A warning phone call from the FBI to a minor systems operator at the Democratic National Committee went unheeded — and then the leaks started
When Special Agent Adrian Hawkins of the FBI called the Democratic National Committee (DNC) in September 2015 to pass along some troubling news about its computer network, he was transferred, naturally, to the help desk.
His message was brief, if alarming. At least one computer system belonging to the DNC was compromised by the hackers the federal investigators had named “the Dukes,”
The FBI knew it well: It had spent the last few years trying to kick the cyberespionage team, allegedly linked to the Russian government, out of the unclassified email systems of the White House, the State Department and even the Joint Chiefs of Staff, one of the government’s best-protected networks.
Yared Tamene, the tech-support contractor at the DNC who fielded the call, was no expert in cyberattacks. His first moves were to check Google for “the Dukes” and conduct a cursory search of the DNC computer system logs to look for hints of such a cyberintrusion. By his own account, he did not look too hard even after Hawkins called back repeatedly over the next several weeks — in part because he wasn’t certain the caller was a real FBI agent and not an impostor.
“I had no way of differentiating the call I just received from a prank call,” Tamene wrote in an internal memo, obtained by The New York Times, which detailed his contact with the FBI.
It was the cryptic first sign of a cyberespionage and information warfare campaign devised to disrupt the 2016 presidential election, the first such attempt by a foreign power in American history. What started as an information gathering operation, intelligence officials believe, ultimately morphed into an effort to harm one candidate, Hillary Clinton, and tip the election to her opponent, Donald Trump.
Like another famous American election scandal, it started with a break-in at the DNC. The first time, 44 years ago at the committee’s old offices in the Watergate complex, the burglars planted listening devices and jimmied a filing cabinet. This time, the burglary was conducted from afar, directed by the Kremlin, with spear-phishing emails and zeros and ones.
An examination by The Times of the Russian operation — based on interviews with dozens of players targeted in the attack, intelligence officials who investigated it and Obama administration officials who deliberated over the best response — reveals a series of missed signals, slow responses and a continuing underestimation of the seriousness of the cyber attack.
The DNC’s fumbling encounter with the FBI meant the best chance to halt the Russian intrusion was lost. The failure to grasp the scope of the attacks undercut efforts to minimize their impact. And the White House’s reluctance to respond forcefully meant the Russians have not paid a heavy price for their actions, a decision that could prove critical in deterring future cyber attacks.
The low key approach of the FBI meant that Russian hackers could roam freely through the committee’s network for nearly seven months before top DNC officials were alerted to the attack and cyberexperts hired to protect their systems. In the meantime, the hackers moved on to targets outside the DNC, including Clinton’s campaign chairman John D. Podesta, whose private email account was hacked months later.
Even Mr. Podesta, a savvy Washington insider who had written a 2014 report on cyberprivacy for President Barack Obama, did not truly understand the gravity of the hacking.
By last summer, Democrats watched in helpless fury as their private emails and confidential documents appeared online day after day — procured by Russian intelligence agents, posted on WikiLeaks and other websites, then eagerly reported on by the American media, including The Times. Mr. Trump gleefully cited many of the purloined emails on the campaign trail.
Greenpeace sought Hillary aide’s help to deal with Modi: Wikileaks
The fallout included the resignations of Republican Debbie Wasserman Schultz of Florida, the chairwoman of the DNC, and most of her top party aides. Leading Democrats were sidelined at the height of the campaign, silenced by revelations of embarrassing emails or consumed by the scramble to deal with the hacking.
Though little-noticed by the public, confidential documents taken by the Russian hackers from the DNC’s sister organization, the Democratic Congressional Campaign Committee, turned up in congressional races in a dozen States, tainting some of them with accusations of scandal.
In recent days, a skeptical President-elect, the nation’s intelligence agencies and the two major parties have become embroiled in an extraordinary public dispute over what evidence exists that Russian President Vladimir Putin moved beyond mere espionage to deliberately try to subvert American democracy and pick the winner of the presidential election.
Many of Ms. Hillary Clinton’s closest aides believe that the Russian assault had a profound impact on the election, while conceding that other factors — Ms. Hillary’s Clinton’s weaknesses as a candidate; her private email server; the public statements of FBI Director James B. Comey about her handling of classified information — were also important.
While there’s no way to be certain of the ultimate impact of the hack, this much is clear: A low cost, high-impact weapon that Russia had test-fired in elections from Ukraine to Europe was trained on the United States, with devastating effectiveness. For Russia, with an enfeebled economy and a nuclear arsenal it cannot use short of all-out war, cyberpower proved the perfect weapon: cheap, hard to see coming, hard to trace.
“There shouldn’t be any doubt in anybody’s mind,” Adm. Michael S. Rogers, director of the National Security Agency and commander of U.S. Cyber Command said at a post election conference. “This was not something that was done casually, this was not something that was done by chance, this was not a target that was selected purely arbitrarily,” he said. “This was a conscious effort by a nation-state to attempt to achieve a specific effect.”
For the people whose emails were stolen, this new form of political sabotage has left a trail of shock and professional damage. Neera Tanden, president of the Center for American Progress and a key Clinton supporter, recalls walking into the busy transition offices, humiliated to see her face on television screens as pundits discussed a leaked email in which she had called Ms. Hillary Clinton’s instincts “suboptimal.”
“It was just a sucker punch to the gut every day,” Ms. Tanden said. “It was the worst professional experience of my life.”
The United States too has carried out cyberattacks, and in past decades, the CIA had tried to subvert foreign elections. But the Russian attack is increasingly understood across the political spectrum as an ominous historic landmark — with one notable exception: Mr. Trump has rejected the findings of the intelligence agencies he will soon oversee as “ridiculous,” insisting that the hacker may be American, or Chinese, but that “they have no idea.”
Mr. Trump cited the reported disagreements between the agencies about whether Mr. Putin intended to help elect him. On Tuesday, a Russian government spokesman echoed Mr. Trump’s scorn.
“This tale of ‘hacks’ resembles a banal brawl between American security officials over spheres of influence,” Maria Zakharova, spokeswoman for the Russian Foreign Ministry, wrote on Facebook.
Over the weekend, four prominent senators, two Republicans and two Democrats, joined forces to pledge an investigation while pointedly ignoring Mr. Trump’s skeptical claims.
“Democrats and Republicans must work together, and across the jurisdictional lines of the Congress, to examine these recent incidents thoroughly and devise comprehensive solutions to deter and defend against further cyberattacks,” said Sens. John McCain, Lindsey Graham, Chuck Schumer and Jack Reed.
“This cannot become a partisan issue,” they said. “The stakes are too high for our country.”
A target for break-ins
Sitting in the basement of the DNC headquarters, below a wall-size 2012 portrait of a smiling Barack Obama, is a 1960s-era filing cabinet missing the handle on the bottom drawer. Only a framed newspaper story hanging on the wall hints at the importance of this aged piece of office furniture.
“GOP Security Aide Among 5 Arrested in Bugging Affa ir,” reads the headline from the front page of The Washington Post on June 19, 1972, with the bylines of Bob Woodward and Carl Bernstein.
Andrew Brown, 37, technology director at the DNC, was born after that famous break-in. But as he began to plan for this year’s election cycle, he was well aware that the DNC could become a break-in target again.
There were aspirations to ensure that the DNC was well protected against cyberintruders — and then there was the reality, Mr. Brown and his bosses at the organization acknowledged: The DNC was a nonprofit group, dependent on donations, with a fraction of the security budget that a corporation its size would have.
“There was never enough money to do everything we needed to do,” Mr. Brown said.
The DNC had a standard email spam-filtering service, intended to block phishing attacks and malware created to resemble legitimate email. But when Russian hackers started in on the DNC, the committee did not have the most advanced systems in place to track suspicious traffic, internal DNC memos show.
Tamene, who reports to Mr. Brown, was not a full-time DNC employee; he works for a Chicago-based contracting firm called The MIS Department. He was left to figure out, largely on his own, how to respond — and even whether the man who had called in to the DNC switchboard was really an FBI agent.
“The FBI thinks the DNC has at least one compromised computer on its network and the FBI wanted to know if the DNC is aware, and if so, what the DNC is doing about it,” Tamene wrote in an internal memo about his contacts with the FBI. He added that “the Special Agent told me to look for a specific type of malware dubbed ‘Dukes’ by the U.S. intelligence community and in cybersecurity circles.”
Part of the problem was that agent Hawkins did not show up in person at the DNC. Nor could he email anyone there, as that risked alerting the hackers that the FBI knew they were in the system.
Tamene’s initial scan of the DNC system — using his less-than-optimal tools and incomplete targeting information from the FBI — found nothing. So when Hawkins called repeatedly in October, leaving voice mail messages for Tamene, urging him to call back, “I did not return his calls, as I had nothing to report,” Tamene explained in his memo.
In November, Hawkins called with more ominous news. A DNC computer was “calling home, where home meant Russia,” Tamene’s memo says, referring to software sending information to Moscow. “SA Hawkins added that the FBI thinks that this calling home behavior could be the result of a state-sponsored attack.”
Mr. Brown knew that Tamene, who declined to comment, was fielding calls from the FBI. But he was tied up on a different problem: evidence suggesting that the campaign of Sen. Bernie Sanders of Vermont, Ms. Hillary Clinton’s main Democratic opponent, had improperly gained access to her campaign data.
Ms. Schultz, then the DNC’s chairwoman, and Amy Dacey, then its chief executive, said in interviews that neither of them was notified about the early reports that the committee’s system had likely been compromised.
Shawn Henry, who once led the FBI’s cyber division and is now president of CrowdStrike Services, the cybersecurity firm retained by the DNC in April, said he was baffled that the FBI did not call a more senior official at the DNC or send an agent in person to the party headquarters to try to force a more vigorous response.
“We are not talking about an office that is in the middle of the woods of Montana. We are talking about an office that is half a mile from the FBI office that is getting the notification,” Mr. Henry said.
By March, Tamene and his team had met at least twice in person with the FBI and concluded that Hawkins was really a federal employee. But then the situation took a dire turn.
A second team of Russian-affiliated hackers began to target the DNC and other players in the political world, particularly Democrats.
Billy Rinehart, a former DNC regional field director who was then working for Ms. Hillary Clinton’s campaign, got an odd email warning from Google.
“Someone just used your password to try to sign into your Google account,” the March 22 email said, adding that the sign-in attempt had occurred in Ukraine. “Google stopped this sign-in attempt. You should change your password immediately.”
Mr. Rinehart was in Hawaii at the time. He remembers checking his email at 4 a.m. for messages from East Coast associates. Without thinking much about the notification, he clicked on the “change password” button and half asleep, as best he can remember, he typed in a new password.
What he did not know until months later is that he had just given the Russian hackers access to his email account.
Hundreds of similar phishing emails were being sent to American political targets, including an identical email sent on March 19 to Mr. Podesta. Given how many emails he received through this personal email account, several aides also had access to it, and one of them noticed the warning email, sending it to a computer technician to make sure it was legitimate before anyone clicked on the “change password” button.
“This is a legitimate email,” Charles Delavan, a Clinton campaign aide, replied to another of Mr. Podesta’s aides, who had noticed the alert. “John needs to change his password immediately.”
With another click, a decade of emails that Mr. Podesta maintained in his Gmail account — a total of about 60,000 — were unlocked for the Russian hackers. Delavan, in an interview, said that his bad advice was a result of a typo: He knew this was a phishing attack, as the campaign was getting dozens of them. He said he had meant to type that it was an “illegitimate” email, an error that he said has plagued him ever since.
During this second wave, the hackers also gained access to the Democratic Congressional Campaign Committee, and then, through a virtual private network connection, to the main computer network of the DNC.
The FBI observed this surge of activity as well, again reaching out to Tamene to warn him. Yet Tamene still saw no reason to be alarmed: He found copies of the phishing emails in the DNC’s spam filter. But he had no reason, he said, to believe that the computer systems were infiltrated.
One bit of progress was finally made by the middle of April: The DNC, seven months after it was first warned, finally installed a “robust set of monitoring tools,” Tamene’s internal memo says.
Honing stealth tactics
The United States had two decades of warning that Russia’s intelligence agencies were trying to break into America’s most sensitive computer networks. But the Russians have always managed to stay a step ahead.
Their first major attack was detected on October 7, 1996, when a computer operator at the Colorado School of Mines discovered some nighttime computer activity he could not explain. The school had a major contract with the Navy, and the operator warned his contacts there. But as happened two decades later at the DNC, at first “everyone was unable to connect the dots,” said Thomas Rid, a scholar at King’s College in London who has studied the attack.
Investigators gave it a name — Moonlight Maze — and spent two years, often working day and night, tracing how it hopped from the Navy to the Department of Energy to the Air Force and NASA. In the end, they concluded that the total number of files stolen, if printed and stacked, would be taller than the Washington Monument.
Whole weapons designs were flowing out the door, and it was a first taste of what was to come: an escalating campaign of cyberattacks around the world.
But for years, the Russians stayed largely out of the headlines, thanks to the Chinese — who took bigger risks, and often got caught. They stole the designs for the F-35 fighter jet, corporate secrets for rolling steel, even the blueprints for gas pipelines that supply much of the United States. And during the 2008 presidential election cycle, Chinese intelligence hacked into the campaigns of Mr. Obama and McCain, making off with internal position papers and communications. But they didn’t publish any of it.
The Russians had not gone away, of course. “They were just a lot more stealthy,” said Kevin Mandia, a former Air Force intelligence officer who spent most of his days fighting off Russian cyberattacks before founding Mandiant, a cybersecurity firm that is now a division of FireEye — and the company the Clinton campaign brought in to secure its own systems.
The Russians were also quicker to turn their attacks to political purposes. A 2007 cyberattack on Estonia, a former Soviet ally that had joined NATO, sent a message that Russia could paralyze the country without invading it.
The next year cyberattacks were used during Russia’s war with Georgia.
But American officials did not imagine that the Russians would dare try those techniques inside the United States. They were largely focused on preventing what former Defense Secretary Leon E. Panetta warned was an approaching “cyber Pearl Harbor” — a shutdown of the power grid or cellphone networks.
In 2014 and 2015, a Russian hacking group began systematically targeting the State Department, the White House and the Joint Chiefs of Staff. “Each time, they eventually met with some form of success,” Michael Sulmeyer, a former cyberexpert for the Secretary of Defense, and Ben Buchanan, now both of the Harvard Cyber Security Project, wrote recently in a soon-to-be published paper for the Carnegie Endowment.
The Russians grew stealthier and stealthier, tricking government computers into sending out data while disguising the electronic “command and control” messages that set off alarms for anyone looking for malicious actions.
The State Department was so crippled that it repeatedly closed its systems to throw out the intruders. At one point, officials traveling to Vienna with Secretary of State John Kerry for the Iran nuclear negotiations had to set up commercial Gmail accounts just to communicate with one another and with reporters traveling with them.Mr. Obama was briefed regularly on all this, but he made a decision that many in the White House now regret: He did not name Russians publicly, or issue sanctions. There was always a reason: fear of escalating a cyberwar, and concern that the U.S. needed Russia’s cooperation in negotiations over Syria.
“We’d have all these circular meetings,” one senior State Department official said, “in which everyone agreed you had to push back at the Russians and push back hard. But it didn’t happen.”
So the Russians escalated again — breaking into systems not just for espionage, but to publish or broadcast what they found, known as “doxing” in the cyberworld.
Last year, the attacks became more aggressive. Russia hacked a major French television station, frying critical hardware. Around Christmas, it attacked part of the power grid in Ukraine, dropping a portion of the country into darkness, killing backup generators and taking control of generators. In retrospect, it was a warning shot.
The attacks “were not fully integrated military operations,” Sulmeyer said. But they showed an increasing boldness.
Cozy Bear and Fancy Bear
The day before the White House Correspondents’ Association dinner in April, Ms. Dacey, the DNC’s chief executive, was preparing for a night of parties when she got an urgent phone call.
With the new monitoring system in place, Tamene had examined administrative logs of the DNC’s computer system and found something very suspicious: An unauthorized person, with administrator-level security status, had gained access to the DNC’s computers.
“Not sure it is related to what the FBI has been noticing,” said one internal DNC email sent on April 29. “The DNC may have been hacked in a serious way this week, with password theft, etc.”
No one knew just how bad the breach was — but it was clear that a lot more than a single filing cabinet worth of materials might have been taken. A secret committee was immediately created, including Ms. Dacey, Ms. Schultz, Mr. Brown and Michael Sussmann, a former cybercrimes prosecutor at the Justice Department who now works at Perkins Coie, the Washington law firm that handles DNC political matters.
“Three most important questions,” Mr. Sussmann wrote to his clients the night the break-in was confirmed. “1) What data was accessed? 2) How was it done? 3) How do we stop it?”
Mr. Sussmann instructed his clients not to use DNC email because they had just one opportunity to lock the hackers out — an effort that could be foiled if the hackers knew that the DNC was on to them.
“You only get one chance to raise the drawbridge,” Mr. Sussmann said. “If the adversaries know you are aware of their presence, they will take steps to burrow in, or erase the logs that show they were present.”
The DNC immediately hired CrowdStrike Services to scan its computers, identify the intruders and build a new computer and telephone system from scratch. Within a day, CrowdStrike confirmed that the intrusion had originated in Russia, Mr. Sussmann said.
The work that such companies do is a computer version of old-fashioned crime scene investigation, with fingerprints, bullet casings and DNA swabs replaced by an electronic trail that can be just as incriminating. And just as police detectives learn to identify the telltale methods of a veteran burglar, so CrowdStrike investigators recognized the distinctive handiwork of Cozy Bear and Fancy Bear.
Those are CrowdStrike’s nicknames for the two Russian hacking groups that the firm found at work inside the DNC network. Cozy Bear — the group also known as the Dukes or APT 29, for “advanced persistent threat” — may or may not be associated with the FSB, the main successor to the Soviet-era KGB, but it is widely believed to be a Russian government operation. It made its first appearance in 2014, said Dmitri Alperovitch, CrowdStrike’s co-founder and chief technology officer.
It was Cozy Bear, CrowdStrike concluded, that first penetrated the DNC in summer 2015, by sending spear-phishing emails to a long list of U.S. government agencies, Washington nonprofits and government contractors. Whenever someone clicked on a phishing message, the Russians would enter the network, “exfiltrate” documents of interest and stockpile them for intelligence purposes.
“Once they got into the DNC, they found the data valuable and decided to continue the operation,” said Mr. Alperovitch, who was born in Russia and moved to the United States as a teenager.
Only in March 2016 did Fancy Bear show up — first penetrating the computers of the Democratic Congressional Campaign Committee, and then jumping to the DNC, investigators believe. Fancy Bear, sometimes called APT 28 and believed to be directed by the GRU, Russia’s military intelligence agency, is an older outfit, tracked by Western investigators for nearly a decade. It was Fancy Bear that got hold of Mr. Podesta’s email.
Attribution, as the skill of identifying a cyberattacker is known, is more art than science. It is often impossible to name an attacker with absolute certainty. But over time, by accumulating a reference library of hacking techniques and targets, it is possible to spot repeat offenders. Fancy Bear, for instance, has gone after military and political targets in Ukraine and Georgia, and at NATO installations.
That largely rules out cybercriminals and most countries, Mr. Alperovitch said. “There’s no plausible actor that has an interest in all those victims other than Russia,” he said. Another clue: The Russian hacking groups tended to be active during working hours in the Moscow time zone.
To their astonishment, Mr. Alperovitch said, CrowdStrike experts found signs that the two Russian hacking groups had not coordinated their attacks. Fancy Bear, apparently not knowing that Cozy Bear had been rummaging in DNC files for months, took many of the same documents.
In the six weeks after CrowdStrike’s arrival, in total secrecy, the computer system at the DNC was replaced. For a weekend, email and phones were shut off; employees were told it was a system upgrade. All laptops were turned in and the hard drives wiped clean, with the uninfected information on them imaged to new drives.
Though DNC officials had learned that the Democratic Congressional Campaign Committee had been infected too, they did not notify their sister organization, which was in the same building, because they were afraid that it would leak.
All this work took place as the bitter contest for the Democratic nomination continued to play out between Ms. Hillary Clinton and Mr. Sanders, and it was already causing a major distraction for Ms. Schultz and the DNC’s chief executive.
“This was not a bump in the road — bumps in the road happen all the time,” she said in an interview. “Two different Russian spy agencies had hacked into our network and stolen our property. And we did not yet know what they had taken. But we knew they had very broad access to our network. There was a tremendous amount of uncertainty. And it was chilling.”
The DNC executives and their lawyer had their first formal meeting with senior FBI officials in mid-June, nine months after the bureau’s first call to the tech-support contractor. Among the early requests at that meeting, according to participants: that the federal government make a quick “attribution” formally blaming actors with ties to the Russian government for the attack to make clear that it was not routine hacking but foreign espionage.
“You have a presidential election underway here and you know that the Russians have hacked into the DNC,” Mr. Sussmann said, recalling the message to the FBI. “We need to tell the American public that. And soon.”
The media’s role
In mid-June, on Mr. Sussmann’s advice, DNC leaders decided to take a bold step. Concerned that word of the hacking might leak, they decided to go public in The Washington Post with the news that the committee had been attacked. That way, they figured, they could get ahead of the story, win a little sympathy from voters for being victimized by Russian hackers and refocus on the campaign.
But the very next day, a new, deeply unsettling shock awaited them. Someone calling himself Guccifer 2.0 appeared on the web, claiming to be the DNC hacker — and he posted a confidential committee document detailing Mr. Trump’s record and half a dozen other documents to prove his bona fides.
Guccifer 2.0 borrowed the moniker of an earlier hacker, a Romanian who called himself Guccifer and was jailed for breaking into the personal computers of former President George W. Bush, former Secretary of State Colin L. Powell and other notables. This new attacker seemed intent on showing that the DNC’s cyberexperts at CrowdStrike were wrong to blame Russia. Guccifer 2.0 called himself a “lone hacker” and mocked CrowdStrike for calling the attackers “sophisticated.”
But online investigators quickly undercut his story. On a whim, Lorenzo Franceschi-Bicchierai, a writer for Motherboard, the tech and culture site of Vice, tried to contact Guccifer 2.0 by direct message on Twitter.
“Surprisingly, he answered right away,” Mr. Franceschi-Bicchierai said. But whoever was on the other end seemed to be mocking him. “I asked him why he did it, and he said he wanted to expose the Illuminati. He called himself a Gucci lover. And he said he was Romanian.”
That gave Mr. Franceschi-Bicchierai an idea. Using Google Translate, he sent the purported hacker some questions in Romanian. The answers came back in Romanian. But when he was offline, Mr. Franceschi-Bicchierai checked with a couple of native speakers, who told him Guccifer 2.0 had apparently been using Google Translate as well — and was clearly not the Romanian he claimed to be.
Cyberresearchers found other clues pointing to Russia. Microsoft Word documents posted by Guccifer 2.0 were edited by someone calling himself, in Russian, Felix Edmundovich — an obvious nom de guerre honoring the founder of the Soviet secret police, Felix Edmundovich Dzerzhinsky. Bad links in the texts were marked by warnings in Russian, generated by what was clearly a Russian-language version of Word.
When Mr. Franceschi-Bicchierai managed to engage Guccifer 2.0 over a period of weeks, he found that his interlocutor’s tone and manner changed. “At first he was careless and colloquial. Weeks later, he was curt and more calculating,” he said. “It seemed like a group of people, and a very sloppy attempt to cover up.”
Computer experts drew the same conclusion about DCLeaks.com, a site that sprang up in June, claiming to be the work of “hacktivists” but posting more stolen documents. It, too, seemed to be a clumsy front for the same Russians who had stolen the documents. Notably, the website was registered in April, suggesting that the Russian hacking team planned well in advance to make public what it stole.
In addition to what Guccifer 2.0 published on his site, he provided material directly on request to some bloggers and publications. The steady flow of Guccifer 2.0 documents constantly undercut Democratic messaging efforts. On July 6, 12 days before the Republican National Convention began in Cleveland, Guccifer released the DNC’s battle plan and budget for countering it. For Republican operatives, it was insider gold.
Then WikiLeaks, a far more established outlet, began to publish the hacked material — just as Guccifer 2.0 had promised. On July 22, three days before the start of the Democratic National Convention in Philadelphia, WikiLeaks dumped out 44,053 DNC emails with 17,761 attachments. Some of the messages made clear that some DNC officials favored Ms. Hillary Clinton over Mr. Sanders.
That was no shock; Mr. Sanders, after all, was an independent socialist, not a Democrat, during his long career in Congress, while Ms. Hillary Clinton was one of the party’s stars for decades. But the emails, some of them crude or insulting, infuriated Mr. Sanders delegates as they arrived in Philadelphia. Ms. Schultz resigned under pressure on the eve of the convention where she had planned to preside.
Mr. Trump, by now the Republican nominee, expressed delight at the continuing jolts to his opponent, and he began to use Twitter and his stump speeches to highlight the WikiLeaks releases. On July 25, he sent out a lighthearted tweet: “The new joke in town,” he wrote, “is that Russia leaked the disastrous DNC e-mails, which should never have been written (stupid), because Putin likes me.”
But WikiLeaks was far from finished. On October 7, a month before the election, the site began the serial publication of thousands of private emails to and from Mr. Podesta.
The same day, the U.S. formally accused the Russian government of being behind the hackings, in a joint statement by the director of national intelligence and the Department of Homeland Security, and Mr. Trump suffered his worst blow to date, with the release of a recording in which he bragged about sexually assaulting women.
The Podesta emails were nowhere near as sensational as the Trump video. But, released by WikiLeaks day after day over the last month of the campaign, they provided material for countless news reports. They disclosed the contents of Ms. Hillary Clinton’s speeches to large banks, which she had refused to release. They exposed tensions inside the campaign, including disagreements over donations to the Clinton Foundation that staff members thought might look bad for the candidate and Ms. Tanden’s complaint that Ms. Hillary Clinton’s instincts were “suboptimal.”
“I was just mortified,” Ms. Tanden said in an interview. Her emails were released on the eve of one of the presidential debates, she recalled. “I put my hands over my head and said, ‘I can’t believe this is happening to me.'” Though she had regularly appeared on television to support Ms. Hillary Clinton, she canceled her appearances because all the questions were about what she had said in the emails.
Ms. Tanden, like other Democrats whose messages became public, said it was obvious to her that WikiLeaks was trying its best to damage the Clinton campaign. “If you care about transparency, you put all the emails out at once,” she said. “But they wanted to hurt her. So they put them out 1,800 to 3,000 a day.”
The Trump campaign knew in advance about WikiLeaks’ plans. Days before the Podesta email release began, Roger Stone, a Republican operative working with the Trump campaign, sent out an excited tweet about what was coming, saying “Wednesday @HillaryClinton is done #WikiLeaks.”
But in an interview, Mr. Stone said he had no role in the leaks; he had just heard from an American with ties to WikiLeaks that damning emails were coming.
The next target
As the year draws to a close, it now seems possible that there will be multiple investigations of the Russian hacking — the intelligence review Obama has ordered completed by January 20, the day he leaves office, and one or more congressional inquiries. They will wrestle with, among other things, Mr. Putin’s motive.
Did he seek to mar the brand of American democracy, to forestall anti-Russian activism for both Russians and their neighbors? Or to weaken the next American president, since presumably Mr. Putin had no reason to doubt American forecasts that Ms. Hillary Clinton would win easily? Or was it, as the CIA concluded last month, a deliberate attempt to elect Mr. Trump?
In fact, the Russian hack-and-dox scheme accomplished all three goals.
What seems clear is that Russian hacking, given its success, is not going to stop. Two weeks ago, the German intelligence chief, Bruno Kahl, warned that Russia might target elections in Germany next year. “The perpetrators have an interest to delegitimize the democratic process as such,” Mr. Kahl said. Now, he added, “Europe is in the focus of these attempts of disturbance, and Germany to a particularly great extent.”
But Russia has by no means forgotten its American target. On the day after the presidential election, the cybersecurity company Volexity reported five new waves of phishing emails, evidently from Cozy Bear, aimed at think tanks and nonprofits in the U.S.
One of them purported to be from Harvard University, attaching a fake paper. Its title: “Why American Elections Are Flawed.”
Sunday, 18 December 2016
How Russian cyberpower 'invaded' the U.S. election
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment