The Federal Bureau of Investigation (FBI) on Monday confirmed that they have launched an investigation into the hack of the Democratic National Convention (DNC), which resulted in the publication of a trove of internal emails totaling nearly 20,000.
Some of the emails contained information revealing a DNC favoring Hillary Clinton over Bernie Sanders during the primary season. In the wake of the ensuing scandal, DNC Chairwoman Debbie Wasserman Schultz resigned on Sunday.
“The FBI is investigating a cyber intrusion involving the DNC and are working to determine the nature and scope of the matter,” the FBI said in a statement. “A compromise of this nature is something we take very seriously, and the FBI will continue to investigate and hold accountable those who pose a threat in cyberspace.”
The Hilary Clinton campaign strongly suspects Russian involvement in the hack. Clinton’s campaign manager Robby Mook charged Russia with orchestrating the email leak in an effort to help Republican presidential nominee Donald Trump.
“What’s disturbing to us is that experts are telling us that Russian state actors broke into the DNC, stole these emails, and, other experts are now saying, the Russians are releasing these emails for the purpose of helping Donald Trump. I don’t think it’s coincidental that these emails were released on the eve of our convention here,” said Mook on CNN’s “State of the Union.”
Trump strongly dismissed the accusation. “The new joke in town is that Russia leaked the disastrous DNC e-mails, which should never have been written (stupid), because Putin likes me,” he tweeted.
Asked during a press conference on Monday whether the White House is ready to point the finger at Russia, Press Secretary Josh Earnest said they are confident the agencies investigating the incident, including the FBI, will come to a conclusion regarding attribution. He also said the White House could not speak to the veracity of conclusions on the matter reached by private sector entities.
“So the FBI has put out a statement indicating that they are investigating this situation, and the President and his team obviously have made cybersecurity a top priority,” said Earnest. “We know that there are a variety of actors, both state and criminal, who are looking for vulnerabilities in the cybersecurity of the United States, and that includes Russia.”
Although Russia says the allegations are absurd, several security firms stand by their research indicating that the Kremlin is responsible. Cybersecurity firm Crowdstrike in June 2016 published a blog post confirming that two separate Russian intelligence-affiliated adversaries—COZY BEAR and FANCY BEAR— were behind the attack.
At that time, Crowdstrike also predicted that attacks against electoral candidates would likely continue up until the election in November.
“Both adversaries engage in extensive political and economic espionage for the benefit of the government of the Russian Federation and are believed to be closely linked to the Russian government’s powerful and highly capable intelligence services,” Dmitri Alperovitch, co-founder and CTO of Crowdstrike, wrote in the blog post.
Several other cybersecurity firms, including Fidelis Cybersecurity and Mandiant, agree with CrowdStrike’s conclusion.
The intrusion into the DNC computer networks is just the latest in a recent wave of Russian-linked cyberespionage operations targeting the United States. In July 2014, Homeland Security Today reported on a Department of Homeland Security (DHS) alert warning critical infrastructure operators of the Russian hacking group known as “Energetic Bear,” or “Dragonfly.”
Energetic Bear was behind a sophisticated malware campaign primarily targeting the energy sector in the United States and Europe with the capability to sabotage the power supply of the attacked countries. According to Symantec, the hacking group targeted energy grid operators, major electricity generation firms, petroleum pipeline operators, and energy industry industrial control system equipment manufacturers.
Furthermore, Crowdstrike released a report last year revealing that FANCY BEAR—the Russian actor presumably behind the DNC attack—has targeted government and military institutions in a number of countries.
Nation-state sponsored cyber intrusions have been on the rise for several years, and will likely continue to be a major issue, according to Crowdstrike. In response, it is critical that public and private sector organizations put effective security measures in place to protect themselves.
In a statement to Homeland Security Today, Jeff Phillips, executive director of Federal at BeyondTrust, said the government has made a lot of progress in protecting information security assets through programs and mandates such as the Cybersecurity Strategy and Implementation Plan, deployment of the DHS Continuous Diagnostic and Mitigation program and the Department of Defense’s Cyber Security Discipline Implementation Plan.
However, Philips questioned, “Will these compelling events drive broader mandatory adoption of these federal policies to organizations like the DNC that have such broad access to our government officials and influence over the fabric of our political system?”
Although the government programs and mandates encourage best practices and are a great starting point to improve protection of government information and assets, they are constantly bombarded by attacks from inside and outside the organization.
“These agencies and organizations must combat risks by remaining ever vigilant; employing best practices recommended by industry and outlined in federal policy,” said Philips. “Utilizing an IT security platform that reduces user-based risk, supports least privilege and mitigates real-time security exposures is a critical tool for protecting our national infrastructure and those closely aligned to the business of government.”
