraced his Jewish heritage.

Trump campaign Chairman Paul Manafort on Sunday denied the allegations that it was working with Russia, calling the charges “absurd” on This Week with George Stephanopoulos.

Donald Trump on Monday joked about the alleged Russian connection in a tweet.

The new joke in town is that Russia leaked the disastrous DNC e-mails, which should never have been written (stupid), because Putin likes me

— Donald J. Trump (@realDonaldTrump) July 25, 2016

Russian government officials told TechNewsWorld that the allegations were groundless.

“As per your request, we see the flood of inadequate and inappropriate allegations that has inundated the U.S. media,” said Yuri Melnik, press secretary of the Embassy of Russia in the USA. “One can only be surprised by such childish, groundless accusations that are far beyond reality.”

Other indications that Russia might be orchestrating hack attacks against the DNC surfaced last month, when CrowdStrike reported that two groups linked to Russian intelligence were behind breaches of the DNC system.

Guccifer 2.0, a hacker believed to be connected with Russia, had claimed credit for the breach and posted documents claiming to be from the DNC.

Lions, Tigers and Bears

Although the Guccifer 2.0 postings might have been part of a disinformation campaign, CrowdStrike stood by its original analysis.

After the DNC called on the firm to investigate the suspected breach, it immediately identified two adversaries — Cozy Bear and Fancy Bear — that had gone after other CrowdStrike customers in the past, according to the firm’s CTO Dmitri Alperovitch.

“In fact our team considers them some of the best adversaries out of all the numerous nation-state, criminal and hacktivist/terrorist groups we encounter on a daily basis,” he wrote. “Their tradecraft is superb, operational security second to none and the extensive use of ‘living off the land’ techniques enables them to easily bypass many security solutions they encounter.”

Cozy Bear, which is also known as “CozyDuke” or “Apt 29,” in the past has accessed unclassified sections of the White House, State Dept., U.S. Joint Chiefs of Staff and targeted companies in the defense, financial, energy and other industries.

The group’s usual approach is through a broadly targeted spearphishing campaign with Web links to a malicious dropper, according to CrowdStrike.

Fancy Bear, also known as “Sofacy” or “Apt. 28,” has been active since the mid-2000s and gone after entities in the aerospace, defense, energy, government and media sectors, with victims in numerous countries around the world, including the U.S., Western Europe, Brazil, Canada, Japan, South Korea and others.

Fancy Bear often targets defense ministries and may be affiliated with GRU, the leading Russian military intelligence service. It is known to register domains that look very similar to the legitimate organizations being targeted. Among known victims are the German Bundestag and France’s TV5 Monde.

The Cozy Bear intrusion at the DNC dates back to the summer 2015, while the Fancy Bear breach occurred in April of this year, according to CrowdStrike. However, no evidence exists of collaboration between the two groups.

The DNC attack is most likely part of an ongoing set of attacks from the same group, suggested Kevin O’Brien, CEO of GreatHorn.

“So-called advanced persistent threats — attacks that are highly targeted, occur over long periods of time, and which bypass traditional security — are on the rise,” he told TechNewsWorld.

There has been a drastic increase in these kind of cyberattacks over the past 90 days, particularly in the financial services sector, O’Brien said, noting that GreatHorn has analyzed more than 75,000 mailboxes.

Emails are an attractive target for hackers, he noted, because they have a combination of high-value data and near-universal user adoption, including by people who may not be aware of how these threats manifest themselves and who may be using systems with weak native security.

David Jones is a freelance writer based in Essex County, New Jersey. He has written for Reuters, Bloomberg, Crain's New York Business and The New York Times.

1 Comment

  • I’m sure the DNC would want anymore emails stopped before being released to the public. What better way than to get the FBI involved. Hacking in my opinion is a crime, but it also enlightens people to what is really happening. Many suspected the DNC to conspire against Bernie Sanders and the hacked emails confirmed this. In some cases does this justify hacking to prove a wrong? I think pretty much the rise of a Donald Trump is directly the result of most American’s not trusting their political system. The emails simple provide more proof of that and enhance Trumps popularity. Calling him out on his conspiracy theories of a rigged political system seem incorrect now. What’s more I think its clear that whatever disagreements Democrat’s and Republican’s have with each other. Their club is resistant to an outsider. Even a Bernie Sanders is really not a outsider and that was evident when he caved and supported Hillary Clinton. He was afraid of being booted from the club. Guarantee his reelection would probably have not been supported had he not endorsed Clinton. These people all seem indebted to each other, which is why Trump is the party crasher. He brings fear to both sides who like the agreement they have going.

    It’s like the Hatfields and McCoys. They fight with each other, but they would gang up on any outsider who tries to referee.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

More by David Jones
More in Cybersecurity

LinuxInsider Channels