Late February 2009: State Department security officials worry about Clinton’s BlackBerry use.

The US State Department headquarters in Washington, DC. "Mahogany Row" is on the top floor. (J. Scott Applewhite / The Associated Press)

The US State Department headquarters in Washington, DC. “Mahogany Row” is on the top floor. (J. Scott Applewhite / The Associated Press)

Few State Department officials appear to know that Clinton has a private email server in her house.

However, news about her frequent BlackBerry use soon spreads among the Department’s security officials. They are concerned about “Mahogany Row,” the seventh floor offices of Clinton and her top aides.

A decade earlier, Russian spies placed a listening device in a chair on that floor. Since then, on multiple occasions, hackers had breached computers in the State Department and other federal agencies.

State Department security officials are particularly concerned that Clinton’s BlackBerry could be compromised, and they worry that she could be setting a “bad example” for others in the department. They craft a memo that discusses the risks, which will be sent out on March 6. (The Washington Post, 3/27/2016)

March 15, 2013—March 21, 2013: Clinton’s private server is repeatedly scanned from Russia shortly after Guccifer’s hack revealed her server domain.

On March 14, 2013, the Romanian hacker known as Guccifer broke into the email account of Clinton confidant Sid Blumenthal and learned Clinton’s private email address and thus her clintonemail.com server domain.

A September 2016 FBI report will reveal that “An examination of log files [of Clinton’s server] from March 2013 indicated that IP addresses from Russia and Ukraine attempted to scan the server on March 15, 2013, the day after the Blumenthal compromise, and on March 19 and March 21, 2013. However, none of these attempts were successful, and it could not be determined whether this activity was attributable to [Guccifer].” (Federal Bureau of Investigation, 9/2/2016)

October 29, 2013: In a private speech, Clinton says she had to leave her phone and computer in a special box when traveling to China and Russia, but there is evidence she sent at least one email from Russia.

Clinton is greeted by Vice-Governor of St. Petersburg Oleg Markov as US Ambassador to Russia Michael McFaul looks on in St. Petersburg, Russia, on June 28, 2012.

Clinton is greeted by Vice-Governor of St. Petersburg Oleg Markov, as US Ambassador to Russia Michael McFaul looks on in St. Petersburg, Russia, on June 28, 2012. (Credit: public domain)

Clinton gives a private paid speech for Goldman Sachs, a financial services company. In it, she says, “[A]nybody who has ever traveled in other countries, some of which shall remain nameless, except for Russia and China, you know that you can’t bring your phones and your computers. And if you do, good luck. I mean, we would not only take the batteries out, we would leave the batteries and the devices on the plane in special boxes. Now, we didn’t do that because we thought it would be fun to tell somebody about. We did it because we knew that we were all targets and that we would be totally vulnerable.”

She will make similar comments in a private paid speech on August 28, 2014: “[E]very time I went to countries like China or Russia, I mean, we couldn’t take our computers, we couldn’t take our personal devices, we couldn’t take anything off the plane because they’re so good, they would penetrate them in a minute, less, a nanosecond. So we would take the batteries out, we’d leave them on the plane.”

The comments from both speeches will be flagged as potentially politically embarrassing by Tony Carrk, Clinton’s research director. Although the comments are made in private, Carrk’s January 2016 email mentioning the quotes will be made public by WikiLeaks in October 2016. (WikiLeaks, 10/7/2016)

Based on information from 2016 FBI interviews of Clinton and her aide Huma Abedin, it appears Clinton used her BlackBerry while still secretary of state to send an email to President Obama from St. Petersburg, Russia on June 28, 2012.

Mid-November 2014: The State Department apparently successfully thwarts an attempt by Russian hackers to penetrate its email system.

The State Department apparently successfully thwarts an attempt by Russian hackers to penetrate its email system.”’ The entire computer network is quickly shut down for several days after evidence is found that a hacker entered the system. (The Washington Post, 11/16/2014) 

It is alleged that the US government believes the Russian government is responsible. The attack begins when a department employee falls for “spear phishing,” a trick in which a computer user is is led to click on a bogus link that loads malicious software onto the network. It is believed that only the department’s unclassified network is infected, since the classified and unclassified networks are never allowed to reside on the same computer. But the damage is widespread, and thousands of computers in embassies and offices around the world are affected.

In February 2015, the Wall Street Journal will report that the department is still struggling to make sure all traces of the attack are gone from its network. (The Wall Street Journal, 2/18/2015)

In March 2015, Wired Magazine will later comment, “[A]t least, in that case, there was a response. If the same sort of highly resourced hackers had gone after the server in Clinton’s basement, there’s no guarantee that the same alarms would have gone off.” (Wired, 3/4/2015)

April 8, 2015—June 9, 2015: A hacking attack on a French TV network is blamed on a Russian group that will later be accused of hacking political entities in the US.

150408TV5MondePierreVerdyAFP

The headquarters of French television network TV5 Monde in Paris, France. (Credit: Pierre Verdy / Agence France Presse)

The French television network TV5 Monde is attacked by hackers on April 8, 2015. A group claiming to be linked to ISIS (also known as the Islamic State) and calling itself “Cyber Caliphate” shuts down the network’s TV channels for several hours. The group also posts pro-ISIS propaganda on the station’s website.

However, on June 9, 2015, it is reported by the BBC and elsewhere that French police have decided that attack was actually done by hackers based in Russia. The “Cyber Caliphate” claim was a false front to deflect blame. Police are said to be focusing their investigation on the Russian hacking group known as Fancy Bear or APT 28. French media reports that the group has also targeted the computer systems of Russian dissidents, Ukrainian activists, and others. (BBC, 6/9/2015) (France24, 6/10/2015)

In July 2016, the Washington Post will report that French authorities believe the Glavnoje Razvedyvatel’noje Upravlenije (GRU) was behind the cyberattack. This is one of two Russian military intelligence agencies that will be accused of hacking the Democratic National Committee (DNC) in 2015 and 2016. The GRU has been linked to the Fancy Bear or APT 28 hacking group. The Post will also claim that some analysts believe the attack was Russian retaliation against France for backing out of an agreement to sell helicopter carriers to Russia because of Russian aggression in Ukraine. (The Washington Post, 7/24/2016)

 

April 15, 2015: A computer expert privately advises the Clinton campaign to hire a company to investigate if Clinton’s private server was hacked.

Barbara Simons (Credit: public domain)

Barbara Simons (Credit: public domain)

Barbara Simons, a renowned computer expert, writes Clinton campaign chair John Podesta in an email, “I am following up on our very brief discussion, held as you were leaving the DA meeting, about Hillary Clinton’s emails.  I’ve included a summary of the issues and a precautionary step that I think should be taken.”

Simons attaches a short document to the email, which is entitled, “Hillary Clinton’s emails and what to do about them.” In it, she writes, “I believe that this is a more serious situation than perhaps Secretary Clinton and her aides realize. … There is a very real risk that the system was broken into, possibly by Republican operatives (or China or some other country or organization).  If this has happened and if there is anything that might appear problematic in those emails, whether or not it actually is, the relevant emails might be released to the press shortly before the election.  Even if the system was not broken into, there is the threat that opponents might release forged emails that are difficult to impossible to distinguish from real ones.”

Jeremy Epstein a program manager with I2O, took his official photo on March 8, 2016 at DARPA in Arlington, Va. (Photo By: Sun L. Vega)

Jeremy Epstein (Credit: Sun L. Vega)

As a result, she and a prominent computer security expert Jeremy Epstein suggest that the Clinton campaign hire a cybersecurity company called Mandiant. They are said to be competent and discrete in dealing with major corporate hacks. They will try to determine if Clinton’s private server was hacked. However, Simons notes that “if nothing serious is uncovered by a forensics examination, that does not prove that nothing happened.  Regrettably, the absence of proof of a break-in is not proof of the absence of a break-in.” (WikiLeaks, 10/23/2016)

Whatever reply Podesta gives is unknown. It is also unknown if Mandiant or any other company is ever hired. However, the FBI’s Clinton email investigation final report will make no mention of any evidence of such a forensic examination.

Summer 2015—May 2016: One or more hackers access the DNC’s computer network.

CrowdStrike logo (Credit: CrowdStrike)

CrowdStrike logo (Credit: CrowdStrike)

In June 2016, it will be reported that the computer network of the DNC [Democratic National Committee] was compromised for about a year. Around May 2016, the security company CrowdStrike is hired by the DNC to investigate and stop the hacking attack. According to CrowdStrike, there actually are two different groups that successfully break into the network, both of them linked to the Russian government.

The first group is said to be known by the nickname Cozy Bear. In 2015, it allegedly successfully infiltrated the unclassified networks of the White House, State Department, US Joint Chiefs of Staff, and others. This group gets into the DNC’s network in the summer of 2015 and is not stopped until May 2016.

The second group is said to be known by the nickname Fancy Bear, and it also has had many other successful attacks. It gets into the network in April 2016 and also is stopped in May 2016.

On June 15, 2016, someone going by the nickname “Guccifer 2.0” posts DNC files on the Internet. This person claims to have no connection to the Russian government, but also claims to have accessed the DNC network for “almost a year,” which is similar to what CrowdStrike says about Cozy Bear. (CrowdStrike.com, 6/15/2016) (The Washington Post, 6/15/2016)

August 11, 2015: Secretary of State John Kerry suggests the Russian and Chinese governments could be reading his email.

Secretary of State John Kerry (Credit: Andrew Burton / Getty Images)

Secretary of State John Kerry (Credit: Andrew Burton / Getty Images)

Discussing this possibility, Kerry says, “It is very likely. It is not outside the realm of possibility, and we know they have attacked a number of American interests over the course of the last few days.” He adds that given the number of recent cyber attacks, he “certainly writes things with that awareness.” (Time, 8/12/2015)

August 14, 2015: The FBI is trying to find out if foreign countries, especially China or Russia, broke into Clinton’s private server.

The New York Times reports that according to several unnamed US officials, “specially trained cybersecurity investigators will seek to determine whether Russian, Chinese, or other hackers breached the account or tried to transfer any of Mrs. Clinton’s emails…” (The New York Times, 8/14/2015)

September 2, 2015: It is widely believed foreign governments have intercepted Clinton’s emails.

The Daily Beast reports on Clinton’s email scandal, “There’s a widely held belief among American counterspies that foreign intelligence agencies had to be reading the emails on Hillary’s private server, particularly since it was wholly unencrypted for months. ‘I’d fire my staff if they weren’t getting all this,’ explained one veteran Department of Defense counterintelligence official, adding: ‘I’d hate to be the guy in Moscow or Beijing right now who had to explain why they didn’t have all of Hillary’s email.’ Given the widespread hacking that has plagued the State Department, the Pentagon, and even the White House during Obama’s presidency, senior counterintelligence officials are assuming the worst about what the Russians and Chinese know.”

An unnamed senior official who is “close to the investigation” says, “Of course they knew what they were doing, it’s as clear as day from the emails. I’m a Democrat and this makes me sick. They were fully aware of what they were up to, and the Bureau knows it.” (The Daily Beast, 9/2/2015)

October 2015—Mid-May 2016: Hackers, alleged to be Russian, target almost 4,000 Google accounts related to US politics.

Center for American Progress logo (Credit: public domain)

Center for American Progress logo (Credit: public domain)

According to a June 17, 2016 Bloomberg News article, during this time period, the same allegedly Russian hackers who breach the computers of the DNC [Democratic National Committee] and Clinton’s presidential campaign “[burrow] much further into the US political system, sweeping in law firms, lobbyists, consultants, foundations, and the policy groups known as think tanks, according to a person familiar with investigations of the attacks.” Almost 4,000 Google accounts are targeted by “spear phishing,” which involves tricking targets to give log-in information so their data can be accessed. The Center for American Progress, a think tank with ties to Clinton and the Obama administration, is one known target.

Bloomberg News will further report that, “Based on data now being analyzed, various security researchers believe the campaign stems from hackers linked to Russian intelligence services and has been broadly successful, extracting reams of reports, policy papers, correspondence and other information.”

The Russian government denies any involvement, but cybersecurity experts who have investigated the attacks believe the hackers are working for Russia. It is believed that either or both of two major Russian hacking groups, Fancy Bear (or APT 28) and Cozy Bear (or APT 29) are behind the attacks. (Bloomberg News, 6/17/2016)

January 21, 2016: Former Defense Secretary Robert Gates believes foreign countries hacked into Clinton’s private email server.

Secretary of Defense Robert Gates (Credit: ABC News)

Secretary of Defense Robert Gates (Credit: ABC News)

He says in an interview, “Given the fact that the Pentagon acknowledges that they get attacked about 100,000 times a day, I think the odds are pretty high.” Russia, China, and Iran are suggested as countries that would have targeted her server. Gates was defense secretary from 2006 to 2011, under Presidents Bush and Obama. In 2015, Gates praised Clinton, saying, “She was a good secretary of state.” (The Hill, 1/21/2016)

January 21, 2016: Former US Attorney General Michael Mukasey writes an editorial entitled “Clinton’s Emails: A Criminal Charge Is Justified.”

Attorney General Michael Mukasey (Credit: Charles Dharapak / The Associated Press)

Attorney General Michael Mukasey (Credit: Charles Dharapak / The Associated Press)

Writing in the Wall Street Journal, Mukasey argues that “intelligence community investigators believe it is nearly certain that Mrs. Clinton’s server was hacked, possibly by the Chinese or the Russians… [F]rom her direction that classification rules be disregarded, to the presence on her personal email server of information at the highest level of classification, to her repeated falsehoods of a sort that juries are told every day may be treated as evidence of guilty knowledge—it is nearly impossible to draw any conclusion other than that she knew enough to support a conviction at the least for mishandling classified information.” (The Wall Street Journal, 1/21/2016)

January 28, 2016: It is claimed that Russian intelligence must have gotten the contents of Clinton’s emails.

This is according to an unnamed former high-ranking Russian intelligence officer. This officer says, “Of course the SVR got it all.” (The SVR, Sluzhba Vneshney Razvedki, is the successor intelligence agency to the KGB.) He adds, “I don’t know if we’re as good as we were in my time, but even half-drunk, the SVR could get those emails. They probably couldn’t believe how easy Hillary made it for them.” (The New York Observer, 1/28/2016)

February 1, 2016: Some US intelligence officials are “mad as hell” about Clinton’s deleted emails.

An unnamed Pentagon counterintelligence official expresses concern that some of the 30,840 emails Clinton deleted may have been work-related. “I’ll spend the rest of my career trying to figure out what classified information was in those. […] Everybody is mad as hell right now.” This official adds, “The worst part is that Moscow and Beijing have that information but the [US] Intelligence Community maybe never will.” (The New York Observer, 2/1/2016)

March 2016: The same hacking group that allegedly breaches the DNC [Democratic National Committee] computer network may also breach computers of some Clinton presidential campaign staffers.

Clinton's Deputy Communications Director, Kristina Schake (Credit: Getty Images)

Clinton’s Deputy Communications Director, Kristina Schake (Credit: Getty Images)

The hacker or hacking group is known by the nickname Fancy Bear, and is alleged to be working for the Russian government. Fancy Bear gets into the DNC network in April 2016, which makes it separate from the efforts of Cozy Bear (alleged also to be linked to Russia) or Guccifer 2.0 (alleged to be a “lone hacker”) which in either case got into the network for about a year. Fancy Bear’s attack on Clinton’s staffers is said to start in March 2016, according to the security firm SecureWorks. Targets include Clinton’s communications and travel organizers, speechwriters, policy advisers, and campaign finance managers.

The hackers use the “spear phishing” technique of sending an email from a seemingly trusted source in order to get the target to click on a link. In this case, the links are shortened by an Internet service known as Bitly to make it hard to notice that they’re bogus. They take the target to a fake Google login page, since most or all of Clinton’s staffers use Gmail. Once the target gives their user name and password, the hacker can log into the real account and access all the data. The hackers create 213 links targeting 108 hillaryclinton.com addresses. Twenty of those are clicked, raising the possibility that some accounts are successfully breached. (Forbes, 6/16/2016)

March 4, 2016: A former NSA senior intelligence analyst claims concerns about Clinton’s email account getting hacked misses a bigger threat.

Computers in the White House Situation Room, with a yellow screensaver, indicating they are connected to a TOP SECRET/SCI computer network. (Credit: Screenshot from White House video)

Computers in the White House Situation Room, with a yellow screensaver, indicating they are connected to a TOP SECRET/SCI computer network. (Credit: Screenshot from White House video)

John Schindler, who spent time as the technical director of the NSA’s largest operational division, says that instead of focusing on hacking, foreign governments more often collect signals intelligence, or SIGINT remotely through high-tech means such as spy satellites.

He asserts that “unencrypted IT systems don’t need ‘hacking’—normal SIGINT interception will suffice. Ms. Clinton’s ‘private’ email, which was wholly unencrypted for a time, was incredibly vulnerable to interception, since it was traveling unprotected on normal commercial networks, which is where SIGINT operators lurk, searching for nuggets of gold. They hunt for data with search terms called ‘selectors’—a specific phone number, a chatroom handle, an email address: here Ms. Clinton’s use of the ‘clintonmail.com’ server was the SIGINT equivalent of waving a huge ‘I’m right here’ flag at hostile intelligence services. Since the number of spy agencies worldwide capable of advanced SIGINT operations numbers in the many dozens, with Russia and China in the top five, that Ms. Clinton’s emails wound up in the wrong hands is a very safe bet, as any experienced spy will attest.” (The New York Observer, 3/4/2016)

April 2016: Hacking attacks on the DNC and the Clinton campaign are first discovered.

On June 14, 2016, McClatchy Newspapers will report that a hacking attack on the DNC [Democratic National Committee] is discovered “in late April 2016, after staffers noticed unusual activity on the DNC’s computer network.” (McClatchy Newspapers, 6/14/2016) 

On June 21, 2016, Bloomberg News will report, “The Clinton campaign was aware as early as April that it had been targeted by hackers with links to the Russian government on at least four recent occasions, according to a person familiar with the campaign’s computer security.” (Bloomberg News, 6/21/2016)

In late July 2016, it will be reported that the FBI warned the Clinton campaign in March 2016 that it was the target of hacking attempts, but the campaign refused to help the FBI stop them.

Late April 2016—Early May, 2016: Hacking attacks on a DNC consultant researching pro-Russian politicians in Ukraine lead DNC leaders to conclude the Russian government is behind such attacks.

160530AlexandraChalupaLinkedIn

Alexandra Chalupa (Credit: Linked In)

Alexandra Chalupa, a consultant for the Democratic National Committee (DNC), has been working for several weeks on an opposition research file about Paul Manafort, the campaign manager of Republican presidential nominee Donald Trump. Manafort has a long history of advising politicians around the world, including controversial dictators. Logging into her Yahoo email account, she gets a warning entitled “Important action required” from a Yahoo cybersecurity team. The warning adds, “We strongly suspect that your account has been the target of state-sponsored actors.”

Paul Manafort (Credit: Linked In)

Paul Manafort (Credit: Linked In)

Paul Manafort was a key adviser to Ukrainian President Viktor Yanukovych from 2004 until 2010. Yanukovych is a controversial figure frequently accused of widespread corruption and was overthrown after a massive series of protests in February 2014, and has since been living in Russia, protected by the Russian government. Chalupa had been drafting memos and writing emails about Manafort’s link to pro-Russian Ukrainian leaders such as Yanukovych when she got the warning. She had been in contact with investigative journalists in Ukraine who had been giving her information about Manafort’s ties there.

Chalupa immediately alerts top DNC officials. But more warnings from Yahoo’s security team follows. On May 3, 2016, she writes in an email to DNC communications director Luis Miranda, “Since I started digging into Manafort, these messages have been a daily occurrence on my Yahoo account despite changing my password often.”

160725ScreenshotCapturedYahooNews(1)

A photo capture of the Yahoo security warning appearing on DNC consultant Alexandra Chalupa’s computer screen. (Credit: Yahoo News)

In July 2016, she will tell Yahoo News, “I was freaked out,” and “This is really scary.” Her email message to Miranda will later be one of 20,000 emails released by WikiLeaks on July 22, 2016, showing that there was good reason to be concerned about hacking attempts.

Chalupa’s email to Miranda, results in concern amongst top level DNC officials. One unnamed insider will later say. “That’s when we knew it was the Russians,” since Russia would be very interested in Chalupa’s research and other countries like China would not. This source also says that as a precaution, “we told her to stop her research.”

Yahoo will later confirm that it did send numerous warnings to Chalupa, and one Yahoo security official will say, “Rest assured we only send these notifications of suspected attacks by state-sponsored actors when we have a high degree of confidence.” (Yahoo News, 7/25/2016)

June 10, 2016: Blumenthal confirms he had no security clearance when Clinton was secretary of state.

In a Fox News interview, Clinton confidant Sid Blumenthal is asked if he ever had security clearance when exchanging emails with Clinton, given that many of her emails were later deemed to contain classified material. He responds, “I was her friend, and I had no security clearance, nor did I seek it, nor did anyone ever send me anything that was classified. So I had no access to, nor did I send or receive any classified material.”

Curiously, he also comments about the Romanian hacker nicknamed Guccifer, who broke into his email inbox in 2013: “Marcel Lazar is a Romanian. He worked from a Russian server. He may well be part of a Russian information operation.” (Fox News, 6/11/2016)

June 14, 2016: Hackers allegedly linked to the Russian government broke into the DNC’s files.

Democratic National Committee headquarters in Washington, DC. (Credit: public domain)

Democratic National Committee headquarters in Washington, DC. (Credit: public domain)

The Washington Post reports that the emails, text messages, and other computer files of The DNC [Democratic National Committee] were accessed by two groups allegedly linked to Russia. Opposition research on Republican presidential candidate Donald Trump was stolen.

One group known as Cozy Bear broke into the DNC’s network a year ago and maintained access without getting caught. The other group known as Fancy Bear, apparently working independently, did so much more recently. These same hackers also probed the networks of both the Trump and Clinton campaigns, as well as some Republican political action committees, but it is unknown if those attacks succeeded.

The first hacking group typically uses “spear phishing” to gain access. This is when an email appears to come from a someone the recipient knows but actually is meant to trick that person into activating embedded malicious code by clicking on an attachment or link. (Wired, 6/14/2016) (The Washington Post, 6/14/2016

Forbes comments that the “Holy Grail of Russian intelligence is uncovering compromising material that can be used to embarrass, manipulate, or blackmail foreign political leaders.” Furthermore, “If the DNC’s cyber secrets are open to Russian intelligence hackers, the odds are overwhelming that they have Clinton’s private emails as well, especially given that Clinton’s private server was a target of the highest value.” This means Clinton could be blackmailed or otherwise manipulated by Russia as well. Forbes also notes how both cases involved spear phishing. (Forbes, 6/14/2016) 

Clinton was targeted by spear phishing at least three times, twice in May 2011, and once in July 2011. It is unknown if any of those attacks succeeded. (US Department of State, 10/30/2015) (US Department of State, 3/5/2015) (US Department of State, 5/25/2016)

June 14, 2016: Clinton claims to have just learned about the DNC network breach, and inaccurately claims her campaign has not been similarly targeted.

In an interview, Clinton is asked about a news report from earlier in the day that hackers allegedly linked to the Russian government breached the computer network of the DNC [Democratic National Committee]. She is asked the general question, “What can you tell us about that incident? How worrisome is it?”

She replies, “I only learned about it when it was made public. And it is troubling, just as all cyber-attacks against our businesses and our institutions, our government are. The Russians—and according to the reporting—who did this hacking were most likely in the employment of the Russian government.”

She also comments without being prompted, “So far as we know, my campaign has not been hacked into and we’re obviously looking hard at that.” (The Hill, 6/14/2016)

But two days later, Forbes reports that a security company hired by the Clinton campaign has determined many of her campaign staffers have been targeted by hackers in recent months, and there are indications some of their email accounts could have been breached. (Forbes, 6/16/2016)

June 15, 2016: A hacker nicknamed Guccifer 2.0 posts files showing they were behind the DNC hack.

(Credit: public domain)

(Credit: public domain)

One day after the Washington Post reported that alleged Russian hackers broke into the DNC’s [Democratic National Committee] computer network, a man using the nickname “Guccifer 2.0” creates a new website on the Internet showing that person got the DNC files. Guccifer 2.0 likely has no connection to Guccifer, who is now in a US prison, but seems inspired to take the name due to Guccifer’s earlier hacking notoriety.

He posts a 200-page opposition research file on Republican presumptive presidential nominee Donald Trump dating from December 2015, as well as other computer files from the DNC. The files include a sample of donor information, contradicting the DNC’s claim from the day before that no financial information had been stolen.

Guccifer 2.0 also claims to have given “thousands of files and mails” to WikiLeaks. This comes several days after WikiLeaks head Julian Assange promised to post more of Clinton’s emails soon. The security firm CrowdStrike was hired to investigate the DNC hack, and they claimed to be confident that it was a sophisticated operation done by two hacking groups with ties to the Russian government.

However, Guccifer 2.0 claims to be working independently, and says of CrowdStrike, “I’m very pleased the company appreciated my skills so highly. But in fact, it was easy, very easy.”

However, CrowdStrike stands by their original claim and suggests the new website could be “part of a Russian intelligence disinformation campaign.” (Wired, 6/15/2016) (Vice News, 6/15/2016) 

NBC News reports that “several Democratic sources familiar with the party’s opposition research efforts said they believed opposition research book to be authentic. It also includes links to data stored on internal DNC servers, which would not accessible to people outside the committee.” (NBC News, 6/15/2016)

June 16, 2016: Recent alleged Russian hacking attacks appear to have focused on Clinton and the DNC and not other presidential campaigns.

SecureWorks Logo (Credit: SecureWorks)

SecureWorks Logo (Credit: SecureWorks)

SecureWorks is a cybersecurity company that apparently has been hired to investigate recent leaks targeting US government officials, departments, and related entities. Focusing on the hacking group known as Fancy Bear (or APT 28), they conclude with “moderate confidence that the group is operating from the Russian Federation and is gathering intelligence on behalf of the Russian government.” They also conclude that the group targeted Clinton’s presidential campaign and the DNC [Democratic National Committee].

However, SecureWorks have not observed Fancy Bear “[target] the US Republican party or the other US presidential candidates whose campaigns were active between mid-March and mid-May [2016]: Donald Trump, Bernie Sanders, Ted Cruz, Marco Rubio, and John Kasich.” But they point out the other campaigns could have been targeted by other means not noticed by them. (SecureWorks, 6/16/2016)

June 16, 2016: Various clues suggest that “Guccifer 2.0” could be a front for Russian hacking efforts.

Copy of the metadata and the nickname for Felix Dzerzhinsky, written in the Cyrillic alphabet. (Credit: Ars Technica)

Copy of the metadata and the nickname for Felix Dzerzhinsky, written in the Cyrillic alphabet. (Credit: Ars Technica)

On June 15, 2016, someone going by the name “Guccifer 2.0” claimed to be the “lone hacker” behind the breach of the DNC [Democratic National Committee] computer network reported in the media the day before.

However, various clues support the assertion by security experts hired by the DNC that the hacking effort is connected to the Russian government or at least originates from Russia:

  • The metadata of one file sent by Guccifer 2.0 to Gawker contains metadata indicating the last person to change the file used the nickname for Felix Dzerzhinsky (Феликс Эдмундович), a long-dead Russian statesman best known for founding the Soviet secret police.
  • The nickname is written in the Cyrillic alphabet, which means Guccifer 2.0’s computer was configured to use the Russian language and was connected to a Russian-language keyboard.
  • Another file contains some broken web links. The error message is also written in Russian, using the Cyrillic alphabet.
  • A blog post written by Guccifer 2.0 uses “)))” to indicate a smiley face. This is common in Eastern Europe and Russia but very uncommon elsewhere, due to differences with the Russian-language keyboard. (Ars Technica, 6/16/2016)
  • Other metadata indicates the person who saved the files used a cracked version of Office 2007, which is popular in Russia.
  • Vice News reports that Guccifer 2.0 had no online history prior to June 15, and “multiple security sources said they’d never heard of nor seen anyone by that alias” before that date. (Vice News, 6/16/2016)
  • Dave Aitel, CEO of Immunity Security, comments, “You don’t have the FBI or DHS [Department of Homeland Security] coming out and saying: ‘Hey we don’t think it’s Russia.’ If it is Russia, a nation state, it’s a pretty big deal. Otherwise the FBI would say: ‘We’re conducting an investigation.’ But they’re not saying that.”

Ars Technica comments, “Of course, it’s still possible that the Russian fingerprints were left intentionally by someone who has no connection to Russia, or by a Russian-speaking person with no connection to the Russian government, or any number of other scenarios.” (Ars Technica, 6/16/2016)

June 17, 2016: Some cybersecurity experts doubt the Russian government is behind recent hacking attacks.

Nathaniel Gleicher (Credit: Carmen Holt)

Nathaniel Gleicher (Credit: Carmen Holt)

Time Magazine notes that although CrowdStrike, the cybersecurity firm hired by the DNC [Democratic National Committee] to stop the hacking of their computer network, claims the Russian government is behind the attacks, other security experts are skeptical. Someone calling themselves “Guccifer 2.0” has posted some files that appear to come from the DNC hack, and that person claims to be a “lone hacker.”

CrowdStrike asserts this is just an effort to sow confusion about Russian involvement, but some experts doubt that as well.

Nathaniel Gleicher, the former director for cybersecurity policy on the NSC [National Security Council], says, “Attribution is incredibly difficult—I wouldn’t say impossible, but it’s very difficult.”

Reg Harnish, the CEO of the cybersecurity company GreyCastle Security, says the final answer may still be unknown, with political intrigues complicating the picture. “I’ve been personally involved in hundreds of these investigations, and you just don’t end up in the same place where you began. […] I think there’s a lot of misinformation out there right now.”

Scott Borg, the head of the US Cyber Consequences Unit, echoed the skepticism. “Our best guess is that the second (and apparently less skillful) of the two intruders was not Russian intelligence. We are also uncertain about the first group.”

So far, the FBI has not made any comment. (Time, 6/17/2016)

June 18, 2016: Guccifer 2.0 publishes more of the DNC’s financial documents.

A sample of the data released by Guccifer 2.0, revealing personal information of DNC donors. (Credit: Guccifer 2.0)

A sample of the data released by Guccifer 2.0, revealing personal information of DNC donors. (Credit: Guccifer 2.0)

Two days after emerging to post some DNC [Democratic National Committee] documents on the Internet, the hacker known by the nickname Guccifer 2.0 publishes some more.

This person comments on their new website, “It appears there are a lot of financial reports, donors lists, and their detailed personal information, including e-mail addresses and private cell phone numbers…I got tons of files and docs.” This person also promises to post more soon.

Business Insider notes: “The Washington Post’s initial report stated that the hacker’s avoidance of donor information indicates that the breach was likely the work of ‘traditional espionage,’ but the new information posted by Guccifer 2.0, if legitimate, seems to discredit that line of thinking.”

The DNC has not confirmed that the documents are genuine, but has not denied it either. It is unknown who Guccifer 2.0 is, but security experts hired by the DNC assert the Russian government is behind the leaks. (Business Insider, 6/18/2016)

June 20, 2016: Two more cybersecurity companies support CrowdStrike’s conclusion that the Russian government was behind the recent hack of the DNC computer network.

Michael Buratowski (Credit: FidelisCybersecurity)

Michael Buratowski (Credit: FidelisCybersecurity)

The companies are Fidelis Cybersecurity and Mandiant. They base their analysis on five malware samples used in the hacking attack. Fidelis executive Michael Buratowski says, “Based on our comparative analysis, we agree with CrowdStrike and believe that the Cozy Bear and Fancy Bear…groups were involved in successful intrusions at the DNC [Democratic National Committee] . […] The malware samples matched the description, form and function that was described in the CrowdStrike blog post. In addition, they were similar and at times identical to malware that other [research firms] have associated to these actor sets.”

However, the Washington Post reports, “It is also possible, researchers said, that someone else besides the Russians were inside the DNC’s network and had access to the same documents.” (The Washington Post, 6/20/2016) 

A law firm reviewing the DNC attack, Baker & McKenzie, has begun working with three cybersecurity companies to review CrowdStrike’s findings. Fidelis Cybersecurity is one of them, along with FireEye and Palo Alto Networks, Inc. (Bloomberg News, 6/21/2016) (Fidelis Cybersecurity, 6/20/2016)

June 21, 2016: The Clinton Foundation’s computer network was recently successfully hacked by alleged Russian hackers.

Bloomberg News reports this is according to three unnamed “people familiar with the matter.” Clinton Foundation officials say they haven’t been notified of the attack and refuse to say more. The breach was discovered as recently as one week earlier.

The attack appears to be part of a larger sweep of attacks that has targeted at least 4,000 email accounts of people connected to US politics since about October 2015. Many of the targets appear to be linked to Clinton.

Bloomberg News comments, “The thefts set the stage for what could be a Washington remake of the public shaming that shook Sony in 2014, when thousands of inflammatory internal emails filled with gossip about world leaders and Hollywood stars were made public.”

Someone going by the nickname “Guccifer 2.0” has been releasing documents from a hack on the DNC [Democratic National Committee] but it is unknown if this person is linked to the foundation attack. (Bloomberg News, 6/21/2016)

June 21, 2016: Democrats hope that blaming recent hacking attacks on the Russian government will limit the political fallout.

Glen Caplin (Credit: Global Strategy Group)

Glen Caplin (Credit: Global Strategy Group)

Bloomberg News reports, “If the Democrats can show the hidden hand of Russian intelligence agencies, they believe that voter outrage will probably outweigh any embarrassing revelations, a person familiar with the party’s thinking said.”

In the same article, Clinton spokesperson Glen Caplin refuses to comment on details about recent hacking attacks or confirm if any of Clinton’s campaign staff got successfully hacked. However, Caplin does say, “What appears evident is that the Russian groups responsible for the DNC hack are intent on attempting to influence the outcome of this election.”

The DNC [Democratic National Committee] similarly won’t comment on details or confirm reports of successful attacks. However, the DNC issues a written statement that it believes recent leaks by Guccifer 2.0 are “part of a disinformation campaign by the Russians.”

The Russian government has denied any involvement. (Bloomberg News, 6/21/2016)

June 21, 2016: Guccifer 2.0 is interviewed and claims to be Romanian, not Russian.

Starting June 15, 2015, someone using the nickname “Guccifer 2.0” created a website and started posting files that appear to come from a recent hack of the DNC [Democratic National Committee] computer network. He claims to be a “lone hacker” while some have suggested that he is a front for the Russian government.

For the first time, he is interviewed, by Vice News, through Twitter, so his appearance and location remain unknown. He says he is from Romania, just like the original hacker nicknamed Guccifer, who is now in a US prison. However, Vice News asks him to answer a question in Romanian and he declines to do so. He does make a few comments in Romanian, but they have numerous errors. He says he deliberately left Russian metadata in the leaked documents as his personal “watermark.” Yet he claims, “I don’t like Russians and their foreign policy. I hate being attributed to Russia.”

He says he first breached the DNC network in the summer of 2015. “Then I installed my Trojans on several PCs. I had to go from one PC to another every week so CrowdStrike couldn’t catch me for a long time. I know that they have cool intrusion detection system. But my heuristic algorithms are better.” He claims he finally got kicked out of the network on June 12, 2016, when the DNC “rebooted their system.”

He says he has had other successful hacking attacks, but he refuses to name the targets because “my safety depends on it.” He says he doesn’t care about Donald Trump but targeted the DNC to emulate the work of the original Guccifer. (Vice News, 6/21/2016)

June 29, 2016: US intelligence is said to be looking closely to see if Russia could be covertly trying to release all of Clinton’s emails to the public.

Russian president Vladimir Putin (Credit: Agence France Presse)

Russian President Vladimir Putin (Credit: Agence France Presse)

The Washington Times claims that an unnamed US intelligence official says US intelligence agencies are closely watching Russian online blogs and other Internet locations for any signs that Russian hackers have obtained Clinton’s emails from her time as secretary of state and are preparing to publicly release them. At least two postings suggest this could be happening, but the evidence cannot be confirmed as authoritative.

Additionally, an unnamed State Department official says Russia, China, and Israel are the three foreign governments most likely to have obtained all of Clinton’s emails, including her deleted ones, through covert hacking operations.

It is known that many organizations and people connected to Clinton have been hacked in recent months, and the Russian government is suspected, but their involvement has not been confirmed. If the Russians are involved, one possible motive would be to influence the FBI’s Clinton investigation and thus the 2016 presidential election. Russian President Vladimir Putin has praised Republican presidential candidate Donald Trump, calling him someone he could “get along very well with,” while Clinton espouses policies that frequently conflict with Russian aims. (The Washington Times, 6/29/2016)

July 2016—August 18, 2016: Hackers target the election databases in two US states, but the motives and identities of the hackers are unclear.

In July 2016, the FBI uncovers evidence that two state election databases may have been recently hacked, in Arizona and Illinois. Officials shut down the voter registration systems in both states in late July 2016, with the Illinois system staying shut down for ten days.

160701JehJohnsonpublic

Jeh Johnson (Credit: public domain)

On August 15, 2016,  Homeland Security Secretary Jeh Johnson heads a conference call with state election officials and offers his department’s help to make state voting systems more secure. In the call, he emphasizes that he is not aware of “specific or credible cybersecurity threats” to the November 2016 presidential election.

Three days later, the FBI Cyber Division issues a warning, titled “Targeting Activity Against State Board of Election Systems.” It reveals that the FBI is investigating hacking attempts on the Arizona and Illinois state election websites. The warning suggests the hackers could be foreigners and asks other states to look for signs that they have been targeted too. Out of the eight known IP addresses used in the attacks, one IP address was used in both attacks, strongly suggesting the attacks were linked.

An unnamed “person who works with state election officials calls the FBI’s warning “completely unprecedented. … There’s never been an alert like that before that we know of.” In the Arizona case, malicious software was introduced into its voter registration system, but apparently there was no successful stealing of data. However, in the Illinois case, the hackers downloaded personal data on up to 200,000 state voters.

160701TomKellermannBBCNews

Tom Kellermann (Credit: BBC News)

It is not known who was behind the attacks. One theory is that the Russian government is responsible. A former lead agent in the FBI’s Cyber Division said the way the hack was done and the level of the FBI’s alert “more than likely means nation-state attackers.” Tom Kellermann, head of the cybersecurity company Strategic Cyber Ventures, believes Russian President Vladimir Putin is ultimately behind the attacks, and thinks it is connected to the hacking of the Democratic National Committee (DNC) and other recently targeted US political targets. Kellermann says of Putin, “I think he’s just unleashed the hounds.”

But another leading theory is that common criminals are trying to steal personal data on state voters for financial gain. Milan Patel, former chief technology officer of the FBI’s Cyber Division, says, “It’s got the hallmark signs of any criminal actors, whether it be Russia or Eastern Europe.” But he adds, “the question of getting into these databases and what it means is certainly not outside the purview of state-sponsored activity.” Some cybersecurity experts note that hackers often target government databases for personal information they can sell.

160701RickBarger

Rich Barger (Credit: Threat Connect)

So far, the motive and identity of the hackers remains uncertain. Rich Barger, chief intelligence officer for ThreatConnect, says that one of the IP addresses listed in the FBI alert previously surfaced in Russian criminal underground hacker forums. However, sometimes these groups work alone, and other times they work for or cooperate with the Russian government. Barger also claims the method of attack on one of the state election systems appears to resemble methods used in other suspected Russian state-sponsored cyberattacks. But cybersecurity consultant Matt Tait says that “no robust evidence as of yet” connects the hacks to the Russian government or any other government.

US officials are considering the possibility that some entity may be attempting to hack into voting systems to influence the tabulation of results in the November 2016 election. A particular worry is that all of six states and parts of four others use only electronic voting with no paper verification. Hackers could conceivably use intrusions into voter registration databases to delete names from voter registration lists. However, this is still considered only a remote possibility. But the FBI is warning states to improve their cybersecurity to reduce the chances this could happen.

News of these attacks and FBI alerts will be made public by Yahoo News on August 29, 2016. (Yahoo News, 8/29/2016) (Politico, 8/29/2016)

July 5, 2016—July 6, 2016: Comey’s comments indicate it is “very likely” Clinton’s emails were hacked, but solid proof may never be found.

In a July 5, 2016 public speech, FBI Director James Comey addresses the possibility that Clinton’s emails were accessed by outsiders. He says, “We did not find direct evidence that Secretary Clinton’s personal email domain, in its various configurations since 2009, was successfully hacked. But, given the nature of the system and of the actors potentially involved, we assess that we would be unlikely to see such direct evidence. We do assess that hostile actors gained access to the private commercial email accounts of people with whom Secretary Clinton was in regular contact from her personal account. We also assess that Secretary Clinton’s use of a personal email domain was both known by a large number of people and readily apparent. She also used her personal email extensively while outside the United States, including sending and receiving work-related emails in the territory of sophisticated adversaries. Given that combination of factors, we assess it is possible that hostile actors gained access to Secretary Clinton’s personal email account.” (Federal Bureau of Investigation, 7/5/2016)

The next day, the New York Times reports that although Comey said there was no “direct evidence” Clinton’s email account had been successfully hacked, “both private experts and federal investigators immediately understood his meaning: It very likely had been breached, but the intruders were far too skilled to leave evidence of their work.”

The Times says that Comey’s comments were a “blistering” critique of Clinton’s “email practices that left Mrs. Clinton’s systems wide open to Russian and Chinese hackers, and an array of others.” However, “the central mystery — who got into the system, if anyone — may never be resolved.”

Adam Segal (Credit: public domain)

Adam Segal (Credit: public domain)

Adam Segal, a cybersecurity expert at the Council on Foreign Relations (CFR), says, “Reading between the lines and following Comey’s logic, it does sound as if the FBI believes a compromise of Clinton’s email is more likely than not. Sophisticated attackers would have known of the existence of the account, would have targeted it, and would not have been seen.”

Before Comey’s comments, Clinton and her spokespeople had said on numerous occasions that her server had never been hacked. In an October 2015 interview, President Obama came to a similar conclusion about her server: “I don’t think it posed a national security problem.”

The Times also comments that Comey’s “most surprising suggestion” may have been his comment that Clinton used her private email while in the territory of “sophisticated adversaries.” This is understood to mean China and Russia and possibly a few more countries.

Former government cybersecurity expert James Lewis says, “If she used it in Russia or China, they almost certainly picked it up.” (The New York Times, 7/6/2016)

Cybersecurity consultant Morgan Wright says the most likely suspects are Russia, China and Israel, “in that order.”

Ben Johnson, a former National Security Agency official and security strategist, says “Certainly foreign military and intelligence services” would have targeted Clinton’s emails. “They’re going to have a lot of means and motives to do this.” He also says it wasn’t just likely countries such as China and Russia, but “any country that’s looking to potentially have adversarial relations with us or just [desires] more relations with us.” He specifically cites Middle East countries specifically as having a likely motive. (Politico, 7/5/2016)

July 22, 2016: WikiLeaks releases almost 20,000 DNC emails as the first of a series of Clinton-related leaks.

WikiLeaks publicly releases 19,252 emails and 8,034 email attachments recently hacked from the Democratic National Committee (DNC). The emails are from seven DNC officials: Communications Director Luis Miranda (10,770 emails), National Finance Director Jordon Kaplan (3,797 emails), Finance Chief of Staff Scott Comer (3,095 emails), Finance Director Zachary Allen (1,611 emails), Finance Director of Data and Strategic Initiatives Daniel Parrish (1,472 emails), Senior Advisor Andrew Wright (938 emails) and Northern California Finance Director Robert (Erik) Stowe (751 emails). The emails are from January 2015 until May 25, 2016.

160722DNCMontage

The seven DNC officials are left to right Luis Miranda (Credit: public domain), Jordan Kaplan (Credit: Facebook), Scott Comer (Credit: Linked In), Zachary Allen (Credit: Twitter), Daniel Parrish (Credit: Linked In), Andrew Wright (Credit: Linked In), Robert (Erik) Stowe (Credit: Linked In)

In announcing the release, WikiLeaks mentions this is “part one of our new Hillary Leaks series.” (WikiLeaks, 7/22/2016)

Julian Assange, head of WikiLeaks, mentioned in a June 2016 interview that other coming releases will relate to the Clinton Foundation and to Clinton’s emails (although it’s not clear how many there are or where and when they are from). It also was reported in June 2016 that the DNC computer network had been recently hacked, along with other political entities, such as the Clinton campaign. It also was suspected that the Russian government was behind the DNC hack. However, a previously unknown hacker named Guccifer 2.0 emerged and claimed to be behind the hack, and also claimed to have no ties to Russia. He furthermore claimed to have given thousands of documents to WikiLeaks.

WikiLeaks has a policy of never revealing the sources of their leaked material, and has maintained that policy for this release.

July 24, 2016—July 26, 2016: Clinton’s campaign manager Robby Mook suggests the Russian government is behind the release of DNC emails by WikiLeaks.

160724RobbieMookDouglasGrahamCQRollCallGroup

Clinton campaign manager Robbie Mook (Credit: Douglas Graham / Congressional Quarterly Roll Call Group)

On July 24, 2016, Mook says, “What’s disturbing about this entire situation is that experts are telling us that Russian state actors broke into the DNC [Democratic National Committee], took all those emails, and are now leaking them out through these websites,” such as WikiLeaks. “It’s troubling that some experts are telling us this was done by the Russians for the purpose of helping [Republican presidential nominee] Donald Trump.”

Mook also apologizes for the content of some emails, which show the DNC had a bias in favor of Clinton and against Senator Bernie Sanders, despite DNC rules that it should be neutral in the Democratic primaries. (The Hill, 7/24/2016)

Trump’s campaign manager Paul Manafort calls Mook’s comments “pure obfuscation.” He adds, “What they don’t want to talk about is what’s in those emails.” (The Washington Post, 7/24/2016)

Two days later, Mook makes similar accusations about Russia. He also says, “I think the timing around our convention was not a coincidence.” WikiLeaks released 20,000 DNC emails on June 22, 2016, just three days before the start of the Democratic National Convention. (The Hill, 7/26/2016)

July 24, 2016: It is suggested that the Russian government has attempted to influence elections in other countries, sometimes by using front groups.

160724MichaelVickersBAESystems

Michael Vickers (Credit: BAE Systems, Inc.)

Michael Vickers, who was undersecretary of defense for intelligence from 2011 to 2015, says that if the Russian government is behind the recent leak of Democratic National Committee (DNC) emails by WikiLeaks, it would be unprecedented for the US. “What is really new here is the attempt to influence the politics of the United States. That is the problem.”

However, he also points out that there is evidence the Russians have attempted to influence elections in European countries close to their border. For instance, in 2004, a Russian hacker group calling itself Cyber Berkut claimed it hacked and disabled the electronic vote-counting system of the Ukraine central election commission three days before the presidential election. However, analysts believe the hack was actually done by the Glavnoje Razvedyvatel’noje Upravlenije (GRU), one of two Russian military intelligence agencies accused of recently hacking the DNC. These analysts claim the GRU created Cyber Berkut as a false front to deflect responsibility. (The Washington Post, 7/24/2016)

July 25, 2016: The FBI formally acknowledges it is investigating the Democratic National Committee (DNC) hack.

The FBI has been investigating the hack of the DNC and related political entities for months. For instance, the FBI warned the Clinton campaign they were the target of hacking attacks in March 2016. However, this is the first public admission of an investigation. An FBI spokesperson says the bureau will “investigate and hold accountable those who pose a threat in cyberspace.” This announcement comes three days after WikiLeaks publicly posted almost 20,000 emails from the DNC.

160725RussianMilitaryIntelligenceEmblempublic

Emblem of the Glavnoje Razvedyvatel’noje Upravlenije (GRU) (Credit: public domain)

The Washington Post reports that according to unnamed ” individuals familiar with the investigation,” the FBI is focusing on the Russian military intelligence agency, known as the Glavnoje Razvedyvatel’noje Upravlenije or GRU, and looking into if it was responsible for giving the emails to WikiLeaks. However, it is believed that the Russian Federal Security Service, known as the Federal’naya Sluzhba Bezopasnosti or FSB, broke into the DNC’s computers as well.

The FBI wants to determine with certainty whether the Russian government passed the emails to WikiLeaks. This is likely to involve other US intelligence agencies, such as the NSA and the CIA, which potentially could intercept communications or gather intelligence overseas.

If it is definitively proven that the Russians are responsible, then the US would have to consider what to do next. The Post comments, ” Responses could range from a diplomatic wrist slap or warning to countermeasures.” In 2014, Sony Pictures was hacked, and there were reports that the government of North Korea was responsible. The US government imposed economic sanctions on North Korea in response. President Obama also signed an executive order enabling US officials to impose economic sanctions in response to significant hacking attacks. (The Washington Post, 7/25/2016)

July 25, 2016: Former CIA Director Michael Hayden says the Russians could be “weaponizing information” with leaks of hacked emails.

160725MichaelHaydenLuisMAlvarezAP

Former CIA director Michael Hayden (Credit: Luis M. Alvarez / The Associated Press)

Hayden says that if the Russian government is behind the recent leaks of Democratic National Committee (DNC) emails by WikiLeaks, this would mean “they’re clearly taking their game to another level. It would be weaponizing information. You don’t want a foreign power affecting your election. We have laws against that.”

Hayden was appointed head of the NSA by President Bill Clinton and then he was later appointed head of the CIA by President George W. Bush. (The Washington Post, 7/25/2016)

July 25, 2016: WikiLeaks discourages suggestions that the Russian government is behind its release of DNC emails.

160725WikileaksDNCLogo

Wikileaks cartoon that accompanied the DNC documents release. (Credit: Latoff / Wikileaks)

In an interview with NBC News, Wikileaks leader Julian Assange won’t say who gave WikiLeaks the Democratic National Committee (DNC) emails they have recently made public, as the group has a policy to never reveal their sources.

However, Assange discourages the widespread speculation that the emails come from hackers linked to the Russian government. Assange suggests that the DNC’s security was so weak that it could have been hacked by multiple groups. He also insists, “The emails that we have released are different sets of documents to the documents of those [that] people have analyzed.”

A hacker or hacking group going by the name of Guccifer 2.0 claims to have given the emails to WikiLeaks, but WikiLeaks has not confirmed this.

A WikiLeaks representative also comments, “Our publication of leaked DNC emails and the many DNC hacks over the last two years are separate incidents and should not be conflated.” (The Daily Beast, 7/26/2016)

July 26, 2016—July 28, 2016: Russia denies any role in hacking the DNC’s emails and claims to be neutral in the US presidential election.

160726SergeyLavrovpublic

Russian Foreign Minister Sergey Lavrov (Credit: public domain)

On July 26, 2016, Russian Foreign Minister Sergey Lavrov strongly dismisses suggestions that the Russian government could have been behind the hacks that led to the public release of 20,000 Democratic National Committee (DNC) emails.  He says, “I don’t want to use four-letter words.”  (The New York Times, 7/26/2016)

Two days later, Russian government spokesperson Dmitry Peskov says accusations of Russian involvement in the hacking of the emails border on “total stupidity” and are motivated by anti-Russian sentiment. “As regards these [email] batches, that is not our headache. We never poke our noses into others’ affairs and we really don’t like it when people try to poke their nose into ours. … The Americans need to get to the bottom of what these emails are themselves and find out what it’s all about.”

Peskov also says Russia won’t change what he claims has been a neutral stance on the US 2016 presidential election. “We know perfectly well that candidates in the heat of a preelection struggle say one thing, but that later, when under the weight of responsibility, their rhetoric becomes more balanced.”

Some US analysts claim that the Russian media, which is heavily influenced by the Russian government, has shown a clear tilt in favor of Trump. (Reuters, 7/28/2016)

July 26, 2016: WikiLeaks head Julian Assange says WikiLeaks might release “a lot more material” relevant to the US presidential campaign.

160727AssangeMatthewChanceCNN

CNN’s Matthew Chance interviews Julian Assange over a video link on July 26, 2016. (Credit: CNN, Moscow)

Assange is vague on details about future releases. He is asked by CNN about reports that the Russian government might be behind the recent hack of the Democratic National Committee (DNC) computer network. WikiLeaks has a policy of never revealing its sources, and Assange maintains that policy by refusing to confirm or deny anything. He says, “Perhaps one day the source or sources will step forward and that might be an interesting moment. Some people may have egg on their faces. But to exclude certain actors is to make it easier to find out who our sources are.”

He additionally says that Clinton and other Democratic officials are using the specter of Russian involvement to distract from the content of the emails. “It raises questions about the natural instincts of Clinton that when confronted with a serious domestic political scandal, she tries to blame the Russians, blame the Chinese, et cetera. Because if she does that while in government, it could lead to problems.” (CNN, 7/27/2016)

July 26, 2016: US intelligence agencies have “high confidence” that the Russian government is behind the hack of DNC emails.

160726RussianFederalSecurityService

Emblem of the Russian Federal Security Service (Credit: public domain)

The New York Times claims this is according to unnamed “federal officials who have been briefed on the evidence.” But these officials are uncertain if the hack is part of “fairly routine cyberespionage” or part of an effort to manipulate the 2016 US presidential election. The DNC (Democratic National Committee) emails were  published by WikiLeaks on July 22, 2016, causing political turmoil for Democrats and resulting in the resignation of Debbie Wasserman Schultz, from her position as DNC chair.

The federal investigation, involving the FBI and other intelligence agencies began in April 2016, when the hack was first detected. It has concluded that the Russian Federal Security Service (Federal’naya Sluzhba Bezopasnosti or FSB) entered the DNC’s computer network in the summer of 2015. (This corresponds with previous reports of a hacking by a Russian group known as Cozy Bear or APT 29.) The Rusian Main Intelligence Directorate (Glavnoje Razvedyvatel’noje Upravlenije or GRU) independently penetrated the same network later. (This corresponds with previous reports of a hacking by a Russian group known as Fancy Bear or APT 28.) Investigators believe the GRU has been playing a larger role in publicly releasing the emails.

The Times says the intelligence community’s conclusion puts pressure on President Obama to publicly accuse Russia of orchestrating the hacking, which could negatively impact the diplomatic relationship between the US and Russia in general. (The New York Times, 7/26/2016)

July 26, 2016: President Obama suggests Russians could be behind the hack that led to the WikiLeaks release of DNC emails.

President Obama is asked if Russia could be behind hacks that led to 20,000 Democratic National Committee (DNC) emails getting released by WikiLeaks. He says the FBI is still investigating but also “experts have attributed this to the Russians.”

160726ObamaGuthrieNBCNews

Obama (left) is interviewed by Today’s Savannah Guthrie on July 26, 2016. (Credit: NBC)

He adds, “What we do know is is that the Russians hack our systems. Not just government systems, but private systems. But you know, what the motives were in terms of the leaks, all that — I can’t say directly. What I do know is that Donald Trump has repeatedly expressed admiration for Vladimir Putin.”

Asked if he’s suggesting that Russian leader Vladimir Putin could be motivated to help Trump win the November 2016 election, Obama replies, “I am basing this on what Mr. Trump himself has said. And I think that — Trump’s gotten pretty favorable coverage­­­ — back in Russia.” (Politico, 7/26/2016)

He stops stopped short of accusing Russia of trying to manipulate the election, but says “anything’s possible.” He also claims that “on a regular basis, [the Russians] try to influence elections in Europe.” (The New York Times, 7/26/2016)

July 26, 2016: A cybersecurity group claims to have new evidence that Guccifer 2.0 is actually a team of Russian hackers.

Guccifer 2.0 is a hacker who claims he broke into the Democratic National Committtee (DNC) computer network and then gave the emails he found to WikiLeaks. He also claims to be an East European with no connection to Russia.

160726ThreatConnectLogopublic

Threat Connect Logo (Credit: public domain)

However, the cybersecurity research group ThreatConnect claims to have new evidence linking Guccifer 2.0 to an Internet server in Russia and to a digital address that has been linked to previous Russian online scams. They conclude that Guccifer 2.0 is actually an “apparition created under a hasty Russian [denial and deception] campaign” to influence political events in the US.

Their report concludes, “Maintaining a ruse of this nature within both the physical and virtual domains requires believable and verifiable events which do not contradict one another. That is not the case here.” For instance, Guccifer 2.0 claims to have broken into the DNC network in the summer of 2015 using a software flaw that didn’t exist until December 2015.

Furthermore, the Guccier 2.0 entity is “a Russia-controlled platform that can act as a censored hacktivist. Moscow determines what Guccifer 2.0 shares and thus can attempt to selectively impact media coverage, and potentially the election, in a way that ultimately benefits their national objectives.” (The Daily Beast, 7/26/2016)

 

July 27, 2016: Trump says he hopes Russia or someone else has Clinton’s deleted emails; he wants them given to the FBI.

Republican presidential candidate Donald Trump speaks during a news conference at Trump National Doral, Wednesday, July 27, 2016, in Tampa, Fla. (AP Photo/Evan Vucci)

Trump speaks during a news conference at Trump National Doral on July 27, 2016, in Tampa, Florida. (Credit: Evan Vucci / The Associated Press)

In a press conference, Republican presidential nominee Donald Trump says about Russia and Clinton’s emails, “By the way, if they hacked, they probably have her 33,000 emails. I hope they do. They probably have her 33,000 emails that she lost and deleted.”

He also addresses the country directly: “Russia, if you’re listening, I hope you can find the 33,000 emails that are missing. I think you will probably be rewarded mightily by our press.”

Trump is then asked by NBC News reporter Katy Tur, “Do you have any qualms about asking a foreign government, Russia, China, anybody, to interfere, to hack into a system of anybody’s in this country?”

He replies, “It’s up to the president. Let the president talk to them. Look, here’s the problem, here’s the problem, Katy. He has no respect-”

Tur interrupts him to say, “You said, ‘I welcome them to find those 30,000 emails-‘”

But Trump then interrupts her to say, “Well, they probably have them. I’d like to have them released.”

Tur asks, “Does that not give you pause?”

He replies, “Nope, gives me no pause. If they have them, they have them.”

Later in the day, Trump posts an additional comment on Twitter: “If Russia or any other country or person has Hillary Clinton’s 33,000 illegally deleted emails, perhaps they should share them with the FBI!”

Clinton’s senior policy adviser Jake Sullivan issues a critical statement in response to Trump’s comments: “This has to be the first time that a major presidential candidate has actively encouraged a foreign power to conduct espionage against his political opponent. This has gone from being a matter of curiosity and a matter of politics, to being a national security issue.” (Talkingpointsmemo.com, 7/27/2016)

Also later in the day, Trump spokesperson Jason Miller says that “clearly saying” Russia should share emails with the FBI. “To be clear, Mr. Trump did not call on, or invite, Russia or anyone else to hack Hillary Clinton’s email today.” (The Hill, 7/27/2016)

The next day, Trump calls the suggestion that Russia is trying to help him by leaking the emails is a “joke.” He also says that when he said he hoped Russian hackers found Clinton’s emails and shared them with the FBI,  he was only “being sarcastic.” (The Hill, 7/28/2016)