In June of 2016, the Democratic National Committee (DNC) was hacked by groups believed to be linked to Russian military-intelligence groups. Exactly six months later, the Obama administration, President-elect Donald Trump, and John McAfee all weighed in on their opinions as to who was responsible for the cyberattack.
The DNC Data Breach
In a blog post on June 15, 2016, a hacker using the handle ‘Guccifer 2.0’ claimed responsibility for the breach. The cybercriminal explained that he had “a big folder of docs devoted to Hillary Clinton that I found on the DNC server.” Furthermore, the files included an ‘HRC Defense Master Doc’ outlining criticism and defense points on issues such as the U.S. military intervention in Libya, the 2012 Benghazi attack, and the Clinton email server controversy.
After investigating the attack, cybersecurity firm CrowdStrike believed the data breach involved two separate groups, both linked to Russian military-intelligence. They believed that one set of hackers had been in the system for about a year, monitoring internal communications such as email. The other group is believed to have only been in the system for a couple of months but had a more specific target in mind, the DNC’s opposition research on Donald Trump.
Why would the Russians hack into the DNC’s servers? Many governments have high-level cyber-espionage groups working for them, who may target secrets from other governments, intelligence agencies, and government contractors. With the presidential election looming at the time, understanding the candidates would be important to nations such as Russia so they could see what they may be dealing with. As we saw from Donald Trump winning the election, Putin was certainly happy with the results as he agreed to better relations between the United States and Russia.
President Obama’s Response
Towards the end of December, the Obama administration released a package of responses to the DNC hack. The actions, which retaliate for more than just the DNC hack, include:
The document called a ‘voxsplainer’ tells us what we need to know about the administration’s response to Russia. There are two significant details. First, the response is not just to cyberattacks aimed at the U.S. election but also to the Russian government’s harassing of U.S. officials. The second detail describes Russia’s motive for the attack, stating “Russia’s cyber activities were intended to influence the election, erode faith in the U.S. democratic institutions, sow doubt about the integrity of our electoral process, and undermine confidence in the institutions of the U.S. government.”
President Obama’s statement was basically a description of what he ordered stating that the U.S. will “… continue to take a variety of actions at a time and place of our choosing, some of which will not be publicized. In addition to holding Russia accountable for what it has done, the United States and friends and allies around the world must work together to oppose Russia’s efforts to undermine established international norms of behavior, and interfere with democratic governance.”
In April of 2015, President Obama signed an Executive Order (EO) that applied directly to election-related hacking. EO 13964 permitted the President to sanction entities that hacked critical infrastructure or big money banks. As a response to the DNC hack, the President approved an amendment to the EO which is as follows.
“The increasing use of cyber-enabled means to undermine the democratic processes at home or abroad, as exemplified by Russia’s recent activities, has made clear that a tool explicitly targeting attempts to interfere with elections is also warranted. As such, The President has approved amending Executive Order 13964 to authorize sanctions to those who: tamper with, alter, or cause a misappropriation of information with the purpose or effect of interfering or undermining the election process or institutions.”
The final part of the package, the two documents on Russian hacking, include an introduction to the Joint Analysis Report and the Joint Analysis Report (JAR) itself. The JAR finally confirms that they are placing blame solely on the Russian government for the DNC data breach.
“A great deal of analysis and forensic information related to Russian government activity has been published by a wide range of security companies. The U.S. Government can confirm that the Russian government, including Russia’s civilian and military intelligence services, conducted many of these activities described by a number of these security companies.”
Finally, something they are saying makes sense. It seems like the response from Obama, along with the sanctions just beat around the bush. In fact, the entire package has received a lot of criticism from cybersecurity experts.
“(The report) reads like a poorly done vendor intelligence report stringing together various aspects of attribution without evidence,” said Robert Graham from Errata Security.
“The indicators are not very descriptive and will have a high rate of false positives for defenders to use them,” said Robert Lee, CEO of cybersecurity company Dragos, in reference to the report not being helpful at all for defense purposes, which is allegedly what it is supposed to do.
President-Elect Donald Trump’s Response
While President-elect Donald Trump hasn’t issued a formal response to the U.S. allegations of Russia being behind the DNC data breach, he has taken to Twitter to issue his opinions. You can see his most controversial tweet below, asking why the White House waited so long to act and inferring that they are only complaining now because Hillary Clinton lost the election.
“If Russia, or some other entity, was hacking, why did the White House wait so long to act? Why did they only complain after Hillary lost?” – Donald Trump (@realDonaldTrump)
Trump also chimed in about how the cyberattack and released data reveal that Hillary gained access to the questions of a debate from the DNC.
“Are we talking about the same cyberattack where it was revealed that head of the DNC illegally gave Hillary the questions to the debate?” – Donald Trump (@realDonaldTrump)
Lastly, Trump tweeted a rather controversial message.
“Unless you catch "hackers" in the act, it is very hard to determine who was doing the hacking. Why wasn't this brought up before election?” – Donald Trump (@realDonaldTrump)
It’s fairly clear that Trump doesn't have a thorough understanding about cybersecurity. However, he makes an extremely interesting point about why this information wasn’t brought up before the election. While we certainly aren’t going to get into politics, the timing of all of this information being released is somewhat suspect.
John McAfee Weighs in on the DNC Breach
While John McAfee isn’t the President or President-elect, he did run for the Libertarian party once upon a time. He’s also the developer of the first commercial antivirus program (McAfee Antivirus) and has been a major player in cybersecurity for the past 50 years. Based on his vast experience, McAfee does not believe that the Russians were behind the DNC hacks. “If it looks like the Russians did it, then I can guarantee you it was not the Russians,” McAfee went on record saying.
Instead, McAfee believes that the hackers faked their location, their language, and any other key markers that would lead the U.S. Government to pin this breach on the Russians.
“If I was the Chinese and I wanted to make it look like the Russians did it, I would use Russian language within the code, I would use Russian techniques of breaking into the organization,” McAfee commented. “There simply is no way to assign a source for any attack.”
Even though McAfee mentioned the Chinese government in his comments, it’s uncertain who he believes is behind the attack. His take definitely gives us a different perspective from someone who is a certified cybersecurity expert. While we want to believe the U.S. Government is 100% accurate with their report, we as citizens aren’t getting all the information and can’t make a determination with certainty.