Trump–Russia relations |
---|
The Democratic National Committee cyber attacks took place in 2015 and 2016, [1] in which two groups of Russian computer hackers infiltrated the Democratic National Committee (DNC) computer network, leading to a data breach. Cybersecurity experts, as well as the U.S. government, determined that the cyberespionage was the work of Russian intelligence agencies.
Forensic evidence analyzed by several cybersecurity firms, CrowdStrike, Fidelis, and Mandiant (or FireEye), strongly indicated that two Russian intelligence agencies separately infiltrated the DNC computer systems. CrowdStrike, which removed the hacking programs, revealed a history of encounters with both groups and had already named them, calling one of them Cozy Bear and the other Fancy Bear, names which are used in the media. [2] [3] [4] [5] [6]
On December 9, 2016, the CIA told U.S. legislators that the U.S. Intelligence Community had concluded Russia conducted the cyberattacks and other operations during the 2016 U.S. election to assist Donald Trump in winning the presidency. [7] Multiple U.S. intelligence agencies concluded that specific individuals tied to the Russian government provided WikiLeaks with stolen emails from the DNC, as well as stolen emails from Hillary Clinton's campaign chairman, who was also the target of a cyberattack. [7] These intelligence organizations additionally concluded Russia hacked the Republican National Committee (RNC) as well as the DNC, but chose not to leak information obtained from the RNC. [8]
Cyber attacks that successfully penetrated the DNC computing system began in 2015. Attacks by "Cozy Bear" began in the summer of 2015. Attacks by "Fancy Bear" began in April 2016. It was after the "Fancy Bear" group began their activities that the compromised system became apparent. The groups were presumed to have been spying on communications, stealing opposition research on Donald Trump, as well as reading all email and chats. Both were finally identified by CrowdStrike in May 2016. Both groups of intruders were successfully expelled from the DNC systems within hours after detection. These attacks were part of a group of attacks targeting U.S. government departments and several political organizations, including 2016 campaign organizations. [2] [3] [4] [5] [6]
On July 22, 2016, a person or entity going by the moniker "Guccifer 2.0" claimed on a WordPress-hosted blog to have been acting alone in hacking the DNC. [9] [10] He also claimed to send significant amounts of stolen electronic DNC documents to WikiLeaks. WikiLeaks has not revealed the source for their leaked emails. [11] However, cybersecurity experts and firms, including CrowdStrike, Fidelis Cybersecurity, Mandiant, SecureWorks, ThreatConnect, and the editor for Ars Technica, have rejected the claims of "Guccifer 2.0" and have determined, on the basis of substantial evidence, that the cyberattacks were committed by two Russian state-sponsored groups (Cozy Bear and Fancy Bear). [12]
According to separate reports in The New York Times and The Washington Post, U.S. intelligence agencies have concluded with "high confidence" [13] that the Russian government was behind the theft of emails and documents from the DNC. [13] [14] While the U.S. intelligence community has concluded that Russia was behind the cyberattack, intelligence officials told The Washington Post that they had "not reached a conclusion about who passed the emails to WikiLeaks" and so did not know "whether Russian officials directed the leak." [14] A number of experts and cybersecurity analysts believe that "Guccifer 2.0" is probably a Russian government disinformation cover story to distract attention away from the DNC breach by the two Russian intelligence agencies. [2] [3] [4] [5] [15]
President Obama and Russian President Vladimir Putin had a discussion about computer security issues, which took place as a side discussion during the then-ongoing G20 summit in China in September 2016. Obama said Russian hacking stopped after his warning to Putin. [16]
In a joint statement on October 7, 2016, the United States Department of Homeland Security and the Office of the Director of National Intelligence stated that the US intelligence community is confident that the Russian government directed the breaches and the release of the obtained material in an attempt to "… interfere with the US election process." [17] [18] [19]
As is common among Russian intelligence services, both groups used similar hacking tools and strategies. It is believed that neither group was aware of the other. This type of operation is antithetical to American computer intelligence methods, for fear of undermining or defeating intelligence operations of the other. However, this has been common practice for the Russian intelligence community since 2004. [3] [5] [20]
This intrusion was part of several attacks attempting to access information from American political organizations, including the 2016 U.S. presidential campaigns. [21] Both "Cozy Bear" and "Fancy Bear" are known adversaries of the United States, who have extensively engaged in political and economic espionage that benefits the Russian Federation government. Both groups are believed to be connected to the Russian intelligence services. Also, both access resources and demonstrate levels of proficiency matching nation-state capabilities.[ citation needed ]
"Cozy Bear" has in the past year infiltrated unclassified computer systems of the White House, the U.S. State Department, and the U.S. Joint Chiefs of Staff. According to CrowdStrike, other targeted sectors include: Defense, Energy, Mining, Financial, Insurance, Legal, Manufacturing, Media, Think tanks, Pharmaceutical, Research and Technology industries as well as universities. "Cozy Bear" observed attacks have occurred in Western Europe, Brazil, China, Japan, Mexico, New Zealand, South Korea, Turkey and Central Asia. [3] [5]
"Fancy Bear" has been operating since the mid-2000s. CrowdStrike reported targeting has included Aerospace, Defense, Energy, Government and the Media industries. "Fancy Bear" intrusions have occurred in United States, Western Europe, Brazil, Canada, China, Republic of Georgia, Iran, Japan, Malaysia and South Korea. Targeted defense ministries and military organizations parallel Russian Federation government interests. This may indicate affiliation with the Main Intelligence Directorate (GRU, a Russian military intelligence service). Specifically, "Fancy Bear" has been linked to intrusions into the German Bundestag and France's TV5 Monde (television station) in April 2015. [3] [5] SecureWorks, a cybersecurity firm headquartered in the United States, concluded that from March 2015 to May 2016, the "Fancy Bear" target list included not merely the DNC, but tens of thousands of foes of Putin and the Kremlin in the United States, Ukraine, Russia, Georgia, and Syria. Only a handful of Republicans were targeted, however. [22]
On January 25, 2018, Dutch newspaper de Volkskrant and TV program Nieuwsuur reported that in 2014 and 2015, the Dutch Intelligence agency General Intelligence and Security Service (AIVD) had successfully infiltrated the computers of Cozy Bear and observed the hacking of the head office of the State Department and subsequently the White House, as well as the Democratic Party, and were the first to alert the National Security Agency about the cyber-intrusion. [23] [24]
In 2015, the NSA apprised the FBI and other agencies of the DNC intrusions which the Dutch had secretly detected, and on August 15, 2015, the Washington field office first alerted DNC technical staff of the compromise of their systems. [25] Much later, the lack of higher level communications between the DNC and the FBI was seen by the DNC as an "unfathomable lapse" and it wasn't until April 2016 when legal authorizations to share sensitive technical data with the government finally apprised DNC leaders that their systems had been penetrated. [26]
"Cozy Bear" had access to DNC systems since the summer of 2015; and "Fancy Bear", since April 2016. There was no evidence of collaboration or knowledge of the other's presence within the system. Rather, the "two Russian espionage groups compromised the same systems and engaged separately in the theft of identical credentials". [5] [20] [27] "Cozy Bear" employed the "Sea Daddy" implant and an obfuscated PowerShell script as a backdoor, launching malicious code at various times and in various DNC systems. "Fancy Bear" employed X Agent malware, which enabled distant command execution, transmissions of files and keylogging, as well as the "X-Tunnel" malware.
DNC leaders became aware of the compromise in April 2016. These attacks broadly reflect Russian government interest in the U.S. political system, as well as political leaders' policies, tendencies and proclivities while assessing possible beneficial outcomes. The attacks also broadly reflect Russian government interest in the strategies, policies, and practices of the U.S. Government. This also globally reflects foreign governments' interest in ascertaining information on Donald Trump as a new entry into U.S. political leadership roles, in contrast to information likely to have been garnered over the decades pertaining to the Clintons. [3] [5]
The DNC commissioned the cybersecurity company CrowdStrike to defeat the intrusions. Its chief technology officer, Dmitri Alperovitch, who is also a cybersecurity expert, stated:
CrowdStrike stands fully by its analysis and findings identifying two separate Russian intelligence-affiliated adversaries present in the DNC network in May 2016[...] We've had lots of experience with both of these actors attempting to target our customers in the past and know them well. In fact, our team considers them some of the best adversaries out of all the numerous nation-state, criminal and hacktivist/terrorist groups we encounter on a daily basis. Their tradecraft is superb, operational security second to none and the extensive usage of 'living-off-the-land' techniques enables them to easily bypass many security solutions they encounter. [5]
Other cybersecurity firms, Fidelis Cybersecurity and FireEye, independently reviewed the malware and came to the same conclusion as CrowdStrike —that expert Russian hacking groups were responsible for the breach. [28] In November 2017, US authorities identified 6 Russian individuals who conducted the hack. [29] Beginning in December 2016 the Russian government arrested Sergei Mikhailov, a high ranking government cyber-spy, Ruslan Stoyanov, a private sector cyber-security expert, Georgy Fomchenkov, a former government cyber-spy, and Dmitry Dokuchaev, a Mikhailov associate and charged them with aiding U.S. intelligence agencies which the New York Times associated with the DNC hacking. [30] [31]
Although the DNC claimed that no personal, financial, or donor information was accessed, "Guccifer 2.0" leaked what he or they claimed were donor lists detailing DNC campaign contributions to Gawker and The Smoking Gun. [32] [33] However, this information has not been authenticated, and doubts remain about Guccifer 2.0's backstory. [34]
In June 2016, a person or person(s) claimed to be the hacker who had hacked the DNC servers and then published the stolen documents online. [35] "Guccifer 2.0" later also claimed to have leaked 20.000 emails to WikiLeaks. [36] [37]
The U.S. Intelligence Community tasked resources debating why Putin chose summer 2016 to escalate active measures influencing U.S. politics. [38] Director of National Intelligence James R. Clapper said after the 2011–13 Russian protests that Putin's confidence in his viability as a politician was damaged, and Putin responded with the propaganda operation. [38] Former CIA officer Patrick Skinner explained the goal was to spread uncertainty. [39] U.S. Congressman Adam Schiff, Ranking Member of the House Permanent Select Committee on Intelligence, commented on Putin's aims, and said U.S. intelligence agencies were concerned with Russian propaganda. [38] Speaking about disinformation that appeared in Hungary, Slovakia, the Czech Republic, and Poland, Schiff said there was an increase of the same behavior in the U.S. [38] Schiff concluded Russian propaganda operations would continue against the U.S. after the election. [38]
On December 9, 2016, the CIA told U.S. legislators the U.S. Intelligence Community concluded Russia conducted operations during the 2016 U.S. election to assist Donald Trump in winning the presidency. [7] [40] [41] Multiple U.S. intelligence agencies concluded people with specific individuals tied to the Russian government gave WikiLeaks hacked emails from the Democratic National Committee (D.N.C.) and additional sources such as John Podesta, campaign chairman for Hillary Clinton. [7] These intelligence organizations additionally concluded Russia hacked the Republican National Committee (R.N.C.) as well as the D.N.C.—and chose not to leak information obtained from the R.N.C. [8] The CIA said the foreign intelligence agents were Russian operatives previously known to the U.S. [7] CIA officials told U.S. Senators it was "quite clear" Russia's intentions were to help Trump. [40] Trump released a statement December 9, and disregarded the CIA conclusions. [7]
A senior law enforcement official told CNN:
The FBI repeatedly stressed to DNC officials the necessity of obtaining direct access to servers and data, only to be rebuffed until well after the initial compromise had been mitigated...These actions caused significant delays and inhibited the FBI from addressing the intrusion earlier. [1]
The FBI therefore had to rely on an assessment from CrowdStrike instead, [1] who were hired by the DNC to investigate the cyber attacks. [42]
Members of the U.S. Senate Intelligence Committee traveled to Ukraine and Poland in 2016 and learned about Russian operations to influence their affairs. [43] U.S. Senator Angus King told the Portland Press Herald that tactics used by Russia during the 2016 U.S. election were analogous to those used against other countries. [43] On November 30, 2016, King joined a letter in which seven members of the U.S. Senate Intelligence Committee asked President Obama to publicize more information from the intelligence community on Russia's role in the U.S. election. [43] [44] In an interview with CNN, King warned against ignoring the problem, saying it was a bipartisan issue. [45]
Representatives in the U.S. Congress took action to monitor the National security of the United States by advancing legislation to monitor propaganda. [46] [47] On November 30, 2016, legislators approved a measure within the National Defense Authorization Act to ask the U.S. State Department to act against propaganda with an inter-agency panel. [46] [47] The legislation authorized funding of $160 million over a two-year-period. [46] The initiative was developed through a bipartisan bill, the Countering Foreign Propaganda and Disinformation Act, written by U.S. Senators Rob Portman (Republican) and Chris Murphy (Democrat). [46] Portman urged more U.S. government action to counter propaganda. [46] Murphy said after the election it was apparent the U.S. needed additional tactics to fight Russian propaganda. [46] U.S. Senate Intelligence Committee member Ron Wyden said frustration over covert Russian propaganda was bipartisan. [46]
Republican U.S. Senators stated they planned to hold hearings and investigate Russian influence on the 2016 U.S. elections. [48] By doing so they went against the preference of incoming Republican President-elect Donald Trump, who downplayed any potential Russian meddling in the election. [48] U.S. Senate Armed Services Committee Chairman John McCain and U.S. Senate Intelligence Committee Chairman Richard Burr discussed plans for collaboration on investigations of Russian cyberwarfare during the election. [48] U.S. Senate Foreign Relations Committee Chairman Bob Corker planned a 2017 investigation. [48] Senator Lindsey Graham indicated he would conduct a sweeping investigation in the 115th Congress. [48]
On December 9, 2016, President Obama ordered the entire United States Intelligence Community to conduct an investigation into Russia's attempts to influence the 2016 U.S. election — and provide a report before he left office on January 20, 2017. [49] [50] [51] Lisa Monaco, U.S. Homeland Security Advisor and chief counterterrorism advisor to the president, announced the study, and said the intrusion of a foreign nation into a U.S. national election was an unprecedented event that would necessitate further investigation by subsequent administrations in the executive branch. [49] The intelligence analysis will take into account data from the last three presidential elections in the U.S. [50] Evidence showed malicious cyberwarfare during the 2008 and 2016 U.S. elections. [50]
Cyberwarfare by Russia includes denial of service attacks, hacker attacks, dissemination of disinformation and propaganda, participation of state-sponsored teams in political blogs, internet surveillance using SORM technology, persecution of cyber-dissidents and other active measures. According to investigative journalist Andrei Soldatov, some of these activities were coordinated by the Russian signals intelligence, which was part of the FSB and formerly a part of the 16th KGB department. An analysis by the Defense Intelligence Agency in 2017 outlines Russia's view of "Information Countermeasures" or IPb as "strategically decisive and critically important to control its domestic populace and influence adversary states", dividing 'Information Countermeasures' into two categories of "Informational-Technical" and "Informational-Psychological" groups. The former encompasses network operations relating to defense, attack, and exploitation and the latter to "attempts to change people's behavior or beliefs in favor of Russian governmental objectives."
Cozy Bear, classified by the United States federal government as advanced persistent threat APT29, is a Russian hacker group believed to be associated with one or more intelligence agencies of Russia. The Dutch General Intelligence and Security Service (AIVD) deduced from security camera footage that it is led by the Russian Foreign Intelligence Service (SVR), a view shared by the United States. Cybersecurity firm CrowdStrike also previously suggested that it may be associated with either the Russian Federal Security Service (FSB) or SVR. The group has been given various nicknames by other cybersecurity firms, including CozyCar, CozyDuke, Dark Halo, The Dukes, Midnight Blizzard, NOBELIUM, Office Monkeys, StellarParticle, UNC2452, and YTTRIUM.
Fancy Bear is a Russian cyber espionage group. Cybersecurity firm CrowdStrike has said with a medium level of confidence that it is associated with the Russian military intelligence agency GRU. The UK's Foreign and Commonwealth Office as well as security firms SecureWorks, ThreatConnect, and Mandiant, have also said the group is sponsored by the Russian government. In 2018, an indictment by the United States Special Counsel identified Fancy Bear as GRU Unit 26165. This refers to its unified Military Unit Number of the Russian army regiments. The headquarters of Fancy Bear and the entire military unit, which reportedly specializes in state-sponsored cyberattacks and decryption of hacked data, were targeted by Ukrainian drones on July 24, 2023, the rooftop on an adjacent building collapsed as a result of the explosion.
CrowdStrike Holdings, Inc. is an American cybersecurity technology company based in Austin, Texas. It provides endpoint security, threat intelligence, and cyberattack response services.
The 2016 Democratic National Committee email leak is a collection of Democratic National Committee (DNC) emails stolen by one or more hackers operating under the pseudonym "Guccifer 2.0" who are alleged to be Russian intelligence agency hackers, according to indictments carried out by the Mueller investigation. These emails were subsequently leaked by DCLeaks in June and July 2016 and by WikiLeaks on July 22, 2016, just before the 2016 Democratic National Convention. This collection included 19,252 emails and 8,034 attachments from the DNC, the governing body of the United States Democratic Party. The leak includes emails from seven key DNC staff members dating from January 2015 to May 2016. On November 6, 2016, WikiLeaks released a second batch of DNC emails, adding 8,263 emails to its collection. The emails and documents showed that the Democratic Party's national committee favored Clinton over her rival Bernie Sanders in the primaries. These releases caused significant harm to the Clinton campaign, and have been cited as a potential contributing factor to her loss in the general election against Donald Trump.
"Guccifer 2.0" is a persona which claimed to be the hacker(s) who gained unauthorized access to the Democratic National Committee (DNC) computer network and then leaked its documents to the media, the website WikiLeaks, and a conference event. Some of the documents "Guccifer 2.0" released to the media appear to be forgeries cobbled together from public information and previous hacks, which had been mixed with disinformation. According to indictments in February 2018, the persona is operated by Russian military intelligence agency GRU. On July 13, 2018, Special Counsel Robert Mueller indicted 12 GRU agents for allegedly perpetrating the cyberattacks.
On Friday July 29, 2016 the Democratic Congressional Campaign Committee reported that its computer systems had been infiltrated. It is strongly believed by US intelligence sources that the infiltrator groups are Russian foreign intelligence groups that breached the Democratic National Committee's computer systems. These groups are known as Fancy Bear and Cozy Bear.
DCLeaks was a website that was established in June 2016. It was responsible for publishing leaks of emails belonging to multiple prominent figures in the United States government and military. Cybersecurity research firms determined the site is a front for the Russian cyber-espionage group Fancy Bear. On July 13, 2018, an indictment was made against 12 Russian GRU military officers; it alleged that DCLeaks is part of a Russian military operation to interfere in the 2016 U.S. presidential election.
In March 2016, the personal Gmail account of John Podesta, a former White House chief of staff and chair of Hillary Clinton's 2016 U.S. presidential campaign, was compromised in a data breach accomplished via a spear-phishing attack, and some of his emails, many of which were work-related, were hacked. Cybersecurity researchers as well as the United States government attributed responsibility for the breach to the Russian cyber spying group Fancy Bear, allegedly two units of a Russian military intelligence agency.
The Russian government conducted foreign electoral interference in the 2016 United States elections with the goals of sabotaging the presidential campaign of Hillary Clinton, boosting the presidential campaign of Donald Trump, and increasing political and social discord in the United States. According to the U.S. intelligence community, the operation—code named Project Lakhta—was ordered directly by Russian president Vladimir Putin. The "hacking and disinformation campaign" to damage Clinton and help Trump became the "core of the scandal known as Russiagate". The 448-page Mueller Report, made public in April 2019, examined over 200 contacts between the Trump campaign and Russian officials but concluded that there was insufficient evidence to bring any conspiracy or coordination charges against Trump or his associates.
ThreatConnect is a cyber-security firm based in Arlington, Virginia. They provide a Threat Intelligence Platform for companies to aggregate and act upon threat intelligence.
This is a timeline of events related to Russian interference in the 2016 United States elections.
The Plot to Hack America: How Putin's Cyberspies and WikiLeaks Tried to Steal the 2016 Election is a non-fiction book by Malcolm Nance about the Russian interference in the 2016 United States elections. It was published in paperback, audiobook, and e-book formats in 2016 by Skyhorse Publishing. A second edition was also published the same year, and a third edition in 2017. Nance researched Russian intelligence, working as a Russian interpreter and studying KGB history.
Assessing Russian Activities and Intentions in Recent US Elections is a report issued by the United States Office of the Director of National Intelligence (ODNI) that assessed the extent and basis of Russia's interference in United States' elections in 2016. Published on January 6, 2017, the report includes an assessment by the National Security Agency, the Central Intelligence Agency, and the Federal Bureau of Investigation of the type and breadth of actions undertaken by Russia and affiliated elements during the elections. The report examines Russia's utilization of cyberspace such as hacking and the use of internet trolls and bots, and an intensive media campaign to influence public opinion in the United States. Additionally, it analyzes Russia's intentions and motivations in regards to their influence campaign. Issued in two forms, a classified version and a declassified version, the report drew its conclusions based on highly classified intelligence, an understanding of past Russian actions, and sensitive sources and methods.
Democratic National Committee v. Russian Federation, et al. was a civil lawsuit filed by the Democratic National Committee (DNC) in the United States District Court for the Southern District of New York against the Russian Federation, WikiLeaks and other entities and individuals. The case, relating to Russian interference in the 2016 United States elections, was filed on April 20, 2018. The DNC's complaint accused the Trump campaign of engaging in a racketeering enterprise in conjunction with Russia and WikiLeaks. The American Civil Liberties Union, Reporters Committee for Freedom of the Press and others filed friend-of-the-court briefs expressing concern over the lawsuit's implications for freedom of the press.
This is a timeline of events related to Russian interference in the 2016 United States elections, sorted by topics. It also includes events described in investigations into the many suspicious links between Trump associates and Russian officials and spies. Those investigations continued in 2017, the first and second halves of 2018, and 2019, largely as parts of the Crossfire Hurricane FBI investigation, the Special Counsel investigation, multiple ongoing criminal investigations by several State Attorneys General, and the investigation resulting in the Inspector General report on FBI and DOJ actions in the 2016 election.
Since 2016, then-presidential candidate Donald Trump and his allies have promoted several conspiracy theories related to the Trump–Ukraine scandal. One such theory seeks to blame Ukraine, instead of Russia, for interference in the 2016 United States presidential election. Also among the conspiracy theories are accusations against Joe Biden and his son Hunter Biden, and several elements of the right-wing Russia investigation origins counter-narrative. American intelligence believes that Russia engaged in a years long campaign to frame Ukraine for the 2016 election interference, that the Kremlin is the prime mover behind promotion of the fictitious alternative narratives, and that these are harmful to the United States. FBI director Christopher A. Wray stated to ABC News that "We have no information that indicates that Ukraine interfered with the 2016 presidential election" and that "as far as the [2020] election itself goes, we think Russia represents the most significant threat."
This is a timeline of events related to Russian interference in the 2016 United States elections.
Michael A. Sussmann is an American former federal prosecutor and a former partner at the law firm Perkins Coie, who focused on privacy and cybersecurity law. Sussmann represented the Democratic National Committee (DNC) and retained CrowdStrike to examine its servers after two Russian hacker groups penetrated DNC networks and stole information during the 2016 U.S. elections.
The 2016 United States election leaks were a series of publications of more than 150,000 stolen emails and other files during the U.S. presidential election campaigns released by Guccifer 2.0, DCLeaks and WikiLeaks. Computer hackers allegedly affiliated with the Russian military intelligence service (GRU) infiltrated information systems of the Democratic National Committee (DNC), the Democratic Congressional Campaign Committee (DCCC), and Clinton campaign officials, notably chairman John Podesta, and leaked some of the stolen materials. Emails from Guccifer 2.0 to journalists suggest a link to DCLeaks, and messages WikiLeaks exchanged with Guccifer 2.0 and DCLeaks suggest both submitted emails to WikiLeaks.