GET THE FREE NATIONAL CYBER SECURITY APP FOR YOUR PHONE AND TABLET
Officials are increasingly confident that the Russian government is intensifying a campaign to steal U.S. computer records and leak damaging information to the American public
WASHINGTON—U.S. officials are increasingly confident that the hacker Guccifer 2.0 is part of a network of individuals and groups kept at arm’s length by Russia to mask its involvement in cyberintrusions such as the theft of thousands of Democratic Party documents, according to people familiar with the matter.
While the hacker denies working on behalf of the Russian government, U.S. officials and independent security experts say the syndicate is one of the most striking elements of what looks like an intensifying Russian campaign to target prominent American athletes, party officials and military leaders.
A fuller picture of the operation has come into focus in the past several weeks. U.S. officials believe that at least two hacking groups with ties to the Russian government, known as Fancy Bear and Cozy Bear, are involved in the escalating data-theft efforts, according to people briefed on the Federal Bureau of Investigation’s probe of the cyberattacks.
Following successful breaches, the stolen data are apparently transferred to three different websites for publication, these people say. The websites—WikiLeaks, DCLeaks.com and a blog run by Guccifer 2.0—have posted batches of stolen data at least 42 times from April to last week.
WikiLeaks has published U.S. secrets for years but has recently taken an overtly adversarial tone toward Democratic presidential nominee Hillary Clinton. Cybersecurity experts believe that DCLeaks.com and Guccifer 2.0 often work together and have direct ties to Russian hackers.
Guccifer 2.0 said in a Twitter direct message sent to The Wall Street Journal that he wants to expose corruption in politics and shine light on how companies influence policy. The hacker said he also hopes to expose “global electronization.”
“I think I won’t have a better opportunity to promote my ideas than this year,” Guccifer 2.0 added in a long exchange with a Journal reporter.
The Journal cannot verify the identity of the person sending messages on behalf of Guccifer 2.0, but the account is the same one that was used to publish personal information about Democrats. A posting on a blog run by Guccifer 2.0 says he is a man who was born in Eastern Europe, has been a hacker for years and fears for his safety.
“I think u’ve never felt that feeling when u r crazy eager to shout: look everyone, this is me, this is me who’d done it,” the hacker wrote to the Journal. “but u can’t.”
WikiLeaks officials didn’t respond to requests for comment on whether Russia fed them the stolen files published by WikiLeaks in July. A representative for DCLeaks.com asked the Journal to submit questions via email but hasn’t responded to them.
Last week, U.S. intelligence chief James Clapper said it “shouldn’t come as a big shock to people” that Russia is behind the hacking operation. While Russia has tried to interfere in U.S. elections since at least the 1960s by spying and funneling money to particular political groups, “I think it’s more dramatic maybe because now they have the cyber tools,” he said.
Earlier this month, leaked emails from former Secretary of State Colin Powell on DCLeaks.com revealed him calling Republican presidential nominee Donald Trump a “national disgrace” and accusing Mrs. Clinton of “unbridled ambition” and being “greedy, not transformational.”
German officials said last week that hackers have sought to infiltrate computer systems of several German political parties. Two officials familiar with the investigation say there is evidence Fancy Bear was involved in the attempted German hack.
Longtime Russia analysts say its goal in the U.S. might be to attack the basic credibility and reputation of institutions such as the military, election system, political parties and the federal government more broadly.
Russian President Vladimir Putin has said disclosure of U.S. records is a public service. He has denied involvement in the hacks, and Russian officials have said they don’t interfere in the democratic process in other countries.
In August, Russian Foreign Minister Sergei Lavrov said critics were falsely trying to pin offenses on Moscow.
“We can hear and see Russophobia, which is off the charts in the U.S. media,” Mr. Lavrov said. “We are portrayed as a global villain and the enemy of the United States and the entire progressive world.”
Signs of an escalating strategy emerged in April when DCLeaks.com published batches of emails stolen from U.S. Air Force Gen. Philip Breedlove, then the top military commander of the North Atlantic Treaty Organization.
Gen. Breedlove was one of the U.S. government’s biggest Russia critics, warning openly about the country’s aggression toward Ukraine and the West while other U.S. leaders were taking a lower-key approach.
He realized his Facebook, LinkedIn and Gmail accounts had been hacked when friends started receiving strange messages purporting to be from him. Then he found out that DCLeaks.com posted dozens of his emails.
From the start, Gen. Breedlove had little doubt that Russia was behind the intrusion. “A major world power has turned its cyber force onto private individuals and is now pouring out private accounts and emails to affect U.S. policy,” he said in an interview with the Journal. He retired this summer.
In June, cybersecurity company CrowdStrike Inc. said Fancy Bear and Cozy Bear had penetrated the Democratic National Committee. The next day, Guccifer 2.0 published stolen records from the DNC. Three days later, the hacker disclosed DNC financial reports and donor data.
WikiLeaks published more than 19,000 DNC emails in July. Debbie Wasserman Schultz, a Florida congresswoman, resigned as chairwoman of the DNC after some of the emails showed DNC officials had worked to undermine the underdog presidential campaign of Vermont Sen. Bernie Sanders.
Democratic Party officials say they expect more leaks before Election Day.
“This is the continuity of spy games and trolling and phishing for what the Russians call kompromat—compromising information—that has gone on for decades,” says Matthew Rojansky, director of the Kennan Institute at the Woodrow Wilson International Center for Scholars.
U.S. and European officials say they believe Russia is mastering a form of “hybrid warfare” that includes military tactics, disinformation, secret operatives and cyberattacks. Last week’s comments by Mr. Clapper could represent an initial step by the Obama administration to confront Russia more directly about the government’s suspected involvement in cyberintrusions.
While Russia has a long history of meddling in elections and other operations of neighboring countries, some longtime Russia analysts have been surprised by Moscow’s apparent brazenness to target America.
But other analysts and experts said hacking is just a new way for countries around the world to try to gain an advantage.
“If it is Putin who is responsible, this is the way governments operate,” said Harlan Ullman, a member of the advisory board to the Supreme Allied Commander Europe, NATO’s military leader in the region. Some of his emails to Gen. Breedlove were leaked by DCLeaks.com in April.