Whether the Russian government directed hackers to break into the Democratic National Committee’s servers and steal opposition research on Donald Trump and other documents recently is an open question.
But experts said the hacking reflects the latest cyber and traditional espionage that Moscow has been pursuing lately: collecting data surreptitiously, often for years, with the goal of using information to humiliate and destabilize the country’s rivals rather than steal money, industrial secrets or military information.
To be sure, Russia still aims to gain information on NATO, American politics and other issues. But Russia’s cyberspies are following the examples of some activists and hackers who seek to violate their targets to score points in the realms of politics and public relations.
“We see a definite shift in cyberattacks from the financial-motivated or state-motivated theft,” said Dave Ostertag, global investigations manager at Verizon who helped produce the telecommunication company’s respected 2016 Data Breach Investigations Report, speaking to VICE News. “The data is being stolen more for embarrassment purposes. We see data posted somewhere on the internet simply to embarrass.”
News of the yearlong alleged Russian hacking broke on Tuesday. A company hired by the Democrats to investigate the breach, CrowdStrike Services, said groups codenamed Fancy Bear and Cozy Bear were behind the infiltrations. They are likely to be Russian, believed to work for Russia’s military intelligence service, or GRU, and the Federal Security Service, or FSB, the successor agency to KGB that Russian President Vladimir Putin once led, said CrowdStrike, but were likely not coordinating their spying.
Soon after the news broke, however, a supposed lone wolf hacker or group of hackers called Guccifer 2.0 — an allusion to a Romanian hacker who allegedly broke into the personal email accounts of former Presidents George H.W. Bush and George W. Bush and published awkward photos of the family — posted what appear to be the documents that CrowdStrike claimed were stolen by the Russians. Guccifer 2.0 said WikiLeaks now had the files and would publish them soon.
They include potential Democratic lines of attack in the upcoming faceoff between the presumptive presidential candidates, Democrat Hillary Clinton and Republican Trump, including references to Trump’s ex-wife’s claim that he raped her.
The Democrats and their consultants haven’t confirmed the documents are real but they have raised questions about Guccifer 2.0’s claims that he, she or they acted alone.
“CrowdStrike stands fully by its analysis,” the company said on Wednesday in a statement. “Whether or not this posting is part of a Russian Intelligence disinformation campaign, we are exploring the documents’ authenticity and origin.”
Russia has denied involvement in the incident.
Joel Harding, a consultant and former officer in the Army’s intelligence command, said he believed the Russians were behind the hack. He couldn’t prove it and didn’t think anyone could definitely say unless the Russian security agencies committed a stupid mistake. But a major political party is an obvious target for Russian government hackers, he said.
The outcome of the hack also suggests Moscow was behind it, Harding said. Russia has doubled down on “information warfare,” or using and manipulating the media and other public information to achieve its geopolitical goals, he said. Meddling in an American election and suggesting the Democrats are preparing to smear Trump, thus lending support to the real estate tycoon whom Putin has praised, is in that vein.
Russia has hacked into Ukrainian national guard websites and inserted a press release saying they were preparing to violate a ceasefire. It also shut down Estonian networks when that country planned on moving a Soviet war memorial.
But while the GRU or FSB, or both, may have been using Russia’s advanced cyberespionage methods to attack the Democratic National Committee, the state of Russian traditional espionage is not great, according to a report issued last month by the European Council on Foreign Relations. The Kremlin’s intelligence agencies, it said, competed with each other as much as they spied on other countries, often duplicating efforts and acting sloppily.
“Unlike the hydra with its single controlling intellect, the agencies are often divided, competitive, and poorly tasked,” the report said. “They are certainly not in charge of the Kremlin, but nor is the Kremlin wholly adept at managing them.”
The report also noted that Russian cyberespionage often included “disinformation campaigns and political dirty tricks.”
Harding agreed that the Russian intelligence services jockeyed against each other. But he said Putin has been increasing Russia’s espionage budget to beef up spying abroad while also imposing order on the services’ bureucracies.
“I know they are creating new cyber agencies. They are really investing in cyberespionage and they are really investing in intelligence,” Harding said. “You have sleeper agents around the world, you have cyberespionage around the world and you have the combination of the two.”
Similarly, Politico recently reported that the number of Russia’s spies in Europe had roughly doubled in recent years as tensions have escalated between Russia and the West. It’s impossible to be sure about the proportion of additional spies, said Harding. But Russia is more aggressive than ever in planting agents, as well as viruses that can quietly suck up information and access that might someday prove useful for as-yet-unknown purposes, he said.
“They are eating up the EU, all the counties in Europe,” said Harding, “and spying on the US and Canada.”