Russians Suspected of Hacking Democrats Also Went After Republicans, Researchers Say
Cybersecurity experts have linked one of the groups that stole emails from the DNC to a campaign against lawmakers and officials, including John McCain.
For weeks, Democratic politicians have been bracing for the release of more embarrassing emails that U.S. officials believe were stolen by Russian hackers and then handed over to WikiLeaks.
But Republicans have reason to worry, too. Computer security researchers are linking one of the Russian groups that stole emails from the Democratic National Committee to a campaign that hacked the staff of at least three GOP lawmakers, as well as state-level party officials across the country.
Back in June, a little-noticed website called DCLeaks published the emails of various political and military figures. Most public attention focused on emails written by retired Gen. Philip Breedlove, formerly the supreme allied commander of NATO.
But the DCLeaks cache also included emails from hundreds of Republican politicos, including of campaign staff for Sens. John McCain and Lindsey Graham, who ran for president this year, as well as Republican Michele Bachmann, a former member of Congress who ran for president in 2012. The lawmakers had served on sensitive committees including Armed Services and Intelligence. DCLeaks also published messages from party officials in Wyoming, Illinois, Connecticut, and Texas.
The Daily Beast contacted multiple offices of those implicated in the hack, including McCain and Graham, but received no response.
The published emails are mostly innocuous and mundane. But the hackers also gave no indication of whether they had more information or had compromised the accounts of people whom they didn’t publicly expose.
Speaking privately, an individual close to the investigation of the Democratic Party hacks said there is a growing presumption that candidates, officials, and operators in both parties are being targeted.
“Everyone is sweating this right now,” the person said. “This isn’t just limited to Democrats.”
Some U.S. officials suspect that the DNC hack, and a subsequent penetration of the Democratic Congressional Campaign Committee, is part of a Russian “active measures” campaign to influence the presidential election, perhaps in favor of Donald Trump, who has been praised by Russian President Vladimir Putin and has had business dealings in Russia.
But the targeting of GOP officials suggests that the campaign could more broadly be aimed at collecting potentially incriminating information about candidates in both parties. In that sense, the campaign tends to fit more with the standard modus operandi of a foreign intelligence organization, which is to spy on anyone in a position of power, regardless of party.
Researchers at computer security company ThreatConnect, which has been analyzing the Democratic hacks, called DCLeaks a “Russian-backed influence outlet.”
In a blog post Friday afternoon, the researchers noted that the site had exposed the emails of a former regional field director for the DNC “whose email account was breached in the same manner as a known FANCY BEAR attack method.”
Fancy Bear is one of the monikers used for a Russian hacker group that U.S. officials say was one of two groups that infiltrated the DNC.
“DCLeaks’ registration and hosting information aligns with other FANCY BEAR activities and known tactics, techniques, and procedures,” ThreatConnect’s researchers found.
What’s more, the researchers have also linked a hacker that goes by the name Guccifer 2.0, and is suspected of working for Russia, with DCLeaks.
Guccifer 2.0 claims to be the source of the DNC emails to WikiLeaks, which published them just prior to the Democratic convention in Philadelphia last month. The emails showed that DNC staffers discussed how to undermine the campaign of Bernie Sanders. DNC Chair Debbie Wasserman Schultz resigned in the wake of the disclosures.
WikiLeaks founder Julian Assange has hinted that there are more emails coming. And earlier this week, Trump adviser Roger Stone seemed to confirm that when he said at a public appearance that he had been in touch with Assange and learned that “the next tranche of his documents pertain to the Clinton Foundation…”
Emails that were disclosed this week as part of a lawsuit into Hillary Clinton’s private email server raised questions about whether her staff were doing political favors on behalf of big-dollar donors to the foundation. The Clinton campaign has consistently denied that charge, but questions of conflict of interest have dogged the candidate.
The new evidence of links between DCLeaks and the Russian hackers also undercuts another conspiracy theory that Assange has helped to fuel: That a murdered 27-year-old DNC staffer may have been the source of emails to WikiLeaks.
In an interview with a Dutch television journalist this week, Assange implied that Setch Rich was the source and that he may have been murdered on a Washington, D.C., street in July for divulging information.
That seems highly unlikely. For starters, hackers who have access to the purloined emails have been communicating with journalists since Rich was killed. But researchers, at ThreatConnect and elsewhere, also now believe that Guccifer 2.0 was WikiLeaks’ source and that the group is acting as a front for the Russian government.
Speaking on condition of anonymity, a U.S. official told The Daily Beast this week that there is no evidence in the investigation of the DNC and other hacks that Rich played any role.