Evidence suggests that a Russian intelligence group was the source of the most recent Wikileaks intel dump, which was aimed to influence the U.S. election.
Close your eyes and imagine that a hacking group backed by Russian President Vladimir Putin broke into the email system of a major U.S. political party. The group stole thousands of sensitive messages and then published them through an obliging third party in a way that was strategically timed to influence the United States presidential election. Now open your eyes, because that’s what just happened.
On Friday, Wikileaks published 20,000 emails stolen from the Democratic National Committee. They reveal, among other things,thuggish infighting, a push by a top DNC official to use Bernie Sanders’ religious convictions against him in the South, and attempts to strong-arm media outlets. In other words, they reveal the Washington campaign monster for what it is.
But leave aside the purported content of the Wikileaks data dump (to which numerous other outlets have devoted considerable attention) and consider the source. Considerable evidence shows that the Wikileaks dump was an orchestrated act by the Russian government, working through proxies, to undermine Hillary Clinton’s Presidential campaign.
“This has all the hallmarks of tradecraft. The only rationale to release such data from the Russian bulletproof host was to empower one candidate against another. The Cold War is alive and well,” Tom Kellermann, the CEO of Strategic Cyber Ventures told Defense One.
Here’s the timeline: On June 14, cybersecurity company CrowdStrike, under contract with the DNC, announced in a blog post that two separate Russian intelligence groups had gained access to the DNC network. One group, FANCY BEAR or APT 28, gained access in April. The other, COZY BEAR, (also called Cozy Duke andAPT 29) first breached the network in the summer of 2015.
Cybersecurity company FireEye first discovered APT 29 in 2014 and was quick to point out a clear Kremlin connection. “We suspect the Russian government sponsors the group because of the organizations it targets and the data it steals. Additionally, APT 29 appeared to cease operations on Russian holidays, and their work hours seem to align with the UTC +3 time zone, which contains cities such as Moscow and St. Petersburg,” they wrote in their report on the group. Other U.S. officials have said that the group looks like it has sponsorship from the Russian government due in large part to the level of sophistication behind the group’s attacks.
It’s the same group that hit the State Department, the White House, and the civilian email of the Joint Chiefs of Staff.The group’s modus operandi (a spearphishing attack that uploads adistinctive remote access tool on the target’s computer) is well known to cyber-security researchers.
In his blog post on the DNC breaches CrowdStrike’s CTO Dmitri Alperovitchwrote “We’ve had lots of experience with both of these actors attempting to target our customers in the past and know them well. In fact, our team considers them some of the best adversaries out of all the numerous nation-state, criminal and hacktivist/terrorist groups we encounter on a daily basis. Their tradecraft is superb, operational security second to none and the extensive usage of ‘living-off-the-land’ techniques enables them to easily bypass many security solutions they encounter.”
The next day, an individual calling himself Guccifer 2.0 claimed to be the culprit behind the breach and released key documents to back up the claim, writing: “Shame on CrowdStrike.”
More: How Putin Weaponized Wikileaks to Influence the Election of an American President
One would hope that most Americans would be smart enough not to take Putin's bait. We'll see...
Last edited:
