US Officially Blames Russia For DNC Hack

The United States (US) Department of Homeland Security (DHS) and Office of the Director of National Intelligence (ODNI) issued a joint statement on Friday, October 7, 2016, publicly stating for the first time that the US Intelligence Community is “confident” that the “Russian Government directed the recent compromises of e-mails from US persons and institutions, including from US political organizations.”

DNC Attack Background

Last April, after the DNC discovered malware on its computer systems, it hired third party cybersecurity firm CrowdStrike to investigate the breach.  After completing its investigation, CrowdStrike issued a report in June 2016 linking the attacks to two groups associated with Russia:

  • “Cozy Bear,” a group suspected of previously attacking networks at the White House, State Department and Joint Chiefs of Staff; and
  • “Fancy Bear,” a group suspected to have targeted public and private entities for decades.

CrowdStrike linked the attacks of Cozy Bear and Fancy Bear to Russia because their programming code sometimes matched the code used in earlier hacks by Russia, and their behavior matched that of Russia’s in its historic efforts to increase Russian sphere of influence in Eastern Europe.  Thousands of stolen e-mails from the DNC were subsequently published on a source called DC Leaks, which ThreatConnect, a separate cybersecurity firm, has linked to Fancy Bear.

A day after the report, someone calling themselves Guccifer 2.0 claimed responsibility for the hack in a blog post.

Joint Statement Blames Russia For DNC Hack

In Friday’s joint statement, the DHS and ODNI stated for the first time that the “recent disclosures of alleged hacked e-mails on sites like DCLeaks.com and WikiLeaks and by the Guiccer 2.0 online persona are consistent with the methods and motivations of Russia-directed efforts.”  The agencies found that the “thefts and disclosures are intended to interfere with the US election process[,]” which is activity that is not “new to Moscow – the Russians have used similar tactics and techniques across Europe and Eurasia, for example, to influence public opinion there.”  Based on the “scope and sensitivity” of such efforts, the agencies concluded that only “Russia’s senior-most officials could have authorized these activities.”

No Conclusion On Voting Machine Hacks

The joint statement stopped short of attributing the recent state election data system breaches to Russia.  These breaches, which have seen at least Illinois and Arizona experience scanning and probing of their election systems, have been tied back to servers operated by a Russian company.  The FBI is currently investigating this claim, but the DHS and ODNI said the US Intelligence Community is not “now in a position to attribute this activity to the Russian Government.”

The joint statement came on the same day as a ceasefire in Syria fell apart and the US accused Russia of war crimes in Aleppo.   A copy of the joint report can be found here.