April 8, 2015—June 9, 2015: A hacking attack on a French TV network is blamed on a Russian group that will later be accused of hacking political entities in the US.

150408TV5MondePierreVerdyAFP

The headquarters of French television network TV5 Monde in Paris, France. (Credit: Pierre Verdy / Agence France Presse)

The French television network TV5 Monde is attacked by hackers on April 8, 2015. A group claiming to be linked to ISIS (also known as the Islamic State) and calling itself “Cyber Caliphate” shuts down the network’s TV channels for several hours. The group also posts pro-ISIS propaganda on the station’s website.

However, on June 9, 2015, it is reported by the BBC and elsewhere that French police have decided that attack was actually done by hackers based in Russia. The “Cyber Caliphate” claim was a false front to deflect blame. Police are said to be focusing their investigation on the Russian hacking group known as Fancy Bear or APT 28. French media reports that the group has also targeted the computer systems of Russian dissidents, Ukrainian activists, and others. (BBC, 6/9/2015) (France24, 6/10/2015)

In July 2016, the Washington Post will report that French authorities believe the Glavnoje Razvedyvatel’noje Upravlenije (GRU) was behind the cyberattack. This is one of two Russian military intelligence agencies that will be accused of hacking the Democratic National Committee (DNC) in 2015 and 2016. The GRU has been linked to the Fancy Bear or APT 28 hacking group. The Post will also claim that some analysts believe the attack was Russian retaliation against France for backing out of an agreement to sell helicopter carriers to Russia because of Russian aggression in Ukraine. (The Washington Post, 7/24/2016)

 

May 26, 2015: The DNC favors Clinton’s presidential ambitions from the start, and wants to “muddy the waters around ethics, transparency, and campaign finance attacks’ to protect her.

The Democratic National Committee goals and strategy (Credit: The Democratic National Committee)

The Democratic National Committee goals and strategy (Credit: The Democratic National Committee)

In June 2016, it will be revealed that hackers broke into the computer network of the Democratic National Committee (DNC), and someone nicknamed “Guccifer 2.0” will post documents that appear to come from the network. One such file is dated from May 26, 2015. It contains advice on how Clinton can win the presidency, even though the Democratic presidential primary campaign has just begun and the DNC is supposed to be neutral until one Democratic candidate wins the nomination.

A portion of the file states: “Reporter Outreach: Working through the DNC and others, we should use background briefings, prep with reporters for interviews with GOP candidates, off-the-record conversations and oppo pitches to help pitch stories with no fingerprints and utilize reporters to drive a message.” The same document also advises: “Use specific hits to muddy the waters around ethics, transparency, and campaign finance attacks on HRC [Hillary Rodham Clinton].”

The document specifies it is addressed to the DNC, but is not clear who exactly wrote the file. (Inquisitr, 6/15/2016)

Summer 2015—May 2016: One or more hackers access the DNC’s computer network.

CrowdStrike logo (Credit: CrowdStrike)

CrowdStrike logo (Credit: CrowdStrike)

In June 2016, it will be reported that the computer network of the DNC [Democratic National Committee] was compromised for about a year. Around May 2016, the security company CrowdStrike is hired by the DNC to investigate and stop the hacking attack. According to CrowdStrike, there actually are two different groups that successfully break into the network, both of them linked to the Russian government.

The first group is said to be known by the nickname Cozy Bear. In 2015, it allegedly successfully infiltrated the unclassified networks of the White House, State Department, US Joint Chiefs of Staff, and others. This group gets into the DNC’s network in the summer of 2015 and is not stopped until May 2016.

The second group is said to be known by the nickname Fancy Bear, and it also has had many other successful attacks. It gets into the network in April 2016 and also is stopped in May 2016.

On June 15, 2016, someone going by the nickname “Guccifer 2.0” posts DNC files on the Internet. This person claims to have no connection to the Russian government, but also claims to have accessed the DNC network for “almost a year,” which is similar to what CrowdStrike says about Cozy Bear. (CrowdStrike.com, 6/15/2016) (The Washington Post, 6/15/2016)

August 18, 2015: Colin Powell suggests everything Clinton touches “she kinda screws up with hubris.”

Jeffrey Leeds (Credit: Leeds Equity Partners)

Jeffrey Leeds (Credit: Leeds Equity Partners)

An email dated August 18, 2015, where Powell expresses to Democratic donor Jeffrey Leeds that Clinton’s email problems show how capable she is of causing problems for herself, as well as for others and their email usage. “They are going to dick up the legitimate and necessary use of emails with friggin’ record rules. I saw email more like a telephone than a cable machine. … Everything HRC touches she kind of screws up with hubris.” (Washington Post, 09/14/16)

The hacker website DCLeaks.com will publish Colin Powell’s hacked emails on September 13, 2016.

 

 

December 2015: The FBI warns the DNC (Democratic National Committee) that it is a target of a hacker attack.

According to a July 2016 Yahoo News article, the FBI contacts the DNC in late 2015 and tells their IT (information technology) staffers that there has been a hacking attack on the DNC’s computer network. The FBI provides no details, such as who the hackers might be.

It will later be discovered that a hacker broke into the DNC network in the summer of 2015. Despite the FBI warning, the hacker won’t be ejected from the network until around June 2016. (Yahoo News, 7/29/2016)

March 2016: The FBI warns the Clinton campaign that it is a target of a hacker attack, but the campaign doesn’t assist the FBI.

160301ClintonFBIpublic

The Clinton campaign logo superimposed over the FBI logo. (Credit: public domain)

This is according to what two unnamed “sources who have been briefed on the matter” will tell Yahoo News in July 2016. FBI officials privately meet with senior Clinton campaign officials and express concern that hackers are using “spear phishing” techniques to access the campaign’s computers. They ask the campaign to turn over internal computer logs and the personal email addresses of top campaign staffers to help the FBI’s investigation. But the campaign declines to do so after deciding the request for personal data is too broad and intrusive. The FBI doesn’t give any mention as to who the hackers might be.

One month later, the campaign will learn on its own that its computers have been hacked and they will use a private cybersecurity company to combat the hackers.

Yahoo News will comment that the FBI’s “warning also could raise new questions about why the campaign and the DNC didn’t take the matter more seriously.”

At the time, the FBI has an active investigation into Clinton’s email usage while she was secretary of state, and Clinton’s campaign isn’t sure how extensive that inquiry is. There have been media reports that the investigation extended into unethical practices at the Clinton Foundation, which could theoretically include interest in more recent communications.

Yahoo News will report that, according to an unnamed internal source, “Campaign officials had reason to fear that any production of campaign computer logs and personal email accounts could be used to further such a probe.” But the FBI insists that its request for data to combat the hacking has no connection to any other investigation, and since there is no subpoena forcing the issue, the Clinton campaign turns down the request. (Yahoo News, 7/29/2016)

March 2016: The same hacking group that allegedly breaches the DNC [Democratic National Committee] computer network may also breach computers of some Clinton presidential campaign staffers.

Clinton's Deputy Communications Director, Kristina Schake (Credit: Getty Images)

Clinton’s Deputy Communications Director, Kristina Schake (Credit: Getty Images)

The hacker or hacking group is known by the nickname Fancy Bear, and is alleged to be working for the Russian government. Fancy Bear gets into the DNC network in April 2016, which makes it separate from the efforts of Cozy Bear (alleged also to be linked to Russia) or Guccifer 2.0 (alleged to be a “lone hacker”) which in either case got into the network for about a year. Fancy Bear’s attack on Clinton’s staffers is said to start in March 2016, according to the security firm SecureWorks. Targets include Clinton’s communications and travel organizers, speechwriters, policy advisers, and campaign finance managers.

The hackers use the “spear phishing” technique of sending an email from a seemingly trusted source in order to get the target to click on a link. In this case, the links are shortened by an Internet service known as Bitly to make it hard to notice that they’re bogus. They take the target to a fake Google login page, since most or all of Clinton’s staffers use Gmail. Once the target gives their user name and password, the hacker can log into the real account and access all the data. The hackers create 213 links targeting 108 hillaryclinton.com addresses. Twenty of those are clicked, raising the possibility that some accounts are successfully breached. (Forbes, 6/16/2016)

April 2016: Hacking attacks on the DNC and the Clinton campaign are first discovered.

On June 14, 2016, McClatchy Newspapers will report that a hacking attack on the DNC [Democratic National Committee] is discovered “in late April 2016, after staffers noticed unusual activity on the DNC’s computer network.” (McClatchy Newspapers, 6/14/2016) 

On June 21, 2016, Bloomberg News will report, “The Clinton campaign was aware as early as April that it had been targeted by hackers with links to the Russian government on at least four recent occasions, according to a person familiar with the campaign’s computer security.” (Bloomberg News, 6/21/2016)

In late July 2016, it will be reported that the FBI warned the Clinton campaign in March 2016 that it was the target of hacking attempts, but the campaign refused to help the FBI stop them.

Around April or May 2016: The FBI warns “dozens of lawmakers” that they are being targeted by hackers.

160401TomDaschleNYMagazine

Former senator Tom Daschle (Credit: NY Magazine)

On July 25, 2016, the Washington Post will report that the FBI warns the “Clinton campaign and dozens of lawmakers” that they are being targeted by hackers. Later reporting by Yahoo News will indicate that the Clinton campaign is first warned by the FBI in March 2016. The timing of the warning to lawmakers is less clear, except that the Post mentions it takes place “weeks before” a media report on June 14, 2016 that hackers had broken into the Democratic National Committee (DNC) computer network.

It still has not been proven that hack on the lawmakers have been successful. However, former Senate majority leader Tom Daschle (D) has told the Post that his email account was hacked recently. But he hasn’t been given any indication if law enforcement is investigating or who the hacker might be. (The Washington Post, 7/25/2016)

 

Late April 2016—Early May, 2016: Hacking attacks on a DNC consultant researching pro-Russian politicians in Ukraine lead DNC leaders to conclude the Russian government is behind such attacks.

160530AlexandraChalupaLinkedIn

Alexandra Chalupa (Credit: Linked In)

Alexandra Chalupa, a consultant for the Democratic National Committee (DNC), has been working for several weeks on an opposition research file about Paul Manafort, the campaign manager of Republican presidential nominee Donald Trump. Manafort has a long history of advising politicians around the world, including controversial dictators. Logging into her Yahoo email account, she gets a warning entitled “Important action required” from a Yahoo cybersecurity team. The warning adds, “We strongly suspect that your account has been the target of state-sponsored actors.”

Paul Manafort (Credit: Linked In)

Paul Manafort (Credit: Linked In)

Paul Manafort was a key adviser to Ukrainian President Viktor Yanukovych from 2004 until 2010. Yanukovych is a controversial figure frequently accused of widespread corruption and was overthrown after a massive series of protests in February 2014, and has since been living in Russia, protected by the Russian government. Chalupa had been drafting memos and writing emails about Manafort’s link to pro-Russian Ukrainian leaders such as Yanukovych when she got the warning. She had been in contact with investigative journalists in Ukraine who had been giving her information about Manafort’s ties there.

Chalupa immediately alerts top DNC officials. But more warnings from Yahoo’s security team follows. On May 3, 2016, she writes in an email to DNC communications director Luis Miranda, “Since I started digging into Manafort, these messages have been a daily occurrence on my Yahoo account despite changing my password often.”

160725ScreenshotCapturedYahooNews(1)

A photo capture of the Yahoo security warning appearing on DNC consultant Alexandra Chalupa’s computer screen. (Credit: Yahoo News)

In July 2016, she will tell Yahoo News, “I was freaked out,” and “This is really scary.” Her email message to Miranda will later be one of 20,000 emails released by WikiLeaks on July 22, 2016, showing that there was good reason to be concerned about hacking attempts.

Chalupa’s email to Miranda, results in concern amongst top level DNC officials. One unnamed insider will later say. “That’s when we knew it was the Russians,” since Russia would be very interested in Chalupa’s research and other countries like China would not. This source also says that as a precaution, “we told her to stop her research.”

Yahoo will later confirm that it did send numerous warnings to Chalupa, and one Yahoo security official will say, “Rest assured we only send these notifications of suspected attacks by state-sponsored actors when we have a high degree of confidence.” (Yahoo News, 7/25/2016)

May 18, 2016: Director of National Intelligence James Clapper warns Clinton and Trump their campaign networks are being hacked.

Director of National Intelligence James Clapper (Credit: ABC News)

Director of National Intelligence James Clapper (Credit: ABC News)

Clapper publicly comments, “We’ve already had some indications” of hacking on the computer networks of the two frontrunners in the presidential race. He warns, “We’ll probably have more.” He suggests the hackers could be working for foreign governments.

V. Miller Newton, who advises federal agencies on data security, says foreign spying on campaign sites is inevitable. “These campaigns are not working on encrypted platforms. It’s a matter of when, and how serious of an impact it is going to have on this election.” (The Associated Press, 5/18/2016

It will later emerge that a hacking attack on the DNC [Democratic National Committee] was already discovered, in late April 2016, after staffers noticed unusual activity on the DNC’s computer network. (McClatchy Newspapers, 6/14/2016)

June 12, 2016: WikiLeaks says it will be making public more of Clinton’s previously unpublished emails.

Juilan Assange appears on ITV on June 12, 2016. (Credit: ITV)

Juilan Assange appears on ITV on June 12, 2016. (Credit: ITV)

In an interview, WikiLeaks founder Julian Assange is asked if his organization has any of Clinton’s “undisclosed emails.” He replies, “We have upcoming leaks in relation to Hillary Clinton,” and “We have emails relating to Hillary Clinton pending publication, that is correct.” He also says, “There is very strong material both in the emails and in relation to the Clinton Foundation.”

He believes this contains enough evidence for the FBI to recommend Clinton’s indictment: “We’ve accumulated a lot of material about Hillary Clinton. We could proceed to an indictment.”

He doesn’t specify when or how many emails might be published. Asked about the FBI’s Clinton investigation, he believes the Justice Department will do the bidding of President Obama and so they will not indict Clinton. (The Guardian, 6/12/2016(ITV, 6/12/2016)

Several days later, a hacked using the nickname Guccifer 2.0 shares files from a recent hack of the DNC (Democratic National Committee) and claims to have given “thousands of files and mails” to WikiLeaks. (Wired, 6/15/2016) (Vice News, 6/15/2016) 

Before June 14, 2016: US officials allegedly warn the Trump, Sanders, and Clinton campaigns that sophisticated hackers are attempting to breach their computers.

A June 21, 2016 Bloomberg News article claims the warnings came before the hack on the DNC [Democratic National Committee] was made public on June 14, 2016. However, it’s unclear when the warnings happened exactly. This is according to one unnamed “person familiar with the government investigation into the attacks.”

But the Trump campaign won’t respond to questions about the warnings, and Sanders spokesperson Michael Briggs says he isn’t aware of the warnings.

Bloomberg News will comment, “Information about the scope of the attacks and the government warnings raises new questions about how long the campaigns have known about the threats and whether they have done enough to protect their systems.” (Bloomberg New, 6/21/2016

It has been reported that the Clinton campaign and related organizations have been attacked by hackers, but there have been no confirmed attacks on the Trump or Sanders campaigns. (Bloomberg News, 6/17/2016)

June 14, 2016: Hackers allegedly linked to the Russian government broke into the DNC’s files.

Democratic National Committee headquarters in Washington, DC. (Credit: public domain)

Democratic National Committee headquarters in Washington, DC. (Credit: public domain)

The Washington Post reports that the emails, text messages, and other computer files of The DNC [Democratic National Committee] were accessed by two groups allegedly linked to Russia. Opposition research on Republican presidential candidate Donald Trump was stolen.

One group known as Cozy Bear broke into the DNC’s network a year ago and maintained access without getting caught. The other group known as Fancy Bear, apparently working independently, did so much more recently. These same hackers also probed the networks of both the Trump and Clinton campaigns, as well as some Republican political action committees, but it is unknown if those attacks succeeded.

The first hacking group typically uses “spear phishing” to gain access. This is when an email appears to come from a someone the recipient knows but actually is meant to trick that person into activating embedded malicious code by clicking on an attachment or link. (Wired, 6/14/2016) (The Washington Post, 6/14/2016

Forbes comments that the “Holy Grail of Russian intelligence is uncovering compromising material that can be used to embarrass, manipulate, or blackmail foreign political leaders.” Furthermore, “If the DNC’s cyber secrets are open to Russian intelligence hackers, the odds are overwhelming that they have Clinton’s private emails as well, especially given that Clinton’s private server was a target of the highest value.” This means Clinton could be blackmailed or otherwise manipulated by Russia as well. Forbes also notes how both cases involved spear phishing. (Forbes, 6/14/2016) 

Clinton was targeted by spear phishing at least three times, twice in May 2011, and once in July 2011. It is unknown if any of those attacks succeeded. (US Department of State, 10/30/2015) (US Department of State, 3/5/2015) (US Department of State, 5/25/2016)

June 14, 2016: Clinton claims to have just learned about the DNC network breach, and inaccurately claims her campaign has not been similarly targeted.

In an interview, Clinton is asked about a news report from earlier in the day that hackers allegedly linked to the Russian government breached the computer network of the DNC [Democratic National Committee]. She is asked the general question, “What can you tell us about that incident? How worrisome is it?”

She replies, “I only learned about it when it was made public. And it is troubling, just as all cyber-attacks against our businesses and our institutions, our government are. The Russians—and according to the reporting—who did this hacking were most likely in the employment of the Russian government.”

She also comments without being prompted, “So far as we know, my campaign has not been hacked into and we’re obviously looking hard at that.” (The Hill, 6/14/2016)

But two days later, Forbes reports that a security company hired by the Clinton campaign has determined many of her campaign staffers have been targeted by hackers in recent months, and there are indications some of their email accounts could have been breached. (Forbes, 6/16/2016)

June 15, 2016: A hacker nicknamed Guccifer 2.0 posts files showing they were behind the DNC hack.

(Credit: public domain)

(Credit: public domain)

One day after the Washington Post reported that alleged Russian hackers broke into the DNC’s [Democratic National Committee] computer network, a man using the nickname “Guccifer 2.0” creates a new website on the Internet showing that person got the DNC files. Guccifer 2.0 likely has no connection to Guccifer, who is now in a US prison, but seems inspired to take the name due to Guccifer’s earlier hacking notoriety.

He posts a 200-page opposition research file on Republican presumptive presidential nominee Donald Trump dating from December 2015, as well as other computer files from the DNC. The files include a sample of donor information, contradicting the DNC’s claim from the day before that no financial information had been stolen.

Guccifer 2.0 also claims to have given “thousands of files and mails” to WikiLeaks. This comes several days after WikiLeaks head Julian Assange promised to post more of Clinton’s emails soon. The security firm CrowdStrike was hired to investigate the DNC hack, and they claimed to be confident that it was a sophisticated operation done by two hacking groups with ties to the Russian government.

However, Guccifer 2.0 claims to be working independently, and says of CrowdStrike, “I’m very pleased the company appreciated my skills so highly. But in fact, it was easy, very easy.”

However, CrowdStrike stands by their original claim and suggests the new website could be “part of a Russian intelligence disinformation campaign.” (Wired, 6/15/2016) (Vice News, 6/15/2016) 

NBC News reports that “several Democratic sources familiar with the party’s opposition research efforts said they believed opposition research book to be authentic. It also includes links to data stored on internal DNC servers, which would not accessible to people outside the committee.” (NBC News, 6/15/2016)

June 16, 2016: Recent alleged Russian hacking attacks appear to have focused on Clinton and the DNC and not other presidential campaigns.

SecureWorks Logo (Credit: SecureWorks)

SecureWorks Logo (Credit: SecureWorks)

SecureWorks is a cybersecurity company that apparently has been hired to investigate recent leaks targeting US government officials, departments, and related entities. Focusing on the hacking group known as Fancy Bear (or APT 28), they conclude with “moderate confidence that the group is operating from the Russian Federation and is gathering intelligence on behalf of the Russian government.” They also conclude that the group targeted Clinton’s presidential campaign and the DNC [Democratic National Committee].

However, SecureWorks have not observed Fancy Bear “[target] the US Republican party or the other US presidential candidates whose campaigns were active between mid-March and mid-May [2016]: Donald Trump, Bernie Sanders, Ted Cruz, Marco Rubio, and John Kasich.” But they point out the other campaigns could have been targeted by other means not noticed by them. (SecureWorks, 6/16/2016)

June 16, 2016: Various clues suggest that “Guccifer 2.0” could be a front for Russian hacking efforts.

Copy of the metadata and the nickname for Felix Dzerzhinsky, written in the Cyrillic alphabet. (Credit: Ars Technica)

Copy of the metadata and the nickname for Felix Dzerzhinsky, written in the Cyrillic alphabet. (Credit: Ars Technica)

On June 15, 2016, someone going by the name “Guccifer 2.0” claimed to be the “lone hacker” behind the breach of the DNC [Democratic National Committee] computer network reported in the media the day before.

However, various clues support the assertion by security experts hired by the DNC that the hacking effort is connected to the Russian government or at least originates from Russia:

  • The metadata of one file sent by Guccifer 2.0 to Gawker contains metadata indicating the last person to change the file used the nickname for Felix Dzerzhinsky (Феликс Эдмундович), a long-dead Russian statesman best known for founding the Soviet secret police.
  • The nickname is written in the Cyrillic alphabet, which means Guccifer 2.0’s computer was configured to use the Russian language and was connected to a Russian-language keyboard.
  • Another file contains some broken web links. The error message is also written in Russian, using the Cyrillic alphabet.
  • A blog post written by Guccifer 2.0 uses “)))” to indicate a smiley face. This is common in Eastern Europe and Russia but very uncommon elsewhere, due to differences with the Russian-language keyboard. (Ars Technica, 6/16/2016)
  • Other metadata indicates the person who saved the files used a cracked version of Office 2007, which is popular in Russia.
  • Vice News reports that Guccifer 2.0 had no online history prior to June 15, and “multiple security sources said they’d never heard of nor seen anyone by that alias” before that date. (Vice News, 6/16/2016)
  • Dave Aitel, CEO of Immunity Security, comments, “You don’t have the FBI or DHS [Department of Homeland Security] coming out and saying: ‘Hey we don’t think it’s Russia.’ If it is Russia, a nation state, it’s a pretty big deal. Otherwise the FBI would say: ‘We’re conducting an investigation.’ But they’re not saying that.”

Ars Technica comments, “Of course, it’s still possible that the Russian fingerprints were left intentionally by someone who has no connection to Russia, or by a Russian-speaking person with no connection to the Russian government, or any number of other scenarios.” (Ars Technica, 6/16/2016)

June 17, 2016: A “deadman’s switch” file increases speculation that WikiLeaks could soon release more Clinton documents.

(A June 17, 2016 WikiLeaks post, including mention of the "deadman's switch" and a "risk insurance" picture. Credit: public domain)

(A June 17, 2016 WikiLeaks post, including mention of the “deadman’s switch” and a “risk insurance” picture. Credit: public domain)

WikiLeaks posts on the Internet an 88-gigabyte encrypted file labeled “WIKILEAKS INSURANCE,” along with the comment, “Protect our coming publications.” This is believed to be a “deadman’s switch,” meaning that unless WikiLeaks personnel are not there to periodically confirm their status, the file will be automatically decrypted, revealing its contents to those who have downloaded it. WikiLeaks have posted several similar files in previous years.

Heavy.com notes that because of recent comments by WikiLeaks head Julian Assange that the organization will soon be publishing more of Clinton’s emails, “many people are wondering if this insurance file is meant to ensure that WikiLeaks can release potentially damaging information about Hillary Clinton.” The file is large enough to contain millions of files if they are all text-based files, but it could include video or other files that take up much more space.

Heavy.com also notes that the reason WikiLeaks doesn’t simply post the files right away is, “The organization often combs through files to redact any sensitive information that might put lives in danger. The INSURANCE file is typically the unredacted version.” (Heavy.com, 6/17/2016)

June 17, 2016: Some cybersecurity experts doubt the Russian government is behind recent hacking attacks.

Nathaniel Gleicher (Credit: Carmen Holt)

Nathaniel Gleicher (Credit: Carmen Holt)

Time Magazine notes that although CrowdStrike, the cybersecurity firm hired by the DNC [Democratic National Committee] to stop the hacking of their computer network, claims the Russian government is behind the attacks, other security experts are skeptical. Someone calling themselves “Guccifer 2.0” has posted some files that appear to come from the DNC hack, and that person claims to be a “lone hacker.”

CrowdStrike asserts this is just an effort to sow confusion about Russian involvement, but some experts doubt that as well.

Nathaniel Gleicher, the former director for cybersecurity policy on the NSC [National Security Council], says, “Attribution is incredibly difficult—I wouldn’t say impossible, but it’s very difficult.”

Reg Harnish, the CEO of the cybersecurity company GreyCastle Security, says the final answer may still be unknown, with political intrigues complicating the picture. “I’ve been personally involved in hundreds of these investigations, and you just don’t end up in the same place where you began. […] I think there’s a lot of misinformation out there right now.”

Scott Borg, the head of the US Cyber Consequences Unit, echoed the skepticism. “Our best guess is that the second (and apparently less skillful) of the two intruders was not Russian intelligence. We are also uncertain about the first group.”

So far, the FBI has not made any comment. (Time, 6/17/2016)

June 20, 2016: Two more cybersecurity companies support CrowdStrike’s conclusion that the Russian government was behind the recent hack of the DNC computer network.

Michael Buratowski (Credit: FidelisCybersecurity)

Michael Buratowski (Credit: FidelisCybersecurity)

The companies are Fidelis Cybersecurity and Mandiant. They base their analysis on five malware samples used in the hacking attack. Fidelis executive Michael Buratowski says, “Based on our comparative analysis, we agree with CrowdStrike and believe that the Cozy Bear and Fancy Bear…groups were involved in successful intrusions at the DNC [Democratic National Committee] . […] The malware samples matched the description, form and function that was described in the CrowdStrike blog post. In addition, they were similar and at times identical to malware that other [research firms] have associated to these actor sets.”

However, the Washington Post reports, “It is also possible, researchers said, that someone else besides the Russians were inside the DNC’s network and had access to the same documents.” (The Washington Post, 6/20/2016) 

A law firm reviewing the DNC attack, Baker & McKenzie, has begun working with three cybersecurity companies to review CrowdStrike’s findings. Fidelis Cybersecurity is one of them, along with FireEye and Palo Alto Networks, Inc. (Bloomberg News, 6/21/2016) (Fidelis Cybersecurity, 6/20/2016)

June 21, 2016: The Clinton Foundation’s computer network was recently successfully hacked by alleged Russian hackers.

Bloomberg News reports this is according to three unnamed “people familiar with the matter.” Clinton Foundation officials say they haven’t been notified of the attack and refuse to say more. The breach was discovered as recently as one week earlier.

The attack appears to be part of a larger sweep of attacks that has targeted at least 4,000 email accounts of people connected to US politics since about October 2015. Many of the targets appear to be linked to Clinton.

Bloomberg News comments, “The thefts set the stage for what could be a Washington remake of the public shaming that shook Sony in 2014, when thousands of inflammatory internal emails filled with gossip about world leaders and Hollywood stars were made public.”

Someone going by the nickname “Guccifer 2.0” has been releasing documents from a hack on the DNC [Democratic National Committee] but it is unknown if this person is linked to the foundation attack. (Bloomberg News, 6/21/2016)

June 21, 2016: Guccifer 2.0 releases 261 more files from the DNC hack.

This is the third release by Guccifer 2.0 of files from the DNC [Democratic National Committee] in a week. Guccifer 2.0 claims on his website, “It’s a big folder of docs devoted to Hillary Clinton that I found on the DNC server.” The files are compilations of news reports and other publicly available documents on existing or likely Democratic candidates from around April 2015, and the vast majority of the files contain information from that time or earlier. Nearly all the files are about Clinton, noting stories that could hurt her and often countering them with pro-Clinton talking points.

The DNC has neither confirmed nor denied that Guccifer 2.0 files come from the DNC breach, but Mother Jones notes that the “new trove of documents [were] apparently pilfered from the [DNC].” (Mother Jones, 6/21/2016)

June 21, 2016: Democrats hope that blaming recent hacking attacks on the Russian government will limit the political fallout.

Glen Caplin (Credit: Global Strategy Group)

Glen Caplin (Credit: Global Strategy Group)

Bloomberg News reports, “If the Democrats can show the hidden hand of Russian intelligence agencies, they believe that voter outrage will probably outweigh any embarrassing revelations, a person familiar with the party’s thinking said.”

In the same article, Clinton spokesperson Glen Caplin refuses to comment on details about recent hacking attacks or confirm if any of Clinton’s campaign staff got successfully hacked. However, Caplin does say, “What appears evident is that the Russian groups responsible for the DNC hack are intent on attempting to influence the outcome of this election.”

The DNC [Democratic National Committee] similarly won’t comment on details or confirm reports of successful attacks. However, the DNC issues a written statement that it believes recent leaks by Guccifer 2.0 are “part of a disinformation campaign by the Russians.”

The Russian government has denied any involvement. (Bloomberg News, 6/21/2016)

June 21, 2016: Guccifer 2.0 is interviewed and claims to be Romanian, not Russian.

Starting June 15, 2015, someone using the nickname “Guccifer 2.0” created a website and started posting files that appear to come from a recent hack of the DNC [Democratic National Committee] computer network. He claims to be a “lone hacker” while some have suggested that he is a front for the Russian government.

For the first time, he is interviewed, by Vice News, through Twitter, so his appearance and location remain unknown. He says he is from Romania, just like the original hacker nicknamed Guccifer, who is now in a US prison. However, Vice News asks him to answer a question in Romanian and he declines to do so. He does make a few comments in Romanian, but they have numerous errors. He says he deliberately left Russian metadata in the leaked documents as his personal “watermark.” Yet he claims, “I don’t like Russians and their foreign policy. I hate being attributed to Russia.”

He says he first breached the DNC network in the summer of 2015. “Then I installed my Trojans on several PCs. I had to go from one PC to another every week so CrowdStrike couldn’t catch me for a long time. I know that they have cool intrusion detection system. But my heuristic algorithms are better.” He claims he finally got kicked out of the network on June 12, 2016, when the DNC “rebooted their system.”

He says he has had other successful hacking attacks, but he refuses to name the targets because “my safety depends on it.” He says he doesn’t care about Donald Trump but targeted the DNC to emulate the work of the original Guccifer. (Vice News, 6/21/2016)

June 22, 2016: Trump says foreign governments can blackmail Clinton over her email secrets.

Presumptive Republican presidential nominee Donald Trump says of Clinton’s emails from her time as secretary of state, “While we may not know what is in those deleted emails, our enemies probably do. So they probably now have a blackmail file over someone who wants to be president of the United States. This fact alone disqualifies her from the presidency. […] We can’t hand over our government to someone whose deepest, darkest secrets may be in the hands of our enemies.” This is part of a speech entirely focusing on criticism of Clinton. (The Hill, 6/22/2016)

He also says, “Hillary Clinton may be the most corrupt person ever to seek the presidency of the United States,” and claims she used the State Department as “her own personal hedge fund.” (NBC News, 6/22/2016)

June 29, 2016: US intelligence is said to be looking closely to see if Russia could be covertly trying to release all of Clinton’s emails to the public.

Russian president Vladimir Putin (Credit: Agence France Presse)

Russian President Vladimir Putin (Credit: Agence France Presse)

The Washington Times claims that an unnamed US intelligence official says US intelligence agencies are closely watching Russian online blogs and other Internet locations for any signs that Russian hackers have obtained Clinton’s emails from her time as secretary of state and are preparing to publicly release them. At least two postings suggest this could be happening, but the evidence cannot be confirmed as authoritative.

Additionally, an unnamed State Department official says Russia, China, and Israel are the three foreign governments most likely to have obtained all of Clinton’s emails, including her deleted ones, through covert hacking operations.

It is known that many organizations and people connected to Clinton have been hacked in recent months, and the Russian government is suspected, but their involvement has not been confirmed. If the Russians are involved, one possible motive would be to influence the FBI’s Clinton investigation and thus the 2016 presidential election. Russian President Vladimir Putin has praised Republican presidential candidate Donald Trump, calling him someone he could “get along very well with,” while Clinton espouses policies that frequently conflict with Russian aims. (The Washington Times, 6/29/2016)

July 2016—August 18, 2016: Hackers target the election databases in two US states, but the motives and identities of the hackers are unclear.

In July 2016, the FBI uncovers evidence that two state election databases may have been recently hacked, in Arizona and Illinois. Officials shut down the voter registration systems in both states in late July 2016, with the Illinois system staying shut down for ten days.

160701JehJohnsonpublic

Jeh Johnson (Credit: public domain)

On August 15, 2016,  Homeland Security Secretary Jeh Johnson heads a conference call with state election officials and offers his department’s help to make state voting systems more secure. In the call, he emphasizes that he is not aware of “specific or credible cybersecurity threats” to the November 2016 presidential election.

Three days later, the FBI Cyber Division issues a warning, titled “Targeting Activity Against State Board of Election Systems.” It reveals that the FBI is investigating hacking attempts on the Arizona and Illinois state election websites. The warning suggests the hackers could be foreigners and asks other states to look for signs that they have been targeted too. Out of the eight known IP addresses used in the attacks, one IP address was used in both attacks, strongly suggesting the attacks were linked.

An unnamed “person who works with state election officials calls the FBI’s warning “completely unprecedented. … There’s never been an alert like that before that we know of.” In the Arizona case, malicious software was introduced into its voter registration system, but apparently there was no successful stealing of data. However, in the Illinois case, the hackers downloaded personal data on up to 200,000 state voters.

160701TomKellermannBBCNews

Tom Kellermann (Credit: BBC News)

It is not known who was behind the attacks. One theory is that the Russian government is responsible. A former lead agent in the FBI’s Cyber Division said the way the hack was done and the level of the FBI’s alert “more than likely means nation-state attackers.” Tom Kellermann, head of the cybersecurity company Strategic Cyber Ventures, believes Russian President Vladimir Putin is ultimately behind the attacks, and thinks it is connected to the hacking of the Democratic National Committee (DNC) and other recently targeted US political targets. Kellermann says of Putin, “I think he’s just unleashed the hounds.”

But another leading theory is that common criminals are trying to steal personal data on state voters for financial gain. Milan Patel, former chief technology officer of the FBI’s Cyber Division, says, “It’s got the hallmark signs of any criminal actors, whether it be Russia or Eastern Europe.” But he adds, “the question of getting into these databases and what it means is certainly not outside the purview of state-sponsored activity.” Some cybersecurity experts note that hackers often target government databases for personal information they can sell.

160701RickBarger

Rich Barger (Credit: Threat Connect)

So far, the motive and identity of the hackers remains uncertain. Rich Barger, chief intelligence officer for ThreatConnect, says that one of the IP addresses listed in the FBI alert previously surfaced in Russian criminal underground hacker forums. However, sometimes these groups work alone, and other times they work for or cooperate with the Russian government. Barger also claims the method of attack on one of the state election systems appears to resemble methods used in other suspected Russian state-sponsored cyberattacks. But cybersecurity consultant Matt Tait says that “no robust evidence as of yet” connects the hacks to the Russian government or any other government.

US officials are considering the possibility that some entity may be attempting to hack into voting systems to influence the tabulation of results in the November 2016 election. A particular worry is that all of six states and parts of four others use only electronic voting with no paper verification. Hackers could conceivably use intrusions into voter registration databases to delete names from voter registration lists. However, this is still considered only a remote possibility. But the FBI is warning states to improve their cybersecurity to reduce the chances this could happen.

News of these attacks and FBI alerts will be made public by Yahoo News on August 29, 2016. (Yahoo News, 8/29/2016) (Politico, 8/29/2016)

July 22, 2016: WikiLeaks releases almost 20,000 DNC emails as the first of a series of Clinton-related leaks.

WikiLeaks publicly releases 19,252 emails and 8,034 email attachments recently hacked from the Democratic National Committee (DNC). The emails are from seven DNC officials: Communications Director Luis Miranda (10,770 emails), National Finance Director Jordon Kaplan (3,797 emails), Finance Chief of Staff Scott Comer (3,095 emails), Finance Director Zachary Allen (1,611 emails), Finance Director of Data and Strategic Initiatives Daniel Parrish (1,472 emails), Senior Advisor Andrew Wright (938 emails) and Northern California Finance Director Robert (Erik) Stowe (751 emails). The emails are from January 2015 until May 25, 2016.

160722DNCMontage

The seven DNC officials are left to right Luis Miranda (Credit: public domain), Jordan Kaplan (Credit: Facebook), Scott Comer (Credit: Linked In), Zachary Allen (Credit: Twitter), Daniel Parrish (Credit: Linked In), Andrew Wright (Credit: Linked In), Robert (Erik) Stowe (Credit: Linked In)

In announcing the release, WikiLeaks mentions this is “part one of our new Hillary Leaks series.” (WikiLeaks, 7/22/2016)

Julian Assange, head of WikiLeaks, mentioned in a June 2016 interview that other coming releases will relate to the Clinton Foundation and to Clinton’s emails (although it’s not clear how many there are or where and when they are from). It also was reported in June 2016 that the DNC computer network had been recently hacked, along with other political entities, such as the Clinton campaign. It also was suspected that the Russian government was behind the DNC hack. However, a previously unknown hacker named Guccifer 2.0 emerged and claimed to be behind the hack, and also claimed to have no ties to Russia. He furthermore claimed to have given thousands of documents to WikiLeaks.

WikiLeaks has a policy of never revealing the sources of their leaked material, and has maintained that policy for this release.

July 22, 2016: Guccifer 2.0 takes credit for the DNC emails posted by WikiLeaks.

160722Guccifer2Tweet

Tweet posted by Guccifer 2.0 on July 22, 2016. (Credit: Guccifer 2.0 / Twitter)

Shortly after WikiLeaks publishes almost 20,000 emails from the Democratic National Committee (DNC), the hacker known as Guccifer 2.0 takes credit. His website is not updated, but he writes at his Twitter account: “@wikileaks published #DNCHack docs I’d given them!!!” (Twitter, 6/22/2016)

He has previously posted many DNC files on his own website, starting on June 15, 2016. And on that same day, he claimed that he had given “thousands of files and mails” to WikiLeaks.

 

July 24, 2016: It is suggested that the Russian government has attempted to influence elections in other countries, sometimes by using front groups.

160724MichaelVickersBAESystems

Michael Vickers (Credit: BAE Systems, Inc.)

Michael Vickers, who was undersecretary of defense for intelligence from 2011 to 2015, says that if the Russian government is behind the recent leak of Democratic National Committee (DNC) emails by WikiLeaks, it would be unprecedented for the US. “What is really new here is the attempt to influence the politics of the United States. That is the problem.”

However, he also points out that there is evidence the Russians have attempted to influence elections in European countries close to their border. For instance, in 2004, a Russian hacker group calling itself Cyber Berkut claimed it hacked and disabled the electronic vote-counting system of the Ukraine central election commission three days before the presidential election. However, analysts believe the hack was actually done by the Glavnoje Razvedyvatel’noje Upravlenije (GRU), one of two Russian military intelligence agencies accused of recently hacking the DNC. These analysts claim the GRU created Cyber Berkut as a false front to deflect responsibility. (The Washington Post, 7/24/2016)

July 25, 2016: Democratic Party officials believe recent hacks are “far more widespread than initially thought.”

160724DNCBoardsCommissionsSpreadsheetWikileaks

Sample of DNC spreadsheet released by Wikileaks, titled “Boards and Commissions” listing generous DNC donors who are being considered for appointments to various Boards and Commissions. Donor email addresses and phone numbers were blacked out by thompsontimeline. (Credit: Wikileaks)

Yahoo News reports about the series of hacking attacks targeting the Democratic National Committee (DNC), Clinton campaign, and other US political targets starting in the summer of 2015 and continuing until at least June 2016. “Two sources familiar with the [DNC] breach said that the hackers’ reach was far more widespread than initially thought and includes personal data about big party contributors and internal ‘vetting’ evaluations that include embarrassing comments about their business dealings (as well as gossipy internal emails about the private affairs of DNC staffers). … Party officials are bracing for more damaging document dumps after Labor Day [September 7, 2016]. ‘They’re having to do serious damage control with the donors right now,’ said a party official familiar with the matter.”

Additionally, Yahoo News mentions, “There are also signs that the hackers have penetrated the personal email of some Clinton campaign staffers — at least those who were in communication with senior DNC staff members.” (Yahoo News, 7/25/2016)

July 25, 2016: Former White House Chief of Staff Bill Daley suggests the Russian government wants to affect the US presidential election with hacking.

160725BillDaleypinterest

Bill Daley (Credit: Pinterest)

Daley says, “I don’t think anybody would be surprised if [Russian President Vladimir] Putin would try to affect the election. That’s like the old ‘Casablanca’ — there’s gambling in the casino. It doesn’t surprise me at all. Period. I think anybody who dismisses that is living in fairy land here.”

He also calls the possibility that the Russian government was behind the hack of Democratic National Committee (DNC) emails “pretty frightening.”

He was White House chief of staff from 2011 to 2012. (The Washington Post, 7/25/2016)

July 25, 2016: The FBI formally acknowledges it is investigating the Democratic National Committee (DNC) hack.

The FBI has been investigating the hack of the DNC and related political entities for months. For instance, the FBI warned the Clinton campaign they were the target of hacking attacks in March 2016. However, this is the first public admission of an investigation. An FBI spokesperson says the bureau will “investigate and hold accountable those who pose a threat in cyberspace.” This announcement comes three days after WikiLeaks publicly posted almost 20,000 emails from the DNC.

160725RussianMilitaryIntelligenceEmblempublic

Emblem of the Glavnoje Razvedyvatel’noje Upravlenije (GRU) (Credit: public domain)

The Washington Post reports that according to unnamed ” individuals familiar with the investigation,” the FBI is focusing on the Russian military intelligence agency, known as the Glavnoje Razvedyvatel’noje Upravlenije or GRU, and looking into if it was responsible for giving the emails to WikiLeaks. However, it is believed that the Russian Federal Security Service, known as the Federal’naya Sluzhba Bezopasnosti or FSB, broke into the DNC’s computers as well.

The FBI wants to determine with certainty whether the Russian government passed the emails to WikiLeaks. This is likely to involve other US intelligence agencies, such as the NSA and the CIA, which potentially could intercept communications or gather intelligence overseas.

If it is definitively proven that the Russians are responsible, then the US would have to consider what to do next. The Post comments, ” Responses could range from a diplomatic wrist slap or warning to countermeasures.” In 2014, Sony Pictures was hacked, and there were reports that the government of North Korea was responsible. The US government imposed economic sanctions on North Korea in response. President Obama also signed an executive order enabling US officials to impose economic sanctions in response to significant hacking attacks. (The Washington Post, 7/25/2016)

July 25, 2016: Former CIA Director Michael Hayden says the Russians could be “weaponizing information” with leaks of hacked emails.

160725MichaelHaydenLuisMAlvarezAP

Former CIA director Michael Hayden (Credit: Luis M. Alvarez / The Associated Press)

Hayden says that if the Russian government is behind the recent leaks of Democratic National Committee (DNC) emails by WikiLeaks, this would mean “they’re clearly taking their game to another level. It would be weaponizing information. You don’t want a foreign power affecting your election. We have laws against that.”

Hayden was appointed head of the NSA by President Bill Clinton and then he was later appointed head of the CIA by President George W. Bush. (The Washington Post, 7/25/2016)

July 25, 2016: WikiLeaks discourages suggestions that the Russian government is behind its release of DNC emails.

160725WikileaksDNCLogo

Wikileaks cartoon that accompanied the DNC documents release. (Credit: Latoff / Wikileaks)

In an interview with NBC News, Wikileaks leader Julian Assange won’t say who gave WikiLeaks the Democratic National Committee (DNC) emails they have recently made public, as the group has a policy to never reveal their sources.

However, Assange discourages the widespread speculation that the emails come from hackers linked to the Russian government. Assange suggests that the DNC’s security was so weak that it could have been hacked by multiple groups. He also insists, “The emails that we have released are different sets of documents to the documents of those [that] people have analyzed.”

A hacker or hacking group going by the name of Guccifer 2.0 claims to have given the emails to WikiLeaks, but WikiLeaks has not confirmed this.

A WikiLeaks representative also comments, “Our publication of leaked DNC emails and the many DNC hacks over the last two years are separate incidents and should not be conflated.” (The Daily Beast, 7/26/2016)

July 26, 2016—July 28, 2016: Russia denies any role in hacking the DNC’s emails and claims to be neutral in the US presidential election.

160726SergeyLavrovpublic

Russian Foreign Minister Sergey Lavrov (Credit: public domain)

On July 26, 2016, Russian Foreign Minister Sergey Lavrov strongly dismisses suggestions that the Russian government could have been behind the hacks that led to the public release of 20,000 Democratic National Committee (DNC) emails.  He says, “I don’t want to use four-letter words.”  (The New York Times, 7/26/2016)

Two days later, Russian government spokesperson Dmitry Peskov says accusations of Russian involvement in the hacking of the emails border on “total stupidity” and are motivated by anti-Russian sentiment. “As regards these [email] batches, that is not our headache. We never poke our noses into others’ affairs and we really don’t like it when people try to poke their nose into ours. … The Americans need to get to the bottom of what these emails are themselves and find out what it’s all about.”

Peskov also says Russia won’t change what he claims has been a neutral stance on the US 2016 presidential election. “We know perfectly well that candidates in the heat of a preelection struggle say one thing, but that later, when under the weight of responsibility, their rhetoric becomes more balanced.”

Some US analysts claim that the Russian media, which is heavily influenced by the Russian government, has shown a clear tilt in favor of Trump. (Reuters, 7/28/2016)

July 26, 2016: WikiLeaks head Julian Assange says WikiLeaks might release “a lot more material” relevant to the US presidential campaign.

160727AssangeMatthewChanceCNN

CNN’s Matthew Chance interviews Julian Assange over a video link on July 26, 2016. (Credit: CNN, Moscow)

Assange is vague on details about future releases. He is asked by CNN about reports that the Russian government might be behind the recent hack of the Democratic National Committee (DNC) computer network. WikiLeaks has a policy of never revealing its sources, and Assange maintains that policy by refusing to confirm or deny anything. He says, “Perhaps one day the source or sources will step forward and that might be an interesting moment. Some people may have egg on their faces. But to exclude certain actors is to make it easier to find out who our sources are.”

He additionally says that Clinton and other Democratic officials are using the specter of Russian involvement to distract from the content of the emails. “It raises questions about the natural instincts of Clinton that when confronted with a serious domestic political scandal, she tries to blame the Russians, blame the Chinese, et cetera. Because if she does that while in government, it could lead to problems.” (CNN, 7/27/2016)

July 26, 2016: US intelligence agencies have “high confidence” that the Russian government is behind the hack of DNC emails.

160726RussianFederalSecurityService

Emblem of the Russian Federal Security Service (Credit: public domain)

The New York Times claims this is according to unnamed “federal officials who have been briefed on the evidence.” But these officials are uncertain if the hack is part of “fairly routine cyberespionage” or part of an effort to manipulate the 2016 US presidential election. The DNC (Democratic National Committee) emails were  published by WikiLeaks on July 22, 2016, causing political turmoil for Democrats and resulting in the resignation of Debbie Wasserman Schultz, from her position as DNC chair.

The federal investigation, involving the FBI and other intelligence agencies began in April 2016, when the hack was first detected. It has concluded that the Russian Federal Security Service (Federal’naya Sluzhba Bezopasnosti or FSB) entered the DNC’s computer network in the summer of 2015. (This corresponds with previous reports of a hacking by a Russian group known as Cozy Bear or APT 29.) The Rusian Main Intelligence Directorate (Glavnoje Razvedyvatel’noje Upravlenije or GRU) independently penetrated the same network later. (This corresponds with previous reports of a hacking by a Russian group known as Fancy Bear or APT 28.) Investigators believe the GRU has been playing a larger role in publicly releasing the emails.

The Times says the intelligence community’s conclusion puts pressure on President Obama to publicly accuse Russia of orchestrating the hacking, which could negatively impact the diplomatic relationship between the US and Russia in general. (The New York Times, 7/26/2016)

July 26, 2016: President Obama suggests Russians could be behind the hack that led to the WikiLeaks release of DNC emails.

President Obama is asked if Russia could be behind hacks that led to 20,000 Democratic National Committee (DNC) emails getting released by WikiLeaks. He says the FBI is still investigating but also “experts have attributed this to the Russians.”

160726ObamaGuthrieNBCNews

Obama (left) is interviewed by Today’s Savannah Guthrie on July 26, 2016. (Credit: NBC)

He adds, “What we do know is is that the Russians hack our systems. Not just government systems, but private systems. But you know, what the motives were in terms of the leaks, all that — I can’t say directly. What I do know is that Donald Trump has repeatedly expressed admiration for Vladimir Putin.”

Asked if he’s suggesting that Russian leader Vladimir Putin could be motivated to help Trump win the November 2016 election, Obama replies, “I am basing this on what Mr. Trump himself has said. And I think that — Trump’s gotten pretty favorable coverage­­­ — back in Russia.” (Politico, 7/26/2016)

He stops stopped short of accusing Russia of trying to manipulate the election, but says “anything’s possible.” He also claims that “on a regular basis, [the Russians] try to influence elections in Europe.” (The New York Times, 7/26/2016)

July 27, 2016: Ex-CIA head Panetta questions Trump’s loyalty after Trump asks Russia to help him win election.

Leon Panetta (Credit: ChipSomodevilla / Agence France Presse / Getty Images)

Leon Panetta (Credit: Chip Somodevilla / Agence France Presse / Getty Images)

Former CIA Director Leon Panetta criticizes Republican presidential nominee Donald Trump for his recent comments encouraging the Russian government to find and leak Hillary Clinton’s deleted emails from when she was secretary of state.

Panetta says, “You have a presidential candidate who is, in fact, asking the Russians to engage in American politics. I think that’s beyond the pale… he is truly not qualified to be president of the United States.”

Panetta served as both CIA director and defense secretary under President Obama. His comments come on the same day he gives a speech to support Clinton at the Democratic National Convention. (Raw Story, 7/27/2016)

July 27, 2016: US intelligence hasn’t found proof that the Russian government is responsible for WikiLeaks getting recently hacked emails.

The Washington Post reports that “Intelligence officials, who spoke on the condition of anonymity to discuss an issue under investigation, said there is little doubt that agents of the Russian government hacked the Democratic National Committee [DNC], and the White House was informed months ago of [Russia’s] culpability.” However, days after WikiLeaks posted almost 20,000 DNC emails, the Post adds, “The intelligence community, the officials said, has not reached a conclusion about who passed the emails to WikiLeaks.”

160727KeithAlexanderAP

Former NSA director Keith Alexander, testifying before Congress in 2013. (Credit: The Associated Press)

One unnamed US official says, “We have not drawn any evidentiary connection to any Russian intelligence service and WikiLeaks — none.”

Former NSA Director Keith Alexander says, “Determining with confidence who was behind it — if the Russians were the hackers, seeing them pass that data to WikiLeaks — is probably much more difficult than attributing it to the initial hacker. That’s a tough one — especially because there are different ways of passing that information, not all electronic.”

Furthermore, even if Russia is behind the leaks to WikiLeaks, the motivation is unclear. A key question is if Russia is attempting to influence the November 2016 US presidential election. Michael Hayden, former director of both the NSA and the CIA, states, “Frankly, I don’t think they’re motivated by thinking they can affect the election itself.” He thinks the Russians may be flexing their muscles “to demonstrate that they can — not necessarily to make [Donald] Trump win or Hillary [Clinton] lose.”

160727LeoTaddeoTwitter

Leo Taddeo (Credit: Twitter)

Leo Taddeo, a former FBI agent who worked with cybersecurity operations, says, “This is not [Russian leader Vladimir] Putin trying to help Trump. I think they were messaging Hillary Clinton, telling her that they can get in the way of her election if she doesn’t show some flexibility in her position toward them.”

Representative Adam Schiff (D) believes that if Russia is ultimately responsible, the Obama administration “should make it known publicly and forcefully. Even if they’re not able to lay out the evidence because it would disclose sources and methods, they should make the attribution.” (The Washington Post, 7/27/2016)

July 28, 2016: Director of National Intelligence James Clapper shows reluctance to blame Russia for recent hacks on US political entities.

160728JamesClapperpublic

Director of National Intelligence James Clapper (Credit: public domain)

Clapper says the US government is not “quite ready yet” to “make a public call” about who is responsible for the hacking on the Democratic National Committee’s (DNC) computer network that resulted in almost 20,000 emails being released by WikiLeaks. However, he hints that one of “the usual suspects” is likely to blame. He also says, “We don’t know enough [yet] to … ascribe a motivation, regardless of who it may have been.”

Yahoo News reports that there is a vigorous debate inside the Obama administration about whether to publicly blame the Russian government for the hacking. One unnamed senior law enforcement official says the Russians are “most probably” involved, but investigation is ongoing.

Clapper is said to be amongst a faction who is resisting publicly blaming the Russians, since it is the kind of activity that intelligence agencies regularly engage in, including the US at times. Clapper also publicly comments, “[I’m] taken aback a bit by … the hyperventilation over this,” He adds in a sarcastic tone, “I’m shocked somebody did some hacking. That’s never happened before.” (Yahoo News, 7/29/2016)

July 28, 2016: Whistleblower Edward Snowden criticizes WikiLeaks for its willingness to compromise people’s privacy.

160728EdwardSnowdenDigitalTrends

Edward Snowden (Credit: Digital Trends)

He writes on Twitter, “Democratizing information has never been more vital, and WikiLeaks has helped. But their hostility to even modest curation is a mistake.” Snowden was an NSA contractor, but he has been hiding in Russia to avoid prosecution after exposing illegal surveillance practices by the US government.

On June 22, 2016, Wikileaks released 20,000 Democratic National Committee (DNC) emails. But they didn’t redact names, social security numbers, credit card information, or other personal data. (Raw Story, 7/28/2016)

Later on July 28, 2016, WikiLeaks replies on Twitter with the comment: “@Snowden Opportunism won’t earn you a pardon from Clinton & curation is not censorship of ruling party cash flows.”

When Snowden leaked government documents, he gave them to reporters who made some redactions. Whereas WikiLeaks has seemingly made no redactions at all, as Snowden has pointed out. (The Washington Post, 7/28/2016)

August 12, 2016: Whoever hacked DNC and other Democrat-related emails in the last year may have also targeted Republicans.

The Daily Beast reports that cybersecurity experts believe the hacker or hackers who stole emails from the DNC (Democratic National Committee) are behind a website known as DCLeaks. The site went public in June 2016 to little media attention. But the site contains emails from hundreds of Republican and Democratic US politicans, including staffers to Republican Senators John McCain and Linsey Graham, plus staffers to former Republican Repesentative Michelle Bachmann.  An unnamed “an individual close to the investigation of the Democratic Party hacks” says the evidence is growing that both parties have been targeted. “Everyone is sweating this right now. This isn’t just limited to Democrats.”

160812McCainGrahamKevinLamarqueReuters

Senators John McCain (left) and Linsey Graham (right) (Credit: Kevin Lamarque / Reuters)

The cybersecurity company ThreatConnect has been investigating the recent hacks of US political targets, and they call DCLeaks a “Russian-backed influence outlet.” In particular, they have linked it to Fancy Bear (a.k.a. APT 28), a hacking group also accused of hacking the DNC, an believed by many to be working for the Russian government. “DCLeaks’ registration and hosting information aligns with other Fancy Bear activities and known tactics, techniques, and procedures.” They also claim that the hacker or hacking group known as Guccifer 2.0, who claims to be behind the hacking of the DNC emails that WikiLeaks publicly posted in July 2016, is linked to DCLeaks.
The Daily Beast reports that “researchers, at ThreatConnect and elsewhere, also now believe that Guccifer 2.0 was WikiLeaks’ source and that the group is acting as a front for the Russian government.” (The Daily Beast, 8/12/2016)

August 18, 2016: The Clinton Foundation’s computer network may have been recently hacked.

Reuters reports that the foundation has recently hired the cybersecurity company FireEye to investigte and combat hacking after seeing indications of possible hacking. This is according to two unnamed “sources familiar with the matter.”

No stolen emails or documents from the foundation have been made public so far. However, one of the sources plus two unnamed US security officials say that hackers appear to have used “spear phishing” techniques to gain access to the foundation’s network, in the same way they’ve hacked the Democratic National Committee (DNC) and other political targets. (Reuters, 8/18/2016)

August 18, 2016: The Clinton Foundation claims its computers have not been hacked.

160818FireEyePublic

Logo of FireEye (Credit: public domain)

Earlier in the day, Reuters reported from several sources that it is likely the Clinton Foundation’s computer network has been recently hacked. But the foundation says, “We have no evidence Clinton Foundation systems were breached and have not been notified by law enforcement of an issue.”

Reuters also reported the foundation recently hired the cybersecurity company FireEye to combat hacking. The foundation has not responded to this. (Politico, 8/18/2016)

August 21, 2016: A Tweet predicting trouble for Clinton’s campaign chair will later lead to accusations of collusion between WikiLeaks and Donald Trump’s presidential campaign.

Roger Stone (Credit: CBS Miami)

Roger Stone (Credit: CBS Miami)

Roger Stone writes on Twitter, “Trust me, it will soon be [John] Podesta’s time in the barrel.” (Twitter, 8/21/2016) Stone is a Republican strategist and confidant of Republican presidential candidate Donald Trump, while Podesta is Clinton’s campaign chair.

On October 7, 2016, Stone’s Tweet will take on new meaning when WikiLeaks begins posting thousands of Podesta’s private emails.

Several days later, Podesta will cite this Tweet and then claim “it’s a reasonable assumption, or at least a reasonable conclusion, that Mr. Stone had advance warning and the Trump campaign had advance warning” about the WikiLeaks release. (The Washington Post, 10/11/2016)

However, Stone will claim that the Tweet was in reference to a separate story he was working on that would accuse Podesta of possible criminal wrongdoing. But he will also say that he has had “back-channel communications” with WikiLeaks leader Julian Assange through a mutual friend. (CBS Miami, 10/12/2016)