The Clinton presidential campaign said Friday that an “analytics data program” maintained by the Democratic National Committee had been hacked but that its computer system had not been compromised, denying news reports from earlier in the day that the campaign had become the third Democratic Party organization whose systems had been penetrated.
So far, campaign computer experts “have found no evidence that our internal systems have been compromised,” campaign spokesman Nick Merrill said in a statement.
Merrill said that “an analytics data program maintained by the DNC and used by our campaign and a number of other entities was accessed as part of the DNC hack.” The campaign did not provide details, but a source familiar with the situation said that the hacked material was generally dull and did not include email communications, memos, research or other potentially inflammatory communications. Mostly, the source said, it included innocuous data such as computer code and lists of email addresses.
Earlier in the week people familiar with the campaign told The Washington Post that the campaign – like many other organizations – had been targeted by would-be hackers but that there was no evidence that any of the attempts had succeeded.
FBI agents visited the Clinton campaign in the spring and described efforts they had observed to break into the campaign’s computer system. Campaign security consultants were aware of the attempts and concurred that none appeared to have been successful.
U.S. officials think that the Russian intelligence agency, the GRU, successfully hacked into the DNC and the Democratic Congressional Campaign Committee.
Senior figures in the national security community are warning that the Russian hack of the DNC and the subsequent release of committee emails by the antisecrecy group WikiLeaks may be part of a broader attack on the U.S. electoral process.
The emails released by WikiLeaks on the eve of the Democratic convention showed that officials at the ostensibly neutral DNC were helping Clinton over Sen. Bernie Sanders (Vermont) in the Democratic primaries, deepening anger and resentment among Sanders’s supporters. The email release led to the resignation of the DNC chair, Rep. Debbie Wasserman Schultz, D-Florida.
If the email leak was orchestrated by the Russian government, “this is an attack not on one party but on the integrity of American democracy,” the Aspen Institute Homeland Security Group, a group of 32 homeland security and counterterrorism experts, said in a statement.
“And it may not be the end of such attacks,” said the group, which includes a former CIA director and a homeland security secretary. “It is not unthinkable that those responsible will steal and release more files, and even salt the files they release with plausible forgeries.”
The FBI issued a statement Friday about the reported hacks.
“The FBI is aware of media reporting on cyber intrusions involving multiple political entities, and is working to determine the accuracy, nature and scope of these matters,” the statement said. “The cyber threat environment continues to evolve as cyber actors target all sectors and their data. The FBI takes seriously any allegations of intrusions, and we will continue to hold accountable those who pose a threat in cyberspace.”
The GRU apparently stole not only DNC emails but also opposition research files on GOP candidate Donald Trump, according to private investigators. Russian government hackers also have targeted computer systems at the Trump campaign, the Republican National Committee, GOP political action committees, among others, law enforcement officials said, but it is unclear if they were successfully breached.
Some lawmakers warned that the operation – if the GRU role is confirmed – appears to have moved beyond traditional espionage into information warfare.
“Now that the precedent has been set of operationalizing the mass leaking of the information, we’re in a whole new dangerous ballgame, with a level of brazen interference that we haven’t seen before,” said Rep. Adam B. Schiff (D-Calif.), the ranking Democrat on the House Intelligence Committee.
Russian officials have dismissed reports of involvement by its intelligence services.
Lawmakers and security experts have called on the Obama administration to ensure that responsibility for the DNC hack and leak is assigned. Schiff and Sen. Dianne Feinstein, D-California, the ranking Democrat on the Senate Intelligence Committee, urged the administration to make public as much information as possible about the incident while protecting sources and methods to illuminate potential Russian motivations for “what would be an unprecedented interference in a U.S. presidential race.”
The Aspen Group warned that election officials at every level of government “should take this lesson to heart: Our electoral process could be a target for reckless foreign governments and terrorist groups.” Members of the group also raised the specter of foreign groups manipulating election results.
“What would be very troubling would be somebody hacking into the actual voting databases or network systems in which ballots are sent to the central database, and either altering results or raising questions about the integrity of the results,” said Michael Chertoff, former homeland security secretary. “That would take the ‘hanging chad’ debacle of 2000 and make it seem trivial. This would become an issue of electronic hanging chads.”
Russia experts say there is no question that Russian President Vladimir Putin would be aware of the operation to hack the DNC and by extension the leak to WikiLeaks if Russian intelligence is involved. “I believe there’s no chance at all that Putin would not have been aware of it,” said Steven L. Hall, a retired CIA officer and expert on Russia and Eurasia. “I cannot imagine something of this seriousness, and also with the direct interest that Putin takes in these kinds of things,” proceeding without his approval.
Some current and former administration officials say the closest analogue to the hack-leak combination is the 2014 hack of Sony Pictures. In that case North Korea broke into the systems of the Hollywood entertainment giant, stole emails and unreleased films, and leaked them in an effort to coerce Sony into pulling a satirical movie about supreme leader Kim Jong Un.
In the case of Sony, the FBI obtained “attribution” – or concluded with high confidence – fairly quickly that North Korea was behind the attack, which also damaged Sony’s computers. The FBI made a public statement naming North Korea less than a month later. And less than three weeks after that, the administration imposed new economic sanctions on the government.
If the FBI concludes that Russia was responsible for the leak, “absolutely they should call Russia out,” Schiff said. He acknowledged there would be fears of escalation and of complicating an already strained relationship with Moscow over Ukraine and Syria. But, he said, “the best way to deter” such conduct is to name the responsible party “publicly and forcefully.”
Private cyber analysts have tracked for several years the GRU hacker group that targeted the Democratic Party organizations. Dubbed APT 28 or Fancy Bear, among other monikers, last year it also hacked the French TV5Monde station, plunging the network’s television channels into darkness. In that case, a front group calling itself the Cyber Caliphate claimed credit for the hack.
Within 24 hours of news of the DNC hack, a figure calling himself Guccifer 2.0 claimed credit and said he was Romanian. Independent researchers, analyzing forensic evidence in his communications and blog posts, have concluded he is part of a Russian information operation campaign.
Such campaigns are centrally directed by the Kremlin – and not by individual agencies, said Joel Harding, an expert on Russian information operations. “You have to look at this as a whole-of-government, Russian government program,” he said.
(c) 2016, The Washington Post · Ellen Nakashima, Tom Hamburger