Hackers allegedly working on behalf of the Russian government broke into computers belonging to the Democratic National Committee (DNC) and accessed information relating to presidential candidate Donald Trump, it has been revealed.
According to the Washington Post, the hackers had access to the DNC’s network for over a year, and were so deeply inside the system that they were able to read emails and chat logs. The intrusion was eventually detected in May of this year, when the DNC called in security firm CrowdStrike to investigate.
The DNC said it could find no evidence that any financial, donor or personal information had been accessed. According to the Washington Post, this makes it much more likely that it was cyber espionage rather than a criminal hacker looking for information to sell.
In a statement DNC chairwoman Rep. Debbie Wasserman Schultz, said: “The security of our system is critical to our operation and to the confidence of the campaigns and state parties we work with.
“When we discovered the intrusion, we treated this like the serious incident it is and reached out to CrowdStrike immediately. Our team moved as quickly as possible to kick out the intruders and secure our network.”
Dmitri Alperovitch, CrowdStrike’s co-founder and CTO, said in a blog post that two separate breaches had been detected, but that it was unlikely the two groups were working together.
“We deployed our IR team and technology and immediately identified two sophisticated adversaries on the network – Cozy Bear and Fancy Bear,” he said. “We have identified no collaboration between the two actors, or even an awareness of one by the other. Instead, we observed the two Russian espionage groups compromise the same systems and engage separately in the theft of identical credentials.”
The first group, Cozy Bear, had been inside the DNC network since the summer of 2015 and was monitoring chat logs and emails. The second group, Fancy Bear, accessed the systems in April and immediately targeted research on Donald Trump, Reuters reported. It was this intrusion which set alarm bells ringing.
CrowdStrike said it does not know for sure how the hackers got into the system, but suspects that a spear-phishing email was used. Research from Palo Alto Networks appears to back that up. It recently identified a spear-phishing email from The Sofacy Group, also known as APT28, which is the same group CrowdStrike identified as being behind the second hack.
There is also evidence that other politicians were targeted, including Hillary Clinton. Details on those hacks are not immediately available, but a statement from Clinton’s campaign team said no evidence of a network breach could be found.
A Russian government spokesperson denied involvement in the hacking.
These attacks show that cyber espionage is “the new normal,” according to Dan Holden, director of ASERT at Arbor Networks.
“Historically Russia and the USSR before it, have had some of the best spies in the world. Many nations have been quite open about their buildup of cyber capability, Russia chief among them,” he added. “Unfortunately, these types of attacks are not only here to stay, but given the utter reliance on the internet today, are likely to grow in a very serious manner.”