Democratic Congressional Campaign Committee cyber attacks

Last updated

On Friday July 29, 2016 the Democratic Congressional Campaign Committee reported that its computer systems had been infiltrated. [1] It is strongly believed by US intelligence sources that the infiltrator groups are Russian foreign intelligence groups that breached the Democratic National Committee's computer systems. [2] These groups are known as Fancy Bear [3] and Cozy Bear (or "Sofacy"). [3] [4]

CrowdStrike assisted with efforts to deal with the DCCC breach. [4] There was significant concern that the Russian Government was attempting to influence the 2016 Presidential campaign. [1] [2] [5] Russian cyber intrusions into United States government and private sector computer systems significantly increased after the U.S, imposed sanctions on Russia after its invasion of the Crimea in Ukraine. It was President Obama's preference to publicize cyber attacks. [6]

See also

Related Research Articles

Cyberwarfare by Russia includes denial of service attacks, hacker attacks, dissemination of disinformation and propaganda, participation of state-sponsored teams in political blogs, internet surveillance using SORM technology, persecution of cyber-dissidents and other active measures. According to investigative journalist Andrei Soldatov, some of these activities were coordinated by the Russian signals intelligence, which was part of the FSB and formerly a part of the 16th KGB department. An analysis by the Defense Intelligence Agency in 2017 outlines Russia's view of "Information Countermeasures" or IPb as "strategically decisive and critically important to control its domestic populace and influence adversary states", dividing 'Information Countermeasures' into two categories of "Informational-Technical" and "Informational-Psychological" groups. The former encompasses network operations relating to defense, attack, and exploitation and the latter to "attempts to change people's behavior or beliefs in favor of Russian governmental objectives."

Operation Shady RAT is an ongoing series of cyber attacks starting in mid-2006 reported by Dmitri Alperovitch, Vice President of Threat Research at Internet security company McAfee in August 2011, who also led and named the Night Dragon Operation and Operation Aurora cyberespionage intrusion investigations. The attacks have hit at least 71 organizations, including defense contractors, businesses worldwide, the United Nations, and the International Olympic Committee.

<span class="mw-page-title-main">Dmitri Alperovitch</span> American computer security industry executive (born 1980)

Dmitri Mikhailovich Alperovitch is an American think-tank founder, investor, philanthropist, podcast host and former computer security industry executive. He is the chairman of Silverado Policy Accelerator, a geopolitics think-tank in Washington, D.C., and a co-founder and former chief technology officer of CrowdStrike. Alperovitch is a naturalized U.S. citizen born in Russia who came to the United States in 1994 with his family.

Cozy Bear, classified by the United States federal government as advanced persistent threat APT29, is a Russian hacker group believed to be associated with one or more intelligence agencies of Russia. The Dutch General Intelligence and Security Service (AIVD) deduced from security camera footage that it is led by the Russian Foreign Intelligence Service (SVR); this view is shared by the United States. Cybersecurity firm CrowdStrike also previously suggested that it may be associated with either the Russian Federal Security Service (FSB) or SVR. The group has been given various nicknames by other cybersecurity firms, including CozyCar, CozyDuke, Dark Halo, The Dukes, NOBELIUM, Office Monkeys, StellarParticle, UNC2452, and YTTRIUM.

Fancy Bear is a Russian cyber espionage group. Cybersecurity firm CrowdStrike has said with a medium level of confidence that it is associated with the Russian military intelligence agency GRU. The UK's Foreign and Commonwealth Office as well as security firms SecureWorks, ThreatConnect, and Mandiant, have also said the group is sponsored by the Russian government. In 2018, an indictment by the United States Special Counsel identified Fancy Bear as GRU Unit 26165. This probably refers to its Military Unit Number.

CrowdStrike Holdings, Inc. is an American cybersecurity technology company based in Austin, Texas. It provides cloud workload and endpoint security, threat intelligence, and cyberattack response services. The company has been involved in investigations of several high-profile cyberattacks, including the 2014 Sony Pictures hack, the 2015–16 cyber attacks on the Democratic National Committee (DNC), and the 2016 email leak involving the DNC.

<span class="mw-page-title-main">Democratic National Committee cyber attacks</span> 2015-16 data breaches by Russian hackers as part of US election interference

The Democratic National Committee cyber attacks took place in 2015 and 2016, in which two groups of Russian computer hackers infiltrated the Democratic National Committee (DNC) computer network, leading to a data breach. Cybersecurity experts, as well as the U.S. government, determined that the cyberespionage was the work of Russian intelligence agencies.

The 2016 Democratic National Committee email leak is a collection of Democratic National Committee (DNC) emails stolen by one or more hackers operating under the pseudonym "Guccifer 2.0" who are alleged to be Russian intelligence agency hackers, according to indictments carried out by the Mueller investigation. These emails were subsequently leaked by DCLeaks in June and July 2016 and by WikiLeaks on July 22, 2016, just before the 2016 Democratic National Convention. This collection included 19,252 emails and 8,034 attachments from the DNC, the governing body of the United States' Democratic Party. The leak includes emails from seven key DNC staff members, and date from January 2015 to May 2016. On November 6, 2016, WikiLeaks released a second batch of DNC emails, adding 8,263 emails to its collection. The emails and documents showed that the Democratic Party's national committee favored Clinton over her rival Bernie Sanders in the primaries. These releases caused significant harm to the Clinton campaign, and have been cited as a potential contributing factor to her loss in the general election against Donald Trump.

X-Agent or XAgent is a spyware and malware program designed to collect and transmit hacked files from machines running Windows, Linux, iOS, or Android, to servers operated by hackers. It employs phishing attacks and the program is designed to "hop" from device to device. In 2016, CrowdStrike identified an Android variant of the malware for the first time, and claimed that the malware targeted members of the Ukrainian military by distributing an infected version of an app to control D-30 Howitzer artillery. The Ukrainian army denied CrowdStrike's report and stated that losses of Howitzer artillery pieces had "nothing to do with the stated cause".

<span class="mw-page-title-main">Guccifer 2.0</span> Pseudonymous Russian hacker/hacker group who conducted the 2015-16 DNC data breaches

"Guccifer 2.0" is a persona which claimed to be the hacker(s) who gained unauthorized access to the Democratic National Committee (DNC) computer network and then leaked its documents to the media, the website WikiLeaks, and a conference event. Some of the documents "Guccifer 2.0" released to the media appear to be forgeries cobbled together from public information and previous hacks, which had been mixed with disinformation. According to indictments in February 2018, the persona is operated by Russian military intelligence agency GRU. On July 13, 2018, Special Counsel Robert Mueller indicted 12 GRU agents for allegedly perpetrating the cyberattacks.

<span class="mw-page-title-main">DCLeaks</span> Hacker group

DCLeaks was a website that was established in June 2016. It was responsible for publishing leaks of emails belonging to multiple prominent figures in the United States government and military. Cybersecurity research firms determined the site is a front for the Russian cyber-espionage group Fancy Bear. On July 13, 2018, an indictment was made against 12 Russian GRU military officers; it alleged that DCLeaks is part of a Russian military operation to interfere in the 2016 U.S. presidential election.

In March 2016, the personal Gmail account of John Podesta, a former White House chief of staff and chair of Hillary Clinton's 2016 U.S. presidential campaign, was compromised in a data breach accomplished via a spear-phishing attack, and some of his emails, many of which were work-related, were hacked. Cybersecurity researchers as well as the United States government attributed responsibility for the breach to the Russian cyber spying group Fancy Bear, allegedly two units of a Russian military intelligence agency.

<span class="mw-page-title-main">Russian interference in the 2016 United States elections</span>

The Russian government interfered in the 2016 U.S. presidential election with the goals of harming the campaign of Hillary Clinton, boosting the candidacy of Donald Trump, and increasing political and social discord in the United States. According to the U.S. intelligence community, the operation—code named Project Lakhta—was ordered directly by Russian president Vladimir Putin. The Special Counsel's report, made public in April 2019, examined numerous contacts between the Trump campaign and Russian officials but concluded that there was insufficient evidence to bring any conspiracy or coordination charges against Trump or his associates.

<i>The Plot to Hack America</i> Non-fiction book by Malcolm Nance

The Plot to Hack America: How Putin's Cyberspies and WikiLeaks Tried to Steal the 2016 Election is a non-fiction book by Malcolm Nance about the Russian interference in the 2016 United States elections. It was published in paperback, audiobook, and e-book formats in 2016 by Skyhorse Publishing. A second edition was also published the same year, and a third edition in 2017. Nance researched Russian intelligence, working as a Russian interpreter and studying KGB history.

<span class="mw-page-title-main">George Kurtz</span> American Billionaire & Businessman

George Kurtz is the co-founder and CEO of cybersecurity company CrowdStrike. He was also the founder of Foundstone and chief technology officer of McAfee.

<i>Assessing Russian Activities and Intentions in Recent US Elections</i> 2017 US government report

Assessing Russian Activities and Intentions in Recent US Elections is a report issued by the United States Office of the Director of National Intelligence (ODNI) that assessed the extent and basis of Russia's interference in United States' elections in 2016. Published on January 6, 2017, the report includes an assessment by the National Security Agency, the Central Intelligence Agency, and the Federal Bureau of Investigation of the type and breadth of actions undertaken by Russia and affiliated elements during the elections. The report examines Russia's utilization of cyberspace such as hacking and the use of internet trolls and bots, and an intensive media campaign to influence public opinion in the United States. Additionally, it analyzes Russia's intentions and motivations in regards to their influence campaign. Issued in two forms, a classified version and a declassified version, the report drew its conclusions based on highly classified intelligence, an understanding of past Russian actions, and sensitive sources and methods.

<span class="mw-page-title-main">Topical timeline of Russian interference in the 2016 United States elections</span>

This is a timeline of events related to Russian interference in the 2016 United States elections, sorted by topics. It also includes events described in investigations into the many suspicious links between Trump associates and Russian officials and spies. Those investigations continued in 2017, the first and second halves of 2018, and 2019, largely as parts of the Crossfire Hurricane FBI investigation, the Special Counsel investigation, multiple ongoing criminal investigations by several State Attorneys General, and the investigation resulting in the Inspector General report on FBI and DOJ actions in the 2016 election.

Dmitri Sergeyevich Badin is a Russian intelligence officer and hacker. He is said to have penetrated computer systems of several governments and international organizations on behalf of the Russian state military intelligence service GRU. Badin is wanted by the US Federal Bureau of Investigation and the German federal prosecutor Generalbundesanwalt. He is suspected of being a member of the Sofacy Group.

Michael A. Sussmann is an American former federal prosecutor and a former partner at the law firm Perkins Coie, who focused on privacy and cybersecurity law. Sussmann represented the Democratic National Committee (DNC) and retained CrowdStrike to examine its servers after two Russian hacker groups penetrated DNC networks and stole information during the 2016 U.S. elections.

<span class="mw-page-title-main">2016 United States election leaks</span> Leaks during the 2016 U.S. elections

The 2016 United States election leaks were a series of publications of more than 150,000 stolen emails and other files during the U.S. presidential election campaigns released by Guccifer 2.0, DCLeaks and WikiLeaks. Computer hackers affiliated with the Russian military intelligence service (GRU) infiltrated information systems of the Democratic National Committee (DNC), the Democratic Congressional Campaign Committee (DCCC), and Clinton campaign officials, notably chairman John Podesta, and leaked some of the stolen materials. Emails from Guccifer 2.0 to journalists suggest a link to DCLeaks, and messages WikiLeaks exchanged with Guccifer 2.0 and DCLeaks suggest both submitted emails to WikiLeaks.

References

  1. 1 2 Litchblau, Eric (29 July 2016). "Computer Systems Used by Clinton Campaign Are Said to Be Hacked, Apparently by Russians". The New York Times. New York City. Retrieved 31 July 2016.
  2. 1 2 Woodruff, Judy (29 July 2016). "Clinton's campaign and the DCCC are cyber hacked — was it the Russians?". PBS Newshour.
  3. 1 2 Brewster, Thomas (July 27, 2016). "DNC Launches Fresh Hack Probe As Russia Continues To Take Blame". Forbes.com . Retrieved August 5, 2016. "...linked the DNC attack to a Russian hacker group that went by many names, including Sofacy and Fancy Bear."
  4. 1 2 Ward, Vicky (October 24, 2016). "The Man Leading America's Fight Against Russian Hackers Is Putin's Worst Nightmare". Esquire.
  5. Alperovitch, Dmitri (15 June 2016). "Bears in the Midst: Intrusion into the Democratic National Committee". From The Front Lines. CrowdStrike, Inc. Retrieved 22 July 2016.Note: Dmitri Alperovitch is a CrowdStrike co-founder, CTO, and cybersecurity expert.
  6. Harris, Shane (8 April 2015). "Obama to Putin: Stop Hacking Me". The Daily Beast. Retrieved 31 July 2016.