WASHINGTON – The FBI investigation into the suspected state-sponsored Russian theft of emails and documents from the Democratic National Committee’s computer networks has expanded to determine if aides and organizations considered close to Hillary Clinton were also attacked, according to federal officials involved in the investigation.
But so far, a sampling of senior Clinton aides at the Democratic National Convention in Philadelphia found none who said they had been notified by the FBI or private investigators that their private emails had been compromised. At this point, law enforcement officials say, there is evidence only of attempts to gain access to those associates through “spear-phishing” attacks, often crude efforts to get someone to click on an email that releases malware into the computer.
The committee has said that Russia hacked into its computers and has been supported in its assertion by several private cybersecurity firms, including Crowdstrike, the company that investigated the committee’s breach.
Two years ago, several Clinton aides who had worked at the State Department were notified that their accounts there had been broken into by one of the same Russian intelligence agencies, the Federal Security Service, or FSB, suspected of getting into the committee’s system. That hacking, which went largely undetected while Clinton was secretary of state in President Barack Obama’s first term, gave the Russian intelligence services what one diplomat termed a road map of Clinton’s associates and frequent email partners.
Clinton’s private server while she was secretary of state, in Chappaqua, New York, would have been another obvious target. But last month FBI Director James Comey said there was no “direct evidence” that Russia or any other power had “successfully hacked” into Clinton’s server. Still, he said, there was evidence that intruders had tried, and when Comey said any successful intruders were probably far too skilled to leave evidence of their intrusion behind, law enforcement officials said, he had the Russians in mind.
Tracked for decades
For years U.S. intelligence agencies and the FBI have tracked the operations of two of the most sophisticated state-run hacking groups in the world, the GRU, Russia’s military intelligence agency, and the FSB, the state security service and successor of the KGB of the Soviet era.
The activities of the two groups in the United States and around the world have been tracked for so many decades that their successes and misadventures are the subject of movies and lore in both the United States and Russia. But since they turned to hacking techniques and sometimes cyber-weaponry, the Obama administration has rarely protested in public about the group’s boldest information-warfare attacks, in part to avoid retaliation.
The administration decided not to publicly identify the Russians as the power behind State Department, White House and Joint Chiefs of Staff intrusions. James Clapper Jr., the director of national intelligence, told Congress that the United States would not name or shame any country engaged in ordinary espionage – of the kind the United States also does – but should focus instead on setting norms against the theft of intellectual property and destructive attacks. For that reason, Obama has focused on agreements with China to protect corporate secrets.
Now some administration officials think they may have misunderstood Russia’s intentions. After the public release of the emails and documents that brought down the chairwoman of the Democratic Party, Debbie Wasserman Schultz, and the threat by WikiLeaks to release more documents from this and other hacks, administration officials say they are in a strange new world in which Russia may be using the products of espionage to influence an American election.
Some outsiders agree. “There is nothing new in one nation’s intelligence services using stealthy techniques to influence an election in another,” Jack Goldsmith, a professor at Harvard Law School, wrote on the Lawfare blog on Monday. He noted that the United States had engaged in covert actions to influence elections in Indonesia, Italy, Chile and Poland during the Cold War.
But he added that “doing so by hacking into a political party’s computers and releasing their emails does seem somewhat new.”
Federal officials say their investigation has been underway since the spring, when the committee notified the FBI of the intrusion. The committee’s suspicions were triggered by what appeared to be a relatively clumsy attack by the GRU. In the course of investigating that attack, the FBI discovered an earlier, more sophisticated attack on the committee by the FSB, which is often in competition with the GRU.
Julian Assange, who founded WikiLeaks, argued to Richard Engel of NBC in an interview broadcast Monday that “there is no proof of that whatsoever” that Russia was behind the original hacking. “We have not disclosed our source, and of course, this is a diversion that’s being pushed by the Hillary Clinton campaign.”
Many cybersecurity firms that have examined the evidence released by Crowdstrike say Russia appears to be the source. Thomas Rid, a cyberexpert and author of “Rise of the Machines,” noted in an article published on Vice’s website that the intruders made several mistakes: “One leaked document included hyperlink error messages in Cyrillic,” because the documents had been edited with Russian language settings, and other “metadata” was consistent with “identical fingerprints” found in attacks on the German Parliament. The Germans named one of Russia’s intelligence agencies as the attacker in that case.