Like a scene from an Errol Morris documentary, the recently disclosed cyberattacks targeting the Democratic Party remains rife with known knows and known unknowns.
What multiple security firms examining the breach have confirmed is that at least two cyberespionage units with ties to the Russian government successfully infiltrated the Democratic National Committee, gaining access to countless internal memos and reports.
The potential—if not suspiciously convenient involvement—of a self-proclaimed “Romanian” hacker, however, seems to have thrown a wrench in the works. Here's a quick breakdown of what has been confirmed about the breach and what remains entirely up in the air.
For roughly a year, a group of hackers had access to the computers systems of the DNC. CrowdStrike, a cybersecurity firm hired to analyze the breach, claims the Democrats had been targeted by at least two separate groups affiliated with Russian military intelligence. The firm had reportedly analyzed other breaches by both groups over the past two years.
The techniques and software employed during the breach have been attributed to Russian hackers by two additional cybersecurity firms, Fidelis and Mandiant. The two hacking groups, codenamed Cozy Bear and Fancy Bear, were likely unaware of each other’s presence in the DNC system, according to CrowdStrike.
A security researcher at Mandiant, an American firm based in Virginia, told the Washington Post on Monday that malware used in the DNC hack was previously used by “APT 28 and APT 29,” which are the firm’s codenames for Fancy Bear and Cozy Bear, respectively.
Whereas Fancy Bear is said to have compromised the network’s security as recently as April, immediately targeting opposition research on presumptive Republican nominee Donald Trump, Cozy Bear reportedly gained access to the DNC system last summer. Until about two weeks ago, Cozy Bear had full access to the party’s internal emails and chats.
It was Fancy Bear’s activity, the DNC says, that first alerted them to Cozy Bear’s presence in the network.
The anti-Trump playbook purportedly stolen from the DNC, which is apparently several months old, according to research by Gawker, revealed the party's strategy for painting the now-GOP frontrunner as “a liar” who is “loyal only to himself.”
“Whether it’s American workers, the Republican Party, or his wives, Trump’s only fidelity has been to himself and with that he has shown that he has no problem lying to the American people,” the document reads. “Trump will say anything and do anything to get what he wants without regard for those he harms.”
Trump characterized the material as mostly inaccurate and accused the DNC of staging the breach itself. “We believe it was the DNC that did the ‘hacking’ as a way to distract from the many issues facing their deeply flawed candidate and failed party leader,” the Republican candidate said in a statement Wednesday.
CrowdStrike told the Post on June 14 that the unauthorized access was probably obtained by phishing, meaning DNC staff members most likely received deceptively crafted emails containing malicious files or links that allowed the hackers to break into the system.
Citing sources familiar with the government’s investigation, Bloomberg reported on Tuesday that hackers “sought data from at least 4,000 individuals associated with U.S. politics” over the course of seven months. The targets include, but are not limited to, the Democratic Party, Hillary Clinton’s presidential campaign, and the Bill, Hillary, and Chelsea Clinton Foundation.
A former White House cybersecurity official told Politico on Tuesday the leaked documents were a sure sign that “Putin’s security services are now trying to influence the U.S. presidential election,” calling the hack a “direct attack on our democracy.”
Dmitry Peskov, a Kremlin spokesperson, denied Russia’s involvement in a comment to Reuters last week. “I completely rule out a possibility that the [Russian] government or the government bodies have been involved in this,” he said.
Here's where things get confusing.
An individual identifying themselves as “Guccifer 2.0” has taken credit for breaching the DNC’s network, though his appearance may be an attempt to muddy the attribution.
The purported hacker’s handle, Guccifer 2.0, is a reference to Marcel Lazăr Lehel, aka “Guccifer,” a computer hacker extradited to the U.S. by Romania in April. Lehel pleaded guilty to a series of high-level cyberattacks targeting prominent political officials, among them former Presidents George W. Bush and George H.W. Bush.
As evidence of his or her involvement, the purported hacker published a trove of documents allegedly stolen from the DNC including a list of donors who made large contributions to the Clinton Foundation—files that may prove useful to the Trump in assailing the former secretary of state over her financial ties.
While the DNC has confirmed the hack, it remains unconfirmed whether the documents Guccifer 2.0 has released are legitimate.
Motherboard published an interview with Guccifer 2.0 on Tuesday in which the individual claimed to also be Romanian. However, the person communicating with Motherboard appeared to struggle with the language, fueling suspicions that the individual was misleading reporters.
The introduction of Guccifer 2.0 has given rise to speculation that Russian intelligence services are working to obfuscate the Kremlin’s involvement in the breach.
The alleged hacker claimed to have no affinity for Russia or its foreign policy—“I hate being attributed to Russia,” he told Motherboard—while claiming that Russian metadata contained in the leaked documents was intentionally created as a kind of personal signature.
To sum up: The DNC was hacked. Experts say the Russian government did it, while Russia denies everything. A lone hacker has claimed responsibility for the hack and began releasing documents that may or may not have been stolen from the DNC. Many believe Guccifer 2.0 is part of a ploy to divert attention away from Russia. Trump thinks the DNC orchestrated the hack itself.