How Putin Weaponized WikiLeaks to Influence the Presidential Election

Russian President Vladimir Putin

Russian President Vladimir Putin Alexei Nikolsky/AP

Featured eBooks
The IT Modernization Mission
Read Now

Ransomware Threat

Read Now

What's Next For Government Cloud

Read Now

Federal Agencies Exploring Computing at the Edge

Read Now
Patrick Tucker By Patrick Tucker,
Science & Technology Editor, Defense One

By Patrick Tucker

|

Evidence suggests a Russian intelligence group was the source of the most recent WikiLeaks intel dump, which was aimed to influence the U.S. election.

Close your eyes and imagine a hacking group backed by Russian President Vladimir Putin broke into the email system of a major U.S. political party. The group stole thousands of sensitive messages and then published them through an obliging third party in a way strategically timed to influence the U.S. presidential election. Now, open your eyes, because that’s what just happened.

On Friday, WikiLeaks published 20,000 emails stolen from the Democratic National Committee. They reveal, among other things, thuggish infighting, a push by a top DNC official to use Bernie Sanders’ religious convictions against him in the South and attempts to strong-arm media outlets. In other words, they reveal the Washington campaign monster for what it is.

But leave aside the purported content of the WikiLeaks data dump (to which numerous other outlets have devoted considerable attention) and consider the source. Considerable evidence shows the WikiLeaks dump was an orchestrated act by the Russian government, working through proxies, to undermine Hillary Clinton’s presidential campaign.

“This has all the hallmarks of tradecraft," Tom Kellermann, CEO of Strategic Cyber Ventures, told Defense One. "The only rationale to release such data from the Russian bulletproof host was to empower one candidate against another. The Cold War is alive and well."

Cybersecurity company FireEye first discovered APT 29 in 2014 and was quick to point out a clear Kremlin connection.

“We suspect the Russian government sponsors the group because of the organizations it targets and the data it steals," FireEye wrote in its report on the group. "Additionally, APT29 appeared to cease operations on Russian holidays, and their work hours seem to align with the UTC +3 time zone, which contains cities such as Moscow and St. Petersburg.”

Other U.S. officials have said the group looks like it has sponsorship from the Russian government because in large part of the level of sophistication behind the group’s attacks.

It’s the same group that hit the State Department, the White House and the civilian email of the Joint Chiefs of Staff. The group’s modus operandi (a spearphishing attack that uploads a distinctive remote access tool on the target’s computer) is well known to cybersecurity researchers.

In his blog post on the DNC breaches, Crowdstrike Chief Technology Officer Dmitri Alperovitch wrote: “We’ve had lots of experience with both of these actors attempting to target our customers in the past and know them well. In fact, our team considers them some of the best adversaries out of all the numerous nation-state, criminal and hacktivist/terrorist groups we encounter on a daily basis. Their tradecraft is superb, operational security second to none and the extensive usage of ‘living-off-the-land’ techniques enables them to easily bypass many security solutions they encounter.”

The next day, an individual calling himself Guccifer 2.0 claimed to be the culprit behind the breach and released key documents to back up the claim, writing, “Shame on CrowdStrike.”

Crowdstrike stood by its original analysis, writing: “these claims do nothing to lessen our findings relating to the Russian government’s involvement, portions of which we have documented for the public and the greater security community.”

Other security firms offered independent analysis and reached the same conclusion. The group Fidelis undertook its own investigation and found Crowdstrike to be correct.

A Twitter user named @PwnAlltheThings looked at the metadata on the docs that Guccifer 2.0 provided in his blog post and found literal Russian signatures.

His findings were backed up by Dan Goodin at Ars Technica.  

“Given the evidence combined with everything else, I think it’s a strong attribution to one of the Russian intelligence agencies,” @PwnAllTheThings remarked to Motherboard.

Motherboard reporter Lorenzo Franceschi-Bicchierai actually conversed with Guccifer 2.0 over Twitter. The hacker, who claimed to be Romanian, answered questions in short sentences that “were filled with mistakes according to several Romanian native speakers,” Bicchieri found.

A large body of evidence suggests Guccifer 2.0 is a smokescreen the actual culprits employed to hide their involvement in the breach.

That would be consistent with Russian information and influence operations.

“Russian propagandists have been caught hiring actors to portray victims of manufactured atrocities or crimes for news reports (as was the case when Viktoria Schmidt pretended to have been attacked by Syrian refugees in Germany for Russia’s Zvezda TV network), or faking on-scene news reporting (as shown in a leaked video in which 'reporter' Maria Katasonova is revealed to be in a darkened room with explosion sounds playing in the background rather than on a battlefield in Donetsk when a light is switched on during the recording),” notes a RAND report from earlier in July.

The use of WikiLeaks as the publishing platform served to legitimize the information dump, which also contains a large amount of personal information related to democratic donors such as Social Security and credit card numbers. This suggests WikiLeaks didn’t perform a thorough analysis of the documents before they were released, or simply didn't care.

It’s the latest installment in a trend information security researcher Bruce Schneier calls organizational doxing and that Lawfare’s Nicholas Weaver calls the weaponization of WikiLeaks.

The most remarkable example of which, prior to the DNC incident, was the June 2015 publication of several sets of National Security Agency records related to government intelligence collection targets in FranceJapanBrazil and Germany. The data itself was not remarkable, but it did harm U.S. relations and may have compromised NSA tradecraft.

“WikiLeaks doesn’t seem to care that they are being used as a weapon by unknown parties, instead calling themselves a ‘library of mass education’. But the rest of us should,” Weaver writes.

The evidence so far suggests it’s a weapon Putin used to great effect last week.

NEXT STORY: Can Better IT Management Save Government $5.8B?

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.