The Case for Russian Hacking: Did the Kremlin Hack the DNC and John Podesta?

As the 2016 election has drawn on, more and more accusations have been leveled at the Russian government for allegedly hacking into both the Democratic National Committee’s servers and the private emails of Hillary Clinton and her staff. These accusations, which played a substantial role in the second presidential debate, have been a source of concern for many Americans of both Democratic and Republican leanings. Some question has remained, however, as to whether or not these accusations are valid.


The accusations of Russian hacking began shortly after the revelation that the email servers of the DNC had been infiltrated. Emails that would later bring about the resignation of chairwoman Debbie Wasserman-Schultz and draw the ire of supporters of primary candidate Bernie Sanders were released through WikiLeaks, a now famous leaking organization that has received high-profile attention in the past for its involvement in email publication. As is its typical procedure, WikiLeaks published the emails without identifying the source that had provided them.


Initially, blame for the hacks seemed to rest with an individual hacker identifying himself with the moniker Guccifer 2.0 (a reference to convicted Romanian hacker Marcel Lahel, who operated under the moniker Guccifer). Guccifer 2.0, breaking the habit of hackers to remain as anonymous as possible, claimed that he had been the one responsible for the hacking of the DNC. Across several public statements and remote interviews, Guccifer 2.0, whose real identity has never been revealed, drew mass media attention for his apparently successful breach of the Democratic Party’s email servers. Guccifer 2.0 also later claimed to be responsible for the release of emails allegedly hacked from the Clinton Foundation which presented evidence of special treatment given to major contributors.


Although Guccifer 2.0 had already revealed himself as an independent hacker, cybersecurity experts in both the private and public spheres remained unconvinced. Despite the expert nature of the hack, analysts were able to shed some light on its possible origins. According to the findings at the time, the methods used in the hacking of the email servers were consistent with those known to have been used in the past by two well-known hacking groups, designated APT28 and APT29. APT28 has long been perceived as a major international threat, having been implicated in hacks against government and military targets that include NATO, the German parliament and the White House. The group claims to consist of a team of international hackers and portrays itself as a “hacktivist” group, not unlike the hacker collective Anonymous. APT29, far less well-known than APT28, has also been implicated in email attacks in the past.


According to cybersecurity firm CrowdStrike, which was one of many firms consulted in the attempts to find the source of the DNC hacks, both APT28 and APT29 hacked the email servers separately, with APT29’s attack beginning as early as the summer of last year. This finding seemed to corroborate a statement made by Guccifer 2.0 that he had had access to the email database for a prolonged period of time before the publication by WikiLeaks. Both groups have been identified by CrowdStrike as Russian based, while the firm has specifically suggested, based on the close links between APT28’s actions and the global interests of the Russian government, that the group may be either directly controlled by or associated with the Russian military and intelligence agency GRU.


With this information, intelligence and cybersecurity experts began to draw a conclusion regarding the hacks and their source. Guccifer 2.0, they believed, was not the lone hacker he portrayed himself as, but rather an invention of the Russian intelligence services meant to take credit for the hacks, thus shielding the two larger hacker groups from blame. In continuing interviews, Guccifer 2.0 has denied this conclusion. Representatives of the Russian government and Julian Assange, head of WikiLeaks, have also denied a link between Russian intelligence and the email leaks.


More recently, emails have been published by WikiLeaks that were stolen from the private account of John Podesta, Mrs. Clinton’s campaign manager. Private cybersecurity investigators were once again brought in to determine the source of the hack, which was achieved by means of directing Mr. Podesta to a faked Google login page in order to gain access to his password and account information. Once again, Russian hacking, specifically on the part of the GRU, was suggested as a likely cause of the breach. This time, more evidence could be gathered because of a significant security oversight on the part of the hackers, who left accounts open on a link shortening service that was used to disguise links to malicious URLs.


The image painted by the totality of this information is that hackers based in Russia and in some way affiliated with the Russian government did likely hack the DNC, the Clinton Foundation and John Podesta. Owing to the extremely secretive and anonymous nature of high-level hacking operations, however, there is no way to establish with certainty exactly what the connections between APT28 and APT29, the Russian government and Guccifer 2.0 are. These connections, however, are far more firmly established than those between these three entities and either Julian Assange or Republican presidential candidate Donald Trump.


As for Mr. Assange, the case that he is being supplied with the leaked emails directly by the Russian government has been built largely on circumstantial evidence. Clearly, WikiLeaks has a source that has provided these emails. If the emails were hacked by direct order of the Russian government, it follows that that source must be involved in the hacks in some capacity. Mr. Assange’s ties to Russia are minor, but do include an appearance on one of Russia’s state-sponsored television news networks and direct praise from Russian President Vladimir Putin during WikiLeaks’ famous disclosure of thousands of US State Department diplomatic cables in 2010. Given WikiLeaks’ avowed policy of never revealing sources, however, it is unknown to anyone but Mr. Assange himself if he had knowingly accepted information obtained from Russian espionage activities.


Direct ties between Russian hacking activities and Mr. Trump are even more ambiguous. Although the release of emails from all three targeted sources has given the Republican presidential nominee a steady stream of accusations to make against Mrs. Clinton, neither public nor private cybersecurity experts have ever presented evidence that Mr. Trump is involved in the emails leaks beyond simply taking advantage of them for political gain. His willingness to do so,  combined with his generally pro-Russia policies, has formed the basis for the circumstantial case against him.


In the end, many questions remain unanswered about the involvement of government-sponsored Russian hacking in the United States presidential election. If indeed the Russian GRU has used cyber attacks to influence the presidential election in favor or Mr. Trump, it is a cause for concern that must be addressed by the future administration. Whatever the facts in the case may be, we will know much more about the effects of Mrs. Clinton’s email leaks on the outcome of the election after the close of voting today.






Share with your friends

Follow Us

Enter your email address to get updated when we have new posts on the site and never miss a thing:

Delivered by FeedBurner

Leave a Reply

Your email address will not be published. Required fields are marked *