A ‘digital hit list’ and new DOJ findings offer the clearest evidence yet that Russia hacked the DNC

  • A hacking group tied to Russian military intelligence that infiltrated DNC servers had a broad “hit list” that targeted hundreds of the Kremlin’s perceived enemies worldwide, The Associated Press reported.
  • The hit list was left exposed on the internet by the group, known as Fancy Bear, which allowed a cybersecurity firm to track the hackers’ targets and activity between March 2015 and May 2016.
  • The DOJ has identified at least six Russian government officials believed to be tied to the DNC hack and could file charges against them as early as next year.

Hackers who breached the Democratic National Committee’s email servers had a “digital hit list” that targeted a wide range of Russia’s perceived enemies, including former Secretary of State John Kerry, Ukrainian President Petro Poroshenko, anti-corruption activist Alexei Navalny, and half of the feminist protest punk rock group Pussy Riot.

The cybersecurity firm Secureworks uncovered the list earlier this year after the hacking collective known as Fancy Bear, which has been linked to Russian military intelligence, accidentally published parts of it.

Secureworks provided the data to The Associated Press, which determined, among other things, that more than 95% of the malicious links the hackers sent to their targets between March 2015 and May 2016 “were generated during Moscow office hours — between 9 a.m. and 6 p.m. Monday to Friday.”

Fancy Bear’s American targets “skewed toward workers for defence contractors such as Boeing, Raytheon, and Lockheed Martin or senior intelligence figures, prominent Russia watchers and — especially — Democrats,” the AP reported.

“More than 130 party workers, campaign staffers and supporters of the party were targeted, including Podesta and other members of Clinton’s inner circle. The AP also found a handful of Republican targets,” the report said.

The cybersecurity firm CrowdStrike first discovered the link between Fancy Bear and the Democratic National Committee breach in the spring of 2016, and The Washington Post reported that summer that the DNC had been attacked by Russia-linked hackers.

Fancy Bear was making “aggressive attempts” to hack DNC’ staffers’ emails in early April 2016, Secureworks discovered, which lined up with CrowdStrike’s findings published last June.

“At DNC, COSY BEAR intrusion has been identified going back to summer of 2015, while FANCY BEAR separately breached the network in April 2016,” CrowdStrike’s chief technology officer Dmitri Alperovitch wrote.

The DNC emails were published by WikiLeaks in late July. The group’s founder, Julian Assange, has insisted that Russia wasn’t the source of the stolen documents.

But a senior security researcher at Russia’s top cybersecurity firm, Kaspersky — which typically avoids attributing cyberattacks to specific actors — told The Guardian in January that the evidence of Moscow’s involvement was overwhelming.

“Assange said it could have been a 14-year-old hacker,” said the researcher, Brian Bartholomew. “If you look at the collective operations of this group, there’s no way a 14-year-old has this much money, time and effort to conduct all of these operations together.”

Assange is not the only one who has floated alternative theories for who hacked the DNC.

President Donald Trump said last year that the hack “could be Russia, but it could also be China.”

“It also could be somebody sitting on their bed that weighs 400 pounds,” he said.

Kim dotcom seth rich
A conspiracy theory pushed by New Zealand-based convicted hacker Kim Dotcom. Kim.com

Fox News host Sean Hannity and other right-wing commentators have suggested, without providing evidence, that the breach was an inside job orchestrated by a young DNC staffer named Seth Rich. Rich was shot and killed in July 2016 in a case that remains unsolved, fuelling conspiracy theories.

The raw data collected by Secureworks and obtained by the AP, however, has provided the clearest evidence yet not only that Fancy Bear hacked the DNC, but also that it is controlled by the Kremlin “and the general staff.” That’s according to Andras Racz, a specialist in Russian security policy at Pazmany Peter Catholic University in Hungary.

“I have no doubts,” he told the AP.

The findings were further bolstered on Thursday when The Wall Street Journal reported that the Department of Justice had identified six Russian government officials it believes were involved in the DNC hacks, and was considering bringing charges against them as early as next year.

“If filed, the case would provide the clearest picture yet of the actors behind the DNC intrusion,” the Journal said.

Cyber crime and cyber espionage have long gone hand-in-hand in Russia, and the DOJ’s case would not be unprecedented. Two Russian Federal Security Service (FSB) officers were indicted in March for what the Justice Department said amounted to directing and facilitating a massive hack on Yahoo in 2014 that compromised roughly 500 million accounts using a relatively simple method of attack.

The Soufan Group, a strategic security firm that specialises in intelligence, law enforcement, and policy analysis, wrote earlier this year that “examples of the convergence of malicious cyber activity by Russia include the hacking of Western political parties and groups, the curiously selective and well-timed releases by WikiLeaks — which is widely believed to be a Russian proxy — and theft from purely commercial entities such as Yahoo.”

The Russian government plowed ahead with the DNC hack, the new findings suggest, and — as the Soufan Group characterised it — overstepped the “boundaries of espionage by purposefully veering into criminality.”