Hackers affiliated with the Russian government successfully infiltrated the computer networks of the Democratic National Committee (DNC) and stole troves of opposition research about presidential hopeful, Donald Trump, it was revealed on Tuesday (14 June)..
The state-sponsored hackers, who reportedly had access to the DNC network for over a year, were monitoring all email and chat traffic sent via its computers, according to The Washington Post. However, the intrusion - which has been denied by the Russian government - was not limited to Trump. In addition to the controversial Republican Party candidate, computer networks of democratic candidate Hillary Clinton were also targeted by Russian spies.
The DNC has denied that financial, donor or personal information was compromised by the large-scale security breach and told The Washington Post the motivation appears to have been espionage rather than for criminal purposes.
After the department's IT team realised there was a problem in April this year, cybersecurity experts at CrowdStrike were brought in to investigate. The firm's CEO, Shawn Henry, who previously managed the FBI's cyber division, said: "It's the job of every foreign intelligence service to collect intelligence against their adversaries."
He continued: "We're perceived as an adversary of Russia. Their job, when they wake up every day, is to gather intelligence against the policies, practices and strategies of the US government. There are a variety of ways. [Hacking] is one of the more valuable because it gives you a treasure trove of information."
The chairwoman of the DNC, Debbie Wasserman Schultz, said: "The security of our system is critical to our operation and to the confidence of the campaigns and state parties we work with. When we discovered the intrusion, we treated this like the serious incident it is and reached out to CrowdStrike immediately. Our team moved as quickly as possible to kick out the intruders and secure our network."
Upon analysis, CrowdStrike identified two separate hacking groups it believes were responsible, however it did not find any evidence they were working together. According to Dmitri Alperovitch, CrowdStrike co-founder and chief technology officer (CTO), the two groups, dubbed "Cosy Bear" and "Fancy Bear" were interested in silently watching the activities of government employees.
It was only when one of the groups stole the opposition research that the DNC was alerted to the breach. Research suggests Cosy Bear is under direction of the Federal Security Service, also known as the FSB, and that Fancy Bear is connected with the GRU, or Russian military intelligence service, Alperovitch said to The Washington Post.
The cybersecurity expert explained that lack of coordination was not unusual for hacking groups operating in Russia. He said: "There's an amazing adversarial relationship [...] we have seen them steal assets from one another, refuse to collaborate. They're all vying for power, to sell Putin on how good they are."
At the time of writing, the exact entry point of the hackers remains unclear. However, evidence suggests email phishing is likely to have played a key role in giving the hackers unfettered access to the sensitive information. While the DNC was not the only target of the nation state hackers, CrowdStrike nor the Democratic Party has elaborated on the extent of other intrusions.