Cybersecurity Expert Is Convinced Russia Was Behind DNC Hacking
NPR: Matt Tait is CEO of Capital Alpha Security, a British cybersecurity firm. I asked him why he was skeptical.
TAIT: Well, it just seemed to fantastical to be true. Russia has very good hackers. You know ,this is a government agency. So initially, what I decided, I’m going to prove Crowd Strike wrong.
NPR: They were hired by the Democratic National Committee to look into this.
TAIT: Absolutely. And so I basically went through all of the technical evidence published by them. I looked through the malware signatures they had come up with, and eventually what you start to discover is there’s a very large number of little pieces of information, some of which point to Russia, some of them point to Russia very, very strongly. And eventually, I came to the conclusion that there’s no other reasonable conclusion you can make.
NPR: Why couldn’t it have been any Joe Blow sitting in their bed, as Donald Trump suggested, masquerading as Russian and putting on a good disguise here?
TAIT: So there’s two different hacks that took place. There’s one hack that was of the DNC, and there was a different hack of John Podesta.
NPR: Hillary Clinton’s campaign chairman.
TAIT: Absolutely. And there‘s a series of other smaller hacks of other Democratic members, but those are the two main hacks that took place. And the DNC hack used malware, it hacked into the DNC and placed malware on the DNC network, and we’re able to look at this malware and we’re able to analyze it and see where it talks to, which other companies have been hacked by similar malware, and quite quickly we’re able to see that this is malware that is communicating with servers that also were involved in the hack of the German parliament, the Bundestag. And one of the things that was very interesting is that this is a group we know quite well in the cybersecurity industry. This is a group called APT28. They’re very prolific. They’ve been involved in the hack of NATO organizations. They’ve been involved in the hack of journalists. They’ve been involved in the hack of people investigating the MH-17 airline that was shot down in Ukraine. And so this is a group that is so prolific that it is not really credible that this is an individual group.
NPR: Russia’s really good at this. Wouldn’t they disguise themselves better? Would Russia really want to put so many visible signs out there in the cybersecurity world that it was them and be identified?
TAIT: This wasn’t deliberate. They accidentally did this. And this is one of the problems of when you’re hacking at a really big scale, you look for efficiencies. There’s just not enough members of staff that Russia has in order to be able to hacks on this kind of scale and make sure they never screw up. What happens is that people make small mistakes, which means that when they’ve hacked a person A you might be able to say well that’s the same group, they’ve used the same malware, they’ve used the same control infrastructure as the hacker person B. Once you start to discover that there’s not just the DNC, there’s a thousand other people that have been hacked, all of whom are very narrowly tied to Russian military interests. The hacks of NATO, the hacks of the German parliament, the hacks of journalists reporting on things that Russia is not very happy about being reported on, you start quite quickly to build up this picture where in order for it to be someone else, it really has to be someone who is very prolific, who is doing this full time. There’s nobody else who would be willing to put that sort of cash, that sort of effort, into doing those types of hacks.
NPR: You said something very important there. You’re saying Russia, in your words, screwed up here.
TAIT: Absolutely. And this is normal. It’s actually very common that we see mistakes in malware, we see mistakes in hacking campaigns which allow us to work out who it was that did this.
NPR: Another major cybersecurity firm, Kaspersky Lab, very respected. We should mention Kaspersky is an NPR funder, and we do work with them on our computers. They said that there can be false flags. There can be a lack of reliable metrics. And Americans have gone through a situation with the Iraq War where there was talk of weapons of mass destruction, the intelligence community’s credibility was really called into question after that, but a President took this nation to war based on intelligence. I mean, are you absolutely certain here, or could we find later on down the road that there was some amazing hacker out there who was able to pull this off and make it look like Russia?
TAIT: One of the pieces of evidence that to me is more compelling than any other one is an email that was sent to John Podesta saying, hey we’re from Google, you need to change your password, and they sent him a link to click on. And when clicked on that link it took him to a page that wasn’t Google and asked him to input his password, and that’s how they hacked his account. But the URL shortening service that they used were able to basically look at the user that was logged in and discover all the other URLs they were shortening, and discovered this was not just the hack of John Podesta, it was the hack of a thousand people, and it becomes immediately, once you look at this, incredible to suggest this was a false flag operation. This was someone’s entire intelligence operation that was accidentally exposed due to this one error. So while false flag operations do exist and we have to always be on the lookout for them, the only plausible alternative explanation is that Russian intelligence was hacked. So it’s not credible to suggest this particular hack was a false flag operation.
NPR: It’s impossible that Russia’s intelligence community was hacked?
TAIT: In attribution, nothing is impossible, but this is about as impossible as it comes.
NPR: Matt Tait is founder and CEO of Capital Alpha Security, a cybersecurity firm in Britain. We should also note here Kaspersky Lab, whose doubts about the hack that we cited, has its headquarters in Moscow.
