DNC Hack: Russia, WikiLeaks, and Lessons for Government

The FBI on Monday said it is investigating the hack involving the Democratic National Committee (DNC) after a cache of emails was leaked in advance of Hillary Clinton’s nomination as the Democratic Party’s nominee for President this week, an incident that has been linked by some to the Russian government. 

WikiLeaks posted nearly 20,000 hacked DNC internal emails over the weekend, released just prior to Monday’s start of the Democratic National Convention in Philadelphia. The fallout from the data dump has been swift — DNC chair Debbie Wasserman Schultz resigned in the wake of the released messages, a number of which proved embarrassing for the party. The cyber attack also has broader implications, given that a number of experts and the Clinton campaign have suggested signs point to Russian involvement.

“The incident involves a novel set of events: the hacking of a major U.S. political party allegedly by a foreign government with the information released publicly through a third-party ‘whistleblower’ source at an important moment in the U.S. political cycle,” David Fidler, adjunct senior fellow for cybersecurity at the Council on Foreign Relations, said. “We have simply not seen this sequence of events before.”

In June, it was revealed that the DNC network had been breached by hackers believed to be working for the Russian government. Security firm CrowdStrike found links between the two hacker groups and Russian intelligence agencies, with one connected to the FSB, the Russian internal security service, and the other with the GRU, the Russian foreign military intelligence agency.

What was not novel about the DNC emails leak was the way it underscores the vulnerability of organizations, whether public or private sector, from infiltration by foreign governments or cyber criminals, Fidler noted, as well as the “the sophistication of those willing to exploit these weaknesses for political gain or profit.”

“However, assuming Russian intelligence agencies are to blame for the hacking of the DNC, the manner in which Russia exploited the data it exfiltrated heightens the political importance of cybersecurity in new, worrying ways,” Fidler said.

The alleged Russian connection

While U.S. authorities are still investigating the hack and email release, some cybersecurity experts and Kremlin observers say they see a number of links to Russian involvement.

“It’s clear a number of cybersecurity experts believe Russian intelligence agencies are behind the attack,” Michael Sulick, former director of CIA’s National Clandestine Service and a Russia expert, said. “I doubt the FBI would be opening an investigation if there wasn’t some credence to those cybersecurity reports.”

And it also fits with Russian influence operations, Sulick said, serving as an example of a characteristic feature of Russian politics: kompromat, or publicly releasing negative information on opponents through third parties.

There are a number of other indicators of a possible Russian connection, Sulick noted.

Russian President Vladimir Putin and Republican Presidential nominee Donald Trump have publicly traded compliments, while a number of advisors on Trump’s campaign have now, or in the past, have had financial interests in Russia or have been sympathetic to Putin’s policies. For instance, Trump’s campaign chair Paul Manafort previously worked as a consultant for Viktor Yanukovych, the former Putin-backed president of Ukraine who was ousted in 2014.  Other Trump advisors have ties to the state-controlled Russian energy company Gazprom. A former adviser, Michael Caputo, had a contract with Gazprom’s media arm back in 2000, while current foreign policy adviser Carter Page holds a financial stake in Gazprom and has previously consulted for the conglomerate.

One of Putin’s primary policies has been weakening the European Union and NATO, Sulick pointed out, and Trump has advocated for some of these objectives, notably with embracing Britain’s vote to leave the European Union and recently saying that he would defend the Baltic states against Russian aggression on the condition that they “fulfilled their obligation to us.”

“I don’t think the Putin regime, for example, is sharing Russian intelligence activity or colluding directly with the Trump campaign,” he said. “At the same time, given Trump’s comments on foreign policy issues and his advisors, I can certainly see the Russians independently trying to encourage the candidate who would be sympathetic to Putin’s goals.”

Meanwhile, Clinton campaign manager Robby Mook on CNN’s “State of the Union” claimed the leak was part of a Russian effort to aid Donald Trump.

“What’s disturbing to us is that experts are telling us Russian state actors broke into the DNC, stole these emails, and other experts are now saying that the Russians are releasing these emails for the purpose of actually of helping Donald Trump,” Mook said on Sunday.

However, Rhea Siers, former deputy associate director for policy at the National Security Agency (NSA), noted that this incident is “really beyond just the Kremlin possibly trying to influence the election in favor of one candidate.” The hack, she said, marks an effort to cause “discord and dysfunction in the U.S. political system” and needs to be regarded as more than a partisan issue.

“It’s a matter that implicates our democracy, political system and national security,” Siers said.

According to Fidler, if this episode is indeed a Russian operation, what the Kremlin did is “less about influencing an election than demonstrating to the U.S. government and society the sophistication of Russian capabilities.” After all, he said, the ripples it is causing now will be “dust-covered footnotes by the time people vote in November,” he said.

“If the Russians really believed these actions would actually influence the election, then their understanding of U.S. election politics is poor compared to their technical hacking capabilities,” Fidler said. “Instead, in keeping with recent Russian tactics in different spheres, they are demonstrating Russian capabilities in ways that serve Putin’s perception of Russia’s national interests while sending signals to their adversaries about Russian cyber power.”

How WikiLeaks fits in

Although WikiLeaks has claimed to advocate for transparency and freedom, this new data dump raises a number of questions amongst cybersecurity experts and former government officials about its complicity.

“WikiLeaks is supposedly dedicated to transparency, but, at present, who or what was the source of these emails remains unknown. The allegations against Russia make WikiLeaks look like a craven pawn of Russian machinations, and, if the allegations are true, then WikiLeaks loses credibility as a self-proclaimed source of transparency in the cyber age,” Fidler said.

John Sipher, a former member of CIA’s Senior Intelligence Service, said he wasn’t surprised about the links to Russia or that the information was subsequently shared publicly.

“I am a bit surprised, however, in how transparent they were in its use. Using WikiLeaks is just too obvious. I would guess that Putin saw this as the best time to deliver this specific information and didn’t yet have a better way to deploy it,” Sipher said.

WikiLeaks “originally claimed to be an educational platform, but in reality they’re very selective about what they want to educate about,” Siers said, with it often serving as a “platform for Julian Assange’s ego and conspiracy theories.”

Cybersecurity lessons for government

Meanwhile, Michael F. Angelo, the chief security architect at Micro Focus, said that other than who may have been behind the attack, “I don’t see anything unique about it — it’s the same stuff we’ve been seeing time and time again.”

“It’s going to get worse as people see things they want to attack. The stuff we’re seeing right now is rather sophomoric – there’s nothing really super fancy or super advanced. It’s kind of, you didn’t protect yourself so let’s go see what’s in your system, or you clicked on something,” he said.

This hack offers another good reminder for people to “think before you click,” Angelo said. It sounds basic, but people need to “quit exposing sensitive information on your computer to an insensitive, exposed world.” And cybersecurity professionals need to make their plans based on “how bad it would be if that information on the system were public knowledge, and from there start thinking about your infrastructure,” he said.

Those working in government cybersecurity need to focus on two key things, Fidler said. First of all, it’s key to continue improving cyber defenses to minimize the vulnerability of government systems to foreign adversaries, and second, “focus more attention on the dangers dependence on cyber technologies creates for key aspects of U.S. democratic politics,” he said.

“I don’t think this episode — based on what we know — will have any lasting impact on U.S. electoral politics. However, it provides a glimpse of greater dangers in this area, including the lack of cybersecurity preparation at all the levels of U.S. elections, from the local to the national,” Fidler added.