Democratic National Committee cyber attacks: Difference between revisions

Browse history interactively

← Previous edit Next edit →

Content deleted Content added

VisualWikitext

Revision as of 01:59, 30 September 2023 edit Steve Quinn (talk \| contribs) Autopatrolled, Extended confirmed users, New page reviewers, Pending changes reviewers 39,256 edits →‎Background: ce ← Previous edit		Revision as of 15:35, 5 June 2024 edit undo GCarty (talk \| contribs) Extended confirmed users 16,941 edits removed Category:Russian intelligence agencies using HotCat as inappropriate (Category:Russia intelligence operations would be appropriate, but is a supercat of Category:Russian interference in the 2016 United States elections) Next edit →
(20 intermediate revisions by 12 users not shown)
Line 8: Forensic evidence analyzed by several [[cybersecurity\|cybersecurity firms]], [[CrowdStrike]], [[Fidelis Security Systems (company)\|Fidelis]], and [[Mandiant]] (or [[FireEye]]), strongly indicated that two [[Russian Federation\|Russian]] intelligence agencies separately infiltrated the DNC computer systems. CrowdStrike, which removed the hacking programs, revealed a history of encounters with both groups and had already named them, calling one of them [[Cozy Bear]] and the other [[Fancy Bear]], names which are used in the media.<ref name=thomas>{{cite news\|last=Rid\|first=Thomas\|title=All Signs Point to Russia Being Behind the DNC Hack\|newspaper=Motherboard\|publisher=Vice Media\|date=July 25, 2016\|url=http://motherboard.vice.com/read/all-signs-point-to-russia-being-behind-the-dnc-hack\|access-date=July 27, 2016}}</ref><ref name=nakashima/><ref name=sanger/><ref name=alperovitch/><ref name="auto">{{cite news \|last1=Sanger \|first1=David E. \|last2=Schmitt \|first2=Eric \|date=July 26, 2016 \|title=Spy Agency Consensus Grows That Russia Hacked D.N.C. \|url=https://www.nytimes.com/2016/07/27/us/politics/spy-agency-consensus-grows-that-russia-hacked-dnc.html \|newspaper=New York Times\|access-date=July 27, 2016}}</ref> On December 9, 2016, the [[Central Intelligence Agency\|CIA]] told U.S. legislators that the [[United States Intelligence Community\|U.S. Intelligence Community]] had concluded Russia conducted the [[Russian interference in the 2016 United States elections\|cyberattacks and other operations during the 2016 U.S. election]] to assist [[Donald Trump]] in winning the presidency.<ref name=secretcia /> Multiple U.S. intelligence agencies concluded that specific individuals tied to the Russian government provided WikiLeaks with stolen emails from the DNC, as well as stolen emails from [[Hillary Clinton]]'s campaign chairman, who was also the target of [[Podesta emails\|a cyberattack]].<ref name=secretcia /> These intelligence organizations additionally concluded Russia hacked the [[Republican National Committee]] (~~R.N.C.~~RNC) as well as the ~~D.N.C.~~DNC, but chose not to leak information obtained from the ~~R.N.C~~RNC.<ref name=russiahackedrepublican /> == Cyber attacks and responsibility== Cyber attacks that successfully penetrated the DNC computing system began in 2015. Attacks by "Cozy Bear" began in the summer of 2015. Attacks by "Fancy Bear" began in April 2016. It was after the "Fancy Bear" group began their activities that the compromised system became apparent. The groups were presumed to have been spying on communications, stealing [[opposition research]] on [[Donald Trump]], as well as reading all [[email]] and chats. Both were finally identified by CrowdStrike in May 2016. Both groups of intruders were successfully expelled from the DNC systems within hours after detection. These attacks were part of a group of attacks targeting U.S. government departments and several political organizations, including 2016 campaign organizations.<ref name=thomas/><ref name=nakashima/><ref name=sanger/><ref name=alperovitch/><ref name="auto"/> On July 22, 2016, a person or entity going by the moniker "[[Guccifer 2.0]]" claimed on a [[WordPress]]-hosted blog to have been acting alone in hacking the DNC.<ref>{{cite web\|last1=Uchill\|first1=Joe\|title=Evidence mounts linking DNC email hacker to Russia\|url=~~http~~https://thehill.com/business-a-lobbying/289296-guccifer-20-used-russian-language-vpns-to-leak-documents/\|work=The Hill\|access-date=July 31, 2016\|date=July 26, 2016}}</ref><ref>{{Cite web\|url=~~http~~https://thehill.com/policy/cybersecurity/288883-wikileaks-posts-20000-dnc-emails/\|title=WikiLeaks posts 20,000 DNC emails\|last=Uchill\|first=Joe\|date=July 22, 2016\|website=[[The Hill (newspaper)\|The Hill]]\|access-date=August 7, 2016}}</ref> He also claimed to send significant amounts of stolen electronic DNC documents to [[WikiLeaks]]. WikiLeaks has not revealed the source for their [[2016 Democratic National Committee email leak\|leaked emails]].<ref>{{Cite web\|url=http://sanfrancisco.cbslocal.com/2016/07/22/hilary-leaks-wikileaks-releases-democratic-national-committee-emails/\|title=WikiLeaks' DNC Email Leak Reveals Off The Record Media Correspondence\|date=July 22, 2016\|website=[[CBS News]]\|publisher=SanFrancisco.cbslocal.com\|access-date=August 3, 2016}}</ref> However, [[cybersecurity]] experts and firms, including [[CrowdStrike]], [[Fidelis Cybersecurity]], [[Mandiant]], [[SecureWorks]], [[ThreatConnect]], and the editor for [[Ars Technica]], have rejected the claims of "Guccifer 2.0" and have determined, on the basis of substantial evidence, that the cyberattacks were committed by two Russian state-sponsored groups (Cozy Bear and Fancy Bear).<ref> {{cite web\|last1=Goodin\|first1=Dan\|title="Guccifer" leak of DNC Trump research has a Russian's fingerprints on it\|url=https://arstechnica.com/security/2016/06/guccifer-leak-of-dnc-trump-research-has-a-russians-fingerprints-on-it/\|website=arstechnica\|access-date=June 16, 2016\|date=June 16, 2016}} {{cite web\|last1=Shieber\|first1=Jonathan\|last2=Conger\|first2=Kate\|title=Did Russian government hackers leak the DNC emails?\|url=https://techcrunch.com/2016/07/26/russia-dnc-hack/\|website=TechCrunch\|date=July 26, 2016 \|access-date=July 26, 2016}} Line 55: \| access-date =July 22, 2016 }} '''Note:''' This news article is licensed under a Creative Commons Attribution-Share Alike 3.0 License</ref> President Obama and Russian President [[Vladimir Putin]] had a discussion about [[computer security]] issues, which took place as a side discussion during the [[2016 G20 Hangzhou summit\|then-ongoing G20 summit]] in China in September 2016. Obama said Russian hacking stopped after his warning to Putin.<ref>{{Cite news\|url=http://www.politico.com/story/2016/12/obama-putin-232754 \|title=Obama says he told Putin to 'cut it out' on Russia hacking \|date=December 16, 2016\|newspaper=Politico}}</ref> In a joint statement on October 7, 2016, the [[United States Department of Homeland Security]] and the Office of the Director of National Intelligence stated that the US intelligence community is confident that the Russian government directed the breaches and the release of the obtained material in an attempt to "… interfere with the US election process."<ref name="Nakashima">{{cite news\|last1=Nakashima\|first1=Ellen\|title=US government officially accuses Russia of hacking campaign to interfere with elections\|url=https://www.washingtonpost.com/world/national-security/us-government-officially-accuses-russia-of-hacking-campaign-to-influence-elections/2016/10/07/4e0b9654-8cbf-11e6-875e-2c1bfe943b66_story.html\|newspaper=The Washington Post\|access-date=October 7, 2016}}</ref><ref name="Ackerman_Thielman">{{cite web\|last1=Ackerman\|first1=Spencer\|last2=Thielman\|first2=Sam\|title=US officially accuses Russia of hacking DNC and interfering with election\|url=https://www.theguardian.com/technology/2016/oct/07/us-russia-dnc-hack-interfering-presidential-election\|website=The Guardian\|access-date=October 7, 2016}}</ref><ref>{{Cite web\|url=http://www.cnn.com/2016/10/07/politics/us-blames-russia-for-targeting-election-systems/index.html\|title=US accuses Russia of trying to interfere with 2016 election\|author=Evan Perez and Theodore Schleifer\|website=CNN\|date=October 7, 2016\|access-date=October 7, 2016}}</ref> Line 77: \| date =May 18, 2016 \| url =https://www.washingtonpost.com/world/national-security/national-intelligence-director-hackers-have-tried-to-spy-on-2016-presidential-campaigns/2016/05/18/2b1745c0-1d0d-11e6-b6e0-c53b7ef63b45_story.html \| access-date =July 22, 2016}}</ref> Both "Cozy Bear" and "Fancy Bear" are known adversaries of the United States, who have extensively engaged in political and economic espionage that benefits the [[Russian Federation]] government. Both groups are believed to be connected to the Russian intelligence services. Also, both access resources and demonstrate levels of proficiency matching nation-state capabilities.{{Citation needed\|date=October 2023}} "Cozy Bear" has in the past year infiltrated unclassified computer systems of the [[White House]], the [[U.S. State Department]], and the [[U.S. Joint Chiefs of Staff]]. According to [[CrowdStrike]], other targeted sectors include''':''' Defense, Energy, [[Mining industry\|Mining]], Financial, Insurance, Legal, Manufacturing, Media, [[Think tank]]s, Pharmaceutical, [[Research]] and [[Technology]] industries as well as universities. "Cozy Bear" observed attacks have occurred in [[Western Europe]], Brazil, [[China]], Japan, Mexico, [[New Zealand]], South Korea, [[Turkey]] and [[Central Asia]].<ref name=nakashima/><ref name=alperovitch/> Line 84: == Hacking the DNC == On January 25, 2018, [[Netherlands\|Dutch]] newspaper [[de Volkskrant]] and TV program [[Nieuwsuur]] reported that in 2014 and 2015, the Dutch Intelligence agency [[General Intelligence and Security Service]] (AIVD) had successfully infiltrated the computers of [[Cozy Bear]] and observed the hacking of the head office of the State Department and subsequently the White House, as well as the Democratic Party, and were the first to alert the [[National Security Agency]] about the cyber-intrusion.<ref>{{cite news \|date=January 25, 2018 \|first=Huib \|last=Modderkolk\|url=https://www.volkskrant.nl/wetenschap/dutch-agencies-provide-crucial-intel-about-russia-s-interference-in-us-elections~b4f8111b/\|title=Dutch agencies provide crucial intel about Russia's interference in US-elections\|work=De Volkskrant\|access-date=July 30, 2018\|archive-url=https://web.archive.org/web/20180730030813/https://www.volkskrant.nl/wetenschap/dutch-agencies-provide-crucial-intel-about-russia-s-interference-in-us-elections~b4f8111b/\|archive-date=July 30, 2018\|url-status=live}}</ref><ref name="Rosenthal_1/25/2018">{{cite web \| last=Rosenthal \| first=Eelco Bosch van \| title=Dutch intelligence first to alert U.S. about Russian hack of Democratic Party \| website=NOS.nl \| date=January 25, 2018 \| url=https://nos.nl/nieuwsuur/artikel/2213767-dutch-intelligence-first-to-alert-u-s-about-russian-hack-of-democratic-party \| language=nl \| access-date=September 29, 2023}}</ref> In ~~early~~ 2015, the NSA apprised the FBI and other agencies of the DNC intrusions which the Dutch had secretly detected, and on August 15, 2015, the Washington field office first alerted DNC technical staff of the compromise of their systems.<ref>Miller, Greg (2018). ''The Apprentice: Trump, Russia and the Subversion of American Democracy.'' New York: Custom House. p.20. {{ISBN\|978-0-06-280370-2}}.</ref> Much later, the lack of higher level communications between the ~~political party~~DNC and the ~~government~~FBI was seen by the ~~former~~DNC as an "unfathomable lapse" and it wasn't until April 2016 when legal authorizations to share sensitive technical data with the government finally apprised DNC leaders that their systems had been penetrated.<ref>Miller, 2018, p. 24.</ref> "Cozy Bear" had access to DNC systems since the summer of 2015; and "Fancy Bear", since April 2016. There was no evidence of collaboration or knowledge of the other's presence within the system. Rather, the "two Russian espionage groups compromised the same systems and engaged separately in the theft of identical credentials".<ref name=alperovitch/><ref name=ecfr/><ref name=npr> Line 119: \| publisher =Capitol Hill Publishing Corp. \| date =July 13, 2015 \| url =~~http~~https://thehill.com/policy/cybersecurity/287558-guccifer-20-drops-new-dnc-docs/ \| access-date =July 27, 2016 }}</ref> Line 125: {{Main\|Guccifer 2.0}} {{Main\|2016 Democratic National Committee email leak}} In June 2016, a person or person(s) claimed to be the hacker who had hacked the DNC servers and then published the stolen documents online.<ref name="Kopan">Tal Kopan,{{Cite web\|url=http://edition.cnn.com/2016/06/21/politics/dnc-hack-russians-guccifer-claims/index.html\|last=Kopan\|first=Tal\|title=DNC hack: What you need to know\|date=June 21, 2016\|website=CNN}}</ref> "Guccifer 2.0" later also claimed to have leaked 20.000 emails to [[WikiLeaks]].<ref>{{Cite web\|url=~~http~~https://thehill.com/policy/cybersecurity/288883-wikileaks-posts-20000-dnc-emails/\|title=WikiLeaks posts 20,000 DNC emails\|last=Uchill\|first=Joe\|date=July 22, 2016\|website=The Hill\|language=en-US\|access-date=July 24, 2016}}</ref><ref>{{Cite web\|url=https://theintercept.com/2016/07/22/new-leak-top-dnc-official-wanted-to-use-bernie-sanderss-religious-beliefs-against-him/\|title=New Leak: Top DNC Official Wanted to Use Bernie Sanders's Religious Beliefs Against Him\|last=Biddle\|first=Sam\|website=The Intercept\|date=July 22, 2016\|publisher=en-US\|access-date=July 24, 2016}}</ref> ==U.S. intelligence conclusions== Line 184: [[Category:Democratic National Committee]] [[Category:Espionage]] ~~[[Category:Russian intelligence agencies]]~~ [[Category:2015 scandals]] [[Category:2016 scandals]]