DNC Computer Intrusion – Bernie Sanders’ Insider or Russian Hackers?

During the 2016 Election Campaign the there were two releases of information via WikiLeaks; 1) DNC E-mails that were released beginning on July 22, 2016, just prior to DNC convention and 2) John Podesta’s e-mails that were released in 35 parts, part 1 on October 8th and part 35 on election day, November 7, 2016, a total of 58,375 e-mails.

In addition there were also leaks of DNC server information via DCLeaks and Guccifer 2.0.

This article will focus on the July release of DNC e-mails.

The Case For a Russian Hack

September 2015

When Special Agent Adrian Hawkins of the Federal Bureau of Investigation called the Democratic National Committee in September 2015 to pass along some troubling news about its computer network, he was transferred, naturally, to the help desk.

His message was brief, if alarming. At least one computer system belonging to the D.N.C. had been compromised by hackers federal investigators had named “the Dukes,” a cyberespionage team linked to the Russian government.

The F.B.I. knew it well: The bureau had spent the last few years trying to kick the Dukes out of the unclassified email systems of the White House, the State Department and even the Joint Chiefs of Staff, one of the government’s best-protected networks.  [NY Times]


The DNC response was low key to say the least, their tech-support tech wrote:

DNC Response to FBI call [op cit.]

FBI Director, James Comey, has confirmed that the DNC denied the FBI access to their server, for forensic analysis, in the time leading up to April of 2016.

The bureau made “multiple requests at different levels,” according to Comey, but ultimately struck an agreement with the DNC that a “highly respected private company” would get access and share what it found with investigators.

The Old Curmudgeon comments
Three obvious reasons pop to mind, 1) they feared some damaging evidence re: HRC personal server would be divulged, 2) they feared that evidence of a crime would be divulged, or 3) they feared an internal leak would be found, vice an external hack.

Finally in April of 2016 they hired CrowdStrike Services to review the security of its system and install a “robust set of monitoring tools,” (internal DNC memo by Mr. Yared Tamene, a tech-support contractor at the DNC [op cit.])

On June 12th Julian Assange issued a statement about an impending release of e-mails relating to HRC.  ““We have upcoming leaks in relation to Hillary Clinton … We have emails pending publication, that is correct,”

On June 14, 2016 the Washington Post broke the story and on June 15, 2016 Crowdstrike went public, implicating two Russian hacking groups, with ties to the Government.  This was in response to a claim by Guccifer 2.0 that he was the source of the breech.  As proof he released the Oppo Research file on DJT and other documents the most recent, Jan. 12, 2017,  a denial that he has any ties to Russia.

TOC Trump Oppo [op cit]
On October 7, 2016 DHS and DNI issued a joint statement:

The recent disclosures of alleged hacked e-mails on sites like DCLeaks.com and WikiLeaks and by the Guccifer 2.0 online persona are consistent with the methods and motivations of Russian-directed efforts. These thefts and disclosures are intended to interfere with the US election process. Such activity is not new to Moscow—the Russians have used similar tactics and techniques across Europe and Eurasia, for example, to influence public opinion there. We believe, based on the scope and sensitivity of these efforts, that only Russia’s senior-most officials could have authorized these activities.

It is reported that on November 17 ” James Clapper, the nation’s top intelligence officer, told Congress his agencies “don’t have good insight” into a direct link between WikiLeaks and the emails supposedly hacked by a Russian operation from Democrats and the Hillary Clinton campaign.

On December 14, 2016 James Clapper cancelled classified briefing to House Intelligence Committee.

[Devin] Nunes [Rep CA – Chairman] had requested that National Intelligence Director James Clapper, with participation from FBI Director James Comey and CIA Director John Brennan, brief committee members in a closed session on Thursday. That briefing has now been cancelled.

The California Republican, in a letter sent to Clapper on Monday, said he wanted clarification about why the CIA is now saying that Russian hacks of political campaign committees earlier this year appeared to be aimed at helping President-elect Donald Trump and hurting Democrat Hillary Clinton. Nunes pointed to testimony from Clapper in a public hearing in November that the Intelligence Community lacked the evidence to draw such a conclusion.  [USA Today]

On December 29, 2016 the Department of Homeland Security issued a Joint Analysis Report which attributed the attacks to “Russian civilian and military intelligence Services (RIS)” groups code named  as APT28 and APT 29, where APT is mnemonic for Advanced Persistent Threat.

Both groups have historically targeted government organizations, think tanks, universities, and corporations around the world. APT29 has been observed crafting targeted spear phishing campaigns leveraging web links to a malicious dropper; once executed, the code delivers Remote Access Tools (RATs) and evades detection using a range of techniques. APT28 is known for leveraging domains that closely mimic those of targeted organizations and tricking potential victims into entering legitimate credentials. APT28 actors relied heavily on shortened URLs in their spear phishing email campaigns. Once APT28 and APT29 have access to victims, both groups exfiltrate and analyze information to gain intelligence value. These groups use this information to craft highly targeted spear phishing campaigns. These actors set up operational infrastructure to obfuscate their source infrastructure, host domains and malware for targeting organizations, establish command and control nodes, and harvest credentials and other valuable information from their targets.

The Baltimore Sun had this to say about the JAR,

[It] met widespread criticism in the technical community. Worse still, some of the advice it offered led to a very alarmist false alarm about supposed Russian hacking into a Vermont electric power station.

Advertised in advance as providing proof of Russian hacking, the report fell embarrassingly short of that goal. The thin gruel that it did contain was watered down further by the following unusual warning atop page 1: “DISCLAIMER: This report is provided ‘as is’ for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within.”

On January 6, 2017 Mother Jones reported:

The Office of the Director of National Intelligence on Friday released its declassified report on Russia’s efforts to influence the outcome of the 2016 election by hacking Democratic outfits during the campaign.

The report comes a day after top intelligence officials, including Director of National Intelligence James Clapper and National Security Agency Director Michael Rogers, testified before the Senate Armed Services Committee on the issue. During the hearing, Clapper said the intelligence community has grown more “resolute” in its assessment that Russian intelligence was involved in the hacks aimed at the Democratic National Committee and Hillary Clinton campaign chairman John Podesta. On Friday, Clapper, Rogers, FBI Director Jim Comey, and CIA Director John Brennan briefed President-elect Donald Trump on the classified evidence linking Russia to the hacks and the leaking of the swiped emails. After the briefing, Trump released a statement noting that Russia is one of many actors that try to hack US targets, but the statement did not acknowledge the US intelligence community conclusion that Moscow had mounted the cyberattack against the United States as part of an operation to help elect Trump president.

The report concluded:
President Obama, in his final press conference, January 18, 2017 make an interesting statement, confirming that DNC computer breach was an inside job (leak vs hack).
  1.    “… not conclusive whether of not WikiLeaks was witting or not in being the conduit through which we heard about the DNC e-mails that were leaked …” (14 sec in)”

The Case For Bernie Sander’s Insider

On July 25, 2016, just 2 day after WikiLeaks posted the the documents, ABC reported, under the headline The 4 Most Damaging Emails From the DNC WikiLeaks Dump:

WikiLeaks leaked nearly 20,000 emails on Friday from top Democratic National Committee officials, exchanged from January 2015 through May 2016. Several emails released show that although the DNC was supposed to remain neutral during the primary contest, officials grew increasingly agitated with Bernie Sanders and his campaign, at some points even floating ideas about ways to undermine his candidacy.

Regardless of who was behind the leak, the fallout for the DNC has been severe. Just one day before the Democratic convention was set to begin, DNC Chairwoman Debbie Wasserman Schultz announced her resignation, effective at the end of the week. And as expected, Sanders supporters, hundreds of whom are delegates at the convention, are furious about the content of the emails.

[The 4 emails:]

[1]  DNC Chairwoman Debbie Wasserman Schultz Calls Sanders Campaign Manager Jeff Weaver an “A–” and a “Liar”

[2]  One email shows that a DNC official contemplated highlighting Sanders’ alleged atheism — even though he has said he is not an atheist — during the primaries as a possibility to undermine support among voters.

[3]  “Wondering if there’s a good Bernie narrative for a story which is that Bernie never ever had his act together, that his campaign was a mess,” DNC National Secretary Mark Paustenbach wrote in an email to National Communications Director Luis Miranda on May 21. After detailing ways in which the Sanders camp was disorganized, Paustenbach concludes, “It’s not a DNC conspiracy it’s because they never had their act together.”

[4]  As the primary season wore on, Wasserman Schultz appeared to grow exasperated with Sanders’ desire to stay in the race when the delegate math was against him — in one email lamenting the fact that he is an independent in the Senate but was running as a Democrat in the primaries. In an April 24 email she received with an article describing the ways Sanders felt the DNC was undermining his campaign, she wrote back, “Spoken like someone who has never been a member of the Democratic Party and has no understanding of what we do.”

On July 22nd Real Clear Politics’ Head to Head Average of National Polls had HRC leading by 2.6% (44.2 vs 41.6).  By August 27 her lead had grown to 6.3% (48.4 vs 42.1).  DJT had a bump in the polls between the July 22nd and July 30th while HRC remained flat.  [Post convention bump, Wikileaks, or combination?]

HRC had a 5% – 7% lead from Aug 3rd to the 27th, therefore it is difficult to argue that the WikiLeaks e-mail releases had a negative impact on her campaign.


While these were some of the headlines during that period:

  • DNC chairwoman will resign in aftermath of committee email controversy [The Washington Post, 7/24/16]
  • Bernie  Sanders’ Hollywood Supporters Stage Another Protest At Democratic Convention [Variety, 7/27/16]
  • Bernie Sanders supporters protesting outside DNC distance themselves from flag burning [LA Times, 7/29/16]
  • Why were Democrats at convention so angry? [Daily News, 7/29/16]
  • Sanders’ Washington state loyalists not yet basking in the Clinton glow [The Seattle Times, 7/30/16]
  • Clinton must figure out how to bridge the divide with Sanders loyalists [Philly.com/The Inquirer, 7/31/16]

The thrust of the leaks was the DNC’s bias against Bernie Sanders.  ThinkProgress

ThinkProgress is a news site dedicated to providing our readers with rigorous reporting and analysis from a progressive perspective.

under the headline:

Debbie Wasserman Schultz Resigns From DNC In Wake Of WikiLeaks Email Dump

At the time Wasserman Schultz released her statement, thousands of supporters of Sen. Bernie Sanders (I-VT) were marching through Philadelphia, some of whom were calling for her resignation.


A supporter of Sen. Bernie Sanders, I-Vt., holds up a sign call calling for Debbie Wasserman Schultz, chairwoman of the Democratic National Committee to be fired, Sunday, July 24, 2016, in Philadelphia. CREDIT: AP PHOTO/ALEX BRANDON [ThinkProgress]

ThinkProgress went on to report:

Sanders praised her decision to step down “for the future of the Democratic Party,” and called for more open, transparent, and impartial leadership.

The scenario of a leak, is not mutually exclusive with the DNC servers having been penetrated by one or more individuals or groups (Dukes, Guccifer 2.0, APT28, APT29, Cozy Bear, Fancy Bear, DCLeaks source).  Nor, is the scenario of the system having been hacked mutually exclusive of the material being leaked by an insider.  Couple this with the inherent bias, of organizations that search for external penetrations, which leads them to find external penetrations.  Thus it is not surprising that FBI and CrowdStrike ascribed the source of the information to a hack.

Remember the DNC did not allow the FBI to do a forensic analysis of their servers.

Julian Assange on Source

NBC Nightly News reported on July 25, 2016:

Assange to Richard Engel: No Proof Russians Used WikiLeaks in DNC Leak

The Belfast Telegraph reported on December 16, 2016:

Julian Assange: Russian government not source of leaked DNC and Podesta emails – WikiLeaks editor contradicts CIA claims in new interview

Can we ascribe a motivation

Given the fact that the press focused on the HRC bias of the DNC it is reasonable to believe that a Bernie Sanders supporter could have leaked the information.

Likewise it is reasonable to believe that the Russians were trying to embarrass HRC.

The NY Times reported, on December 16, 2016:

Clinton Says ‘Personal Beef’ by Putin Led to Hacking Attacks

Hillary Clinton said on Thursday that the hacking attacks carried out by Russia against her campaign and the Democratic National Committee were intended “to undermine our democracy” and were ordered by Vladimir V. Putin “because he has a personal beef against me.”

Speaking to a group of donors in Manhattan, Mrs. Clinton said that Mr. Putin, the Russian president, had never forgiven her for the accusation she made in 2011, when she was secretary of state, that parliamentary elections his country held that year were rigged.

“Putin publicly blamed me for the outpouring of outrage by his own people, and that is the direct line between what he said back then and what he did in this election,” Mrs. Clinton said.

“Make no mistake, as the press is finally catching up to the facts, which we desperately tried to present to them during the last months of the campaign,” Mrs. Clinton told the group, which collectively poured roughly $1 billion into her effort. “This is not just an attack on me and my campaign, although that may have added fuel to it. This is an attack against our country. We are well beyond normal political concerns here. This is about the integrity of our democracy and the security of our nation.”

Without a through forensic analysis of the DNC’s servers we may never know the source of the information, a leak or a hack.

There is also the question: If Russian Intelligence Services had been in the server via an affiliated hacking group, why would they have another group hack the same system, risking detection and exposure of the fist penetration in any subsequent investigation?




Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s