Experts say Russian hackers breached the DNC files on Donald Trump
CrowdStrike was enlisted by the DNC early last month
Hackers connected to the Russian government broke into the servers of the Democratic National Committee and stole opposition research on Donald Trump, the cybersecurity experts responding to the intrusion said Tuesday.
Two separate Russian intelligence-linked cyberattack groups were both in the DNC’s networks, Dmitri Alperovitch, co-founder and chief technology officer of CrowdStrike, which responded to the breach, told CNN. They likely didn’t even know the other was in the systems, he added.
The U.S. government, however, has not yet determined that the hackers who breached the server are connected to the Russian government, a U.S. official told CNN.
The government is usually hesitant to publicly blame another government for a cyberattack, famously doing so weeks into the investigation into North Korea’s attack on Sony Entertainment. But other times the government has remained quiet, concerned of the geopolitical consequences and waiting for strong enough evidence that it might hold up in court. Private security that investigate and respond to cyberattacks, however, tend to be less restricted in pointing fingers at governments based on their own research.
The breach was first reported by The Washington Post.
CrowdStrike was enlisted by the DNC early last month after the DNC suspected something was amiss in its servers. The hackers were kicked out over the weekend, Alperovitch said, and CrowdStrike is monitoring for any efforts by them to hack back in.
“The security of our system is critical to our operation and to the confidence of the campaigns and state parties we work with,” DNC Chairwoman Rep. Debbie Wasserman Schultz said in a statement. “When we discovered the intrusion, we treated this like the serious incident it is and reached out to CrowdStrike immediately. Our team moved as quickly as possible to kick out the intruders and secure our network.”
A Hillary Clinton aide told CNN, “We have no evidence that our information systems have been compromised.”
Clinton herself said she only learned of the breach when it was made public. But she called the news “troubling.”
“It is troubling just as all cyberattacks against our businesses and our institutions and our government are,” Clinton said in an interview with Telemundo. “So far as we know, my campaign has not been hacked into and we’re obviously looking hard at that, but cybersecurity will be an issue that I will be absolutely focused on as president, because whether it’s Russia or China, Iran or North Korea, more and more countries are using hacking to steal our information to use it to their advantage and we can’t let that go on.”
The FBI and Trump campaign did not immediately respond to requests for comment.
A Department of Homeland Security official told CNN the agency is aware of the reports and is currently looking into the matter.
Alperovitch said his firm is not working with the FBI, though he believes the DNC is. CrowdStrike was retained by the DNC through its law firm.
’Bears’ to blame
The group that stole Trump’s opposition file got in a few months ago and is linked closely with a Russian military intelligence organization, Alperovitch said. A different Russian group was monitoring the communications servers of the DNC, including email, for about a year.
Voter files did not appear to be affected, CrowdStrike determined.
“I have high-level confidence that this is Russian intelligence,” Alperovitch said, citing a vast body of research his company has on the unique indicators of various cyberattack groups around the world. CrowdStrike specializes in groups known as “advanced persistent threats,” or high-level, often government-linked, hacking entities.
CrowdStrike names the cyberattack groups it identifies, using the term “Bear” for Russian-linked groups. The two groups involved with the DNC are nicknamed “Fancy Bear,” the Trump files group, and “Cozy Bear,” which was in the communicat