President-elect Donald Trump again discounted the possibility that Russia was behind the hacking of U.S. political organizations, including the Democratic National Committee’s servers, despite evidence to the contrary.
All 16 government intelligence agencies and at least three private security firms have independently investigated the security breaches and concluded that the Russian government — in the words of the U.S. Intelligence Community — “directed” the hacking “to interfere with the US election process.”
Trump made his statement during a Nov. 28 interview with Time magazine, which named the president-elect its “Person of the Year.” In the interview, which the magazine posted to its website on Dec. 7, Trump said of Russia, “I don’t believe they interfered.” Russia has denied any involvement.
Trump, Nov. 28: It could be Russia. And it could be China. And it could be some guy in his home in New Jersey.
Trump’s latest comments are similar to those he made during the second presidential debate. They now come as some in Congress are seeking to conduct congressional investigations into the security breaches and Russia’s role in them, so we’ll look at the evidence that exists that ties Russia to the hacking of the DNC’s servers.
It was first reported on June 14 that hackers had gained access to DNC servers. The DNC announced that it had learned of the security breach six weeks earlier and hired the cybersecurity firm CrowdStrike to investigate. Shawn Henry, CEO of CrowdStrike, told MSNBC that it discovered “two separate intelligence efforts by the Russian government or operating on behalf of the Russian government.”
The next day, CrowdStrike co-founder Dmitri Alperovitch provided details of the firm’s work in a blog post on its website. He reported that CrowdStrike “immediately identified two sophisticated adversaries on the network – COZY BEAR and FANCY BEAR.” He wrote that “both adversaries engage in extensive political and economic espionage for the benefit of the government of the Russian Federation and are believed to be closely linked to the Russian government’s powerful and highly capable intelligence services.”
CrowdStrike was able to identify the two hackers because the methods and techniques that they used to attack the DNC servers and cover up their electronic tracks were similar to past cyberattacks carried out by Cozy Bear and Fancy Bear.
Alperovitch wrote that China was among the past victims of Cozy Bear and Fancy Bear — undermining Trump’s claim that China may have been behind the attack.
Malware programs used in the attacks were similar to past attacks by these same groups, as were the techniques and methods used to hide their electronic tracks.
On June 20, the Washington Post reported that at least two other cybersecurity firms — Fidelis Cybersecurity and Mandiant — conducted independent reviews of the security breach and “have seconded CrowdStrike’s conclusion.”
Washington Post, June 20: “Based on our comparative analysis, we agree with CrowdStrike and believe that the Cozy Bear and Fancy Bear . . . groups were involved in successful intrusions at the DNC,” Michael Buratowski, a senior executive at Fidelis, said in a blog post Monday.
Fidelis analyzed samples of the malicious software used in the DNC hack.
“The malware samples matched the description, form and function that was described in the CrowdStrike blog post,” Fidelis stated. “In addition, they were similar and at times identical to malware that other [research firms] have associated to these actor sets.”
Mandiant, a cyber-forensics firm owned by FireEye, based its analysis on five DNC malware samples. In a statement to The Washington Post, Mandiant researcher Marshall Heilman said that the malware and associated servers are consistent with those previously used by “APT 28 and APT 29,’’ which are Mandiant’s names for Fancy Bear and Cozy Bear, respectively.
In his blog post that day, Michael Buratowski, senior vice president for security consulting services for Fidelis, wrote that its independent review “settles the question of ‘who was responsible for the DNC attack.’”
It was disclosed in August that the Democratic Congressional Campaign Committee’s servers were also hacked, and then on Oct. 7 WikiLeaks began to release emails that were obtained from the campaign account of Clinton campaign chairman John Podesta.
On Oct. 7, the Department of Homeland Security and Office of the Director of National Intelligence on Election Security issued a joint statement saying that the U.S. Intelligence Community — which includes 16 member agencies — was “confident” that recent hacks into the email systems of the Democratic Party were directed by the Russian government.
Joint Statement, Oct. 7: The U.S. Intelligence Community (USIC) is confident that the Russian Government directed the recent compromises of e-mails from US persons and institutions, including from US political organizations. The recent disclosures of alleged hacked e-mails on sites like DCLeaks.com and WikiLeaks and by the Guccifer 2.0 online persona are consistent with the methods and motivations of Russian-directed efforts. These thefts and disclosures are intended to interfere with the US election process. Such activity is not new to Moscow—the Russians have used similar tactics and techniques across Europe and Eurasia, for example, to influence public opinion there. We believe, based on the scope and sensitivity of these efforts, that only Russia’s senior-most officials could have authorized these activities.
After the election, at a House hearing on Nov. 17, Director of National Intelligence James Clapper said the Intelligence Community did not release a statement until October — nearly four months after the DNC hack was publicly disclosed — because it wanted to have enough evidence before going public with such an allegation against Russia.
“We gave considerable thought to diming out Russia,” Clapper said. “With that statement, we waited until we felt we had sufficient basis for it and we did, both from a forensic and as well as other sources of intelligence that led us to that statement.”
U.S. intelligence officials have provided little information on how they arrived at that conclusion. NBC News quoted an unnamed government official saying that the intelligence officials were able to determine Russia’s involvement based on the “signature” of the attacks, which “hackers may not have realized they left behind.”
Seven members of the Senate Intelligence Committee sent a letter Nov. 30 to President Obama requesting more information. The letter, in full, said: “We believe there is additional information concerning the Russian Government and the U.S. election that should be declassified and released to the public. We are conveying specifics through classified channels.” Six of the seven are Democrats and one, Sen. Angus King of Maine, is an independent who caucuses with the Democrats.
In the House, Rep. Elijah Cummings, the ranking Democratic member of the House Oversight and Government Reform Committee, has called on the committee chairman to hold bipartisan hearings into Russia’s involvement in the elections. On Dec. 7, Cummings said he introduced a bill that would create an independent bipartisan commission to investigate.
So far, the effort to investigate Russia has been largely limited to Democrats. However, one Republican — Sen. Lindsey Graham of South Carolina — said on Dec. 7 that he would not only join but lead an investigation of Russia and its role in hacking into the servers of U.S. political parties and officials.
“I am going to lead the charge to investigate Russia’s role not only in the elections but throughout the world,” Graham told CNN. “… I think they’re one of the most destabilizing influences on the world stage. I think they did interfere with our elections and I want Putin personally to pay a price.”
The president-elect, of course, has a different opinion. But the evidence does not support Trump’s position.