Russian Government Hackers Penetrated DNC, Stole Opposition Research on Trump

Democratic National Committee event, September 15, 2010Russian government hackers penetrated the computer network of the Democratic National Committee and gained access to the entire database of opposition research on GOP presidential candidate Donald Trump , according to committee officials and security experts who responded to the breach.

The intruders so thoroughly compromised the DNC’s system that they also were able to read all email and chat traffic, said DNC officials and the security experts.

The intrusion into the DNC was one of several targeting American political organizations. The networks of presidential candidates Hillary Clinton and Donald Trump were also targeted by Russian spies, as were the computers of some GOP political action committees, U.S. officials said….

DNC leaders were tipped to the hack in late April. Chief executive officer Amy Dacey got a call from her operations chief saying that their information technology team had noticed some unusual network activity….

Within 24 hours, CrowdStrike had installed software on the DNC’s computers so that it could analyze audit data that could indicate who had gained access, when and how.

The firm identified two separate hacker groups, both working for the Russian government, that had infiltrated the network, said Dmitri Alperovitch, CrowdStrike co-founder and chief technology officer. The firm had analyzed other breaches by both groups over the last two years.

One group, which CrowdStrike had dubbed Cozy Bear, had gained access last summer and was monitoring the DNC’s email and chat communications, Alperovitch said.

The other, which the firm had named Fancy Bear, broke into the network in late April and targeted the opposition research files. It was this breach that set off the alarm. The hackers stole two files, Henry said. And they had access to the computers of the entire research staff — an average of about several dozen on any given day….

The two groups did not appear to be working together, Alperovitch said. Fancy Bear is believed to work for the GRU, or Russia’s military intelligence service, he said. CrowdStrike is less sure of whom Cozy Bear works for but thinks it might be the Federal Security Service or FSB, the country’s powerful security agency, which was once headed by Putin.

The lack of coordination is not unusual, he said. “There’s an amazing adversarial relationship” among the Russian intelligence agencies, Alperovitch said. “We have seen them steal assets from one another, refuse to collaborate. They’re all vying for power, to sell Putin on how good they are….”

The two groups have hacked government agencies, tech companies, defense contractors, energy and manufacturing firms, and universities in the United States, Canada and Europe as well as in Asia, he said.

Cozy Bear, for instance, compromised the unclassified email systems of the White House, State Department and Joint Chiefs of Staff in 2014, Alperovitch said.

“This is a sophisticated foreign intelligence service with a lot of time, a lot of resources, and is interested in targeting the U.S. political system,” [CrowdStrike president Shawn] Henry said. He said the DNC was not engaged in a fair fight. “You’ve got ordinary citizens who are doing hand-to-hand combat with trained military officers,” he said. “And that’s an untenable situation.”

Russia has always been a formidable foe in cyberspace, but in the last two years “there’s been a thousand-fold increase in its espionage campaign against the West,” said Alperovitch, who is also a senior fellow at the Atlantic Council. “They feel under siege.”

Cybersecurity Intelligence Russia Security & Defense United States and Canada

Image: Democratic National Committee event, September 15, 2010 (photo: Cliff)