Questions remain over Russian responsibility for passing stolen DNC emails to WikiLeaks
In October, the national intelligence agencies released their official assessment that the Russian Government was responsible for the massive data theft against targets in the Democratic Party, but questions still remain over how WikiLeaks got access to the cache of emails that it released drip by drip throughout the election season.
New claims by a former UK ambassador provide another possible explanation as to how the embarrassing emails wound up in the public domain. Craig Murray, a former UK ambassador to Uzbekistan and self-described "close associate" of WikiLeaks founder Julian Assange, says it was a disgruntled insider who leaked the emails.
"Neither of [the leaks] came from the Russians," Murray said in an interview with the Daily Mail on Tuesday. "The source had legal access to the information. The documents came from inside leaks, not hacks."
According to Murray, the personal emails of Hillary Clinton's campaign manager, John Podesta and the cache of emails from the Democratic National Committee (DNC) and Democratic Congressional Campaign Committee (DCCC), were obtained by an insider who then passed the information on to Wikileaks through a series of intermediaries, including Murray himself.
Murray's account supports prior assertions by WikiLeaks and Assange, who stated unequivocally in an interview with Russia's RT, "the Russian government is not the source" of the leaked emails. Russian officials have denied playing a role in hacking U.S. political parties, calling allegations of their interference in the election "ridiculous."
The leaked emails directly contributed to the July resignation of DNC chairwoman Debbie Wasserman-Schultz, and are thought to have damaged Hillary Clinton's campaign, contributing to the widespread perception that she was not "honest and trustworthy."
In a recent white paper, Ben Buchanan and Michael Sulmeyer, both affiliated with the Harvard Belfer Center's cyber security project, argue that there is ample evidence suggesting the theft and leaking of Democrats's emails were tied to "very senior levels of the Russian government." In the report, they write that after successfully hacking the targeted institutions, "the Russians chose to pass this pilfered information to outlets like WikiLeaks and news organizations."
Additional reports suggest the information was not directly passed to WikiLeaks by Russian intelligence, but distributed through two "cut-outs," who published the stolen documents, a website called DC Leaks and a hacker using the pseudonym of Guccifer 2.0.
Dmitry Alperovitch, co-founder of the cyber security firm CrowdStrike, was called in to perform the forensic analysis for the DNC. Based on his investigation, he concluded that the digital theft was carried out by actors "affiliated with the Russian intelligence services."
In a detailed blog post on CrowdStrike's findings, Alperovitch reported that the incident response team "immediately identified" two adversaries on the DNC network that were well-known to CrowdStrike, "Cozy Bear" and "Fancy Bear." The cyber security firm considers the two to be "some of the best adversaries out of all the numerous nation-state, criminal and hacktivist/terrorist groups we encounter on a daily basis."
"Their tradecraft is superb, operational security second to none," Alperovitch continued, adding that their methods are "consistent with nation-state level capabilities."
Not long after the breach was detected, the stolen information was published by the two sources referred to above, DC Leaks and Guccifer 2.0. According to ThreatConnect, a cyber security and incident response firm, those two entities are little more than fronts, or cut-outs, for the sophisticated adversaries identified by CrowdStrike.
Guccifer 2.0 is most likely "a Russian denial and deception (D&D) effort," or a front to spread Fancy Bear and Cozy Bear's materials, ThreatConnect concluded. Similarly, DC Leaks is another Russian D&D effort, that "aligns with other Fancy Bear activities and known tactics, techniques, and procedures."
While the analysis by the cyber security firms is technical and complex, there is one link in the chain from Cozy Bear and Fancy Bear to WikiLeaks that is plain. After WikiLeaks published the DNC emails just before the Democrat's nominating convention, Guccifer 2.0 bragged via Twitter, "@wikileaks publshed #DNCHack docs I'd given them!!!"
Attribution in the cyber domain is admittedly difficult, but both independent experts and federal law enforcement say it can be done with a high degree of certainty, as hackers leave behind traces of their activity at the scene of the crime.
However, tracing that chain of custody of stolen materials is "much harder," according to Nicholas Weaver, a network security expert at U.C. Berkeley's computer science institute. The only information that could confirm that chain of custody would come from the NSA or CIA, and it is highly unlikely they could make that information public without compromising sources and methods. Weaver concluded clearly, "the Russians stole the data, and either passed it to Wikileaks or passed it to someone to pass to Wikileaks."
"All the evidence, both public and still secret, points towards the Russians having stolen the emails, while there is effectively no evidence for any competing hypothesis," Weaver said.
In Murray's explanation of the Democratic data leak, he firmly attributes a motive to the individual or individuals who took the documents. In his interview, Murray says the leakers were motivated by "disgust at the corruption of the Clinton Foundation and the tilting of the primary election playing field against Bernie Sanders."
In the scenario of a Russian Government sponsored hack, there is still intense debate over the motive.
The Washington Post ran a story leaking a secret CIA assessment that Russia had intentionally interfered in the 2016 election with the intent to get Donald Trump elected president. The report came out of a classified briefing given to senators by representatives of multiple intelligence agencies. Despite extensive reporting on the story, the CIA has not publicly confirmed this assessment.
According to the same leaked report, the FBI official attending the classified briefing disagreed with the CIA and would not corroborate the assessment that the Russian government was seeking to put Trump in the White House.
After the Senate received what appeared to be a bombshell briefing from the CIA, reflecting a significantly changed intelligence assessment, the chairman of the House Select Committee on Intelligence requested a briefing for the lower chamber. On Wednesday, Nunes released a statement saying that his request was denied.
“It is unacceptable that the Intelligence Community directors would not fulfill the House Intelligence Committee’s request to be briefed tomorrow on the cyber-attacks that occurred during the presidential campaign,” Nunes said in a statement released Wednesday night. He continued that the House committee "is deeply concerned that intransigence in sharing intelligence with Congress can enable the manipulation of intelligence for political purposes."
That very specter of politicized intelligence assessments, was raised late last week by Donald Trump's transition team who indirectly accused the CIA of producing political intelligence on the issue of Russian election interference. "These are the same people that said Saddam Hussein had weapons of mass destruction," the Trump team said in Friday statement.
According to Weaver, the reason the intelligence community refused to brief the House is out of concern that members of the House might "corrupt an ongoing investigation with political meddling." With the investigation into Russian motives for the hack and possible coordination between various parties, he concluded, "It is too early to brief the committee while the investigation is ongoing."
With reports of Russian interference in the elections and conflicted reports about possible intent to sway the results, both houses of Congress are now looking to investigate both Russian election interference and malicious cyber activities more generally.
As it stands, there is no consensus as to whether or not the DNC and other leaks effectively swayed the election for Trump, but there are at least three theories circulating as to how the leaks occurred. First, entities associated with the Russian intelligence services stole the emails and passed them to WikiLeaks through digital personas. Second, a democratic insider, disgusted by the party, handed the information to WikiLeaks through a former British ambassador. Or third, as Donald Trump suggested, it was "somebody sitting on their bed that weighs 400 pounds," or "some guy in his home in New Jersey."