There are “no certain links” between foreign nation states and the hackers who breached the Democratic National Committee’s computer network and accessed opposition research on Republican presidential candidate Donald Trump, according to an Atlantic Council cybersecurity expert.
“It’s possible that multiple groups independently initiated their own intrusion of the DNC network, for entirely separate reasons—that would not be uncommon,” Beau Woods, deputy director of the Council’s Cyber Statecraft Initiative, said in an interview with the New Atlanticist on June 14.
“Not all such attacks are state sponsored—it’s not hard to imagine many motivations for someone wanting to get access to the DNC network,” he added.
According to CrowdStrike, the DNC network was allegedly breached by two adversary groups that may be connected with Russian government espionage organizations—the GRU, the country’s military intelligence agency and the FSB, the internal security arm of the Russian government. The hackers gained access to the DNC’s database on Trump, the Washington Post reported citing committee officials and security experts who responded to the breach.
Cyberattacks on US presidential campaigns or political party organizations are not unprecedented. Earlier this year, US Director of National Intelligence, James Clapper, warned of hackers possibly targeting 2016 presidential campaigns. Marcel Lehel Lazar, a Romanian national also known as “Guccifer,” recently pled guilty to illegally accessing the e-mail of Hillary Rodham Clinton, the Bush family, and others.
Two hacking groups have so far been identified in the DNC breach, which occurred over a year-long timeframe. CrowdStrike, a cybersecurity firm, analyzed the breach after senior DNC leadership noticed suspicious behavior in April.
“There’s been a thousand-fold increase in its espionage campaign against the West,” Dmitri Alperovitch, a nonresident senior fellow at the Atlantic Council’s Cyber Statecraft Initiative, said in an interview with the Washington Post. “They feel under siege.” Alperovitch is also CrowdStrike’s chief technology officer.
Even though there is no hard evidence of a direct connection between the hackers and the Russian government, Woods contended that there has been evidence before of such organizations working with or being funded by foreign government entities.
“There is a lot of evidence that governments incentivize or in some way work with third parties in this way—both formally and informally. It is not unprecedented to see this type of activity carried out at the behest of nation states, but it’s also not unprecedented to see this type of activity by independent groups for their own motivations,” said Woods.
CrowdStrike’s investigation into the breach is ongoing. Since detecting the breach, the company has set up software and bulked up security measures to prevent such attacks against the DNC from occurring in the future. At this point, only opposition research data on Trump has been identified as stolen, leaving sensitive employee data in the clear for now.
“The bottom line is that we don’t know,” Woods concluded, referring to what else may have been compromised and what the groups may do with the stolen opposition research. “At this point, we are still making guesses.”
Mitch Hulse is an editorial assistant with the Atlantic Council. You can follow him on Twitter @mitchhulse.