18

The DNC leak refers to the publication of thousands of private emails of the Democratic National Committee by WikiLeaks.

WikiLeaks has not revealed their source and some outlets have claimed that "according to the intelligence community" the Russian government is the source.

Beyond such appeals to authority, is there any publically available evidence that the Russian government has been involved in the DNC email leak?

MuhKarma
  • 301
  • 1
  • 6
  • 7
    Out of curiosity, what kind of evidence would you accept? I'm fairly certain that the forensics of the breakin are not going to be publically available. – Shadur Sep 15 '16 at 08:42
  • 2
    @Shadur CrowdStrike [publicly released a report on the forensic evidence they used to make their attributions](https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/). – ESultanik Oct 05 '16 at 14:21
  • [Bruce Schneier on this](https://www.schneier.com/blog/archives/2017/01/attributing_the_1.html) with lots of links. –  Jan 09 '17 at 15:37
  • See my detailed answer, with lots of references, here: http://skeptics.stackexchange.com/questions/35508/could-only-russia-s-senior-most-officials-have-authorized-the-efforts-to-leak/35655#35655 – user1521620 Jan 13 '17 at 04:13

2 Answers2

14

There is some evidence of this but it is not conclusive.

The documents were attributed to a pseudonym Guccifer 2.0, who claimed to be an individual hacker from Romania (like the original Guccifer) who dislikes Russians. However, Guccifer was unable to write in Romanian during a text interview. It is claimed, reasonably, that the Guccifer persona is purposeful misdirection.

Security analysts CrowdStrike found evidence that the DNC servers had been hacked by two separate networks known to analysts as "Cozy Bear" and "Fancy Bear", which both possess extensive hacking capabilities, but appear to be unaware of each other and sometimes steal the same information twice. CrowdStrike claims that this is consistent with Russian practices, as Russia's three intelligence services allegedly operate independently and steal from each other. As noted in the comments to this answer, CrowdStrike is linked to an anti-Putin think tank funded by NATO and the State Department [additional analysis here].

The original leaked files showed a famous Soviet intelligence director as their editor as well as some automatically generated Russian text attached to the files themselves. The linked article claims that this is not purposeful misdirection but a legitimate error. The theory is that someone inside the Russian intelligence agency GRU registered his or her copy of Microsoft Office in the name of the Soviet intelligence director, and simply released the files without considering the metadata that would be attached to them. This is despite the fact that "Fancy Bear" and "Cozy Bear" are described as "superb" hackers with "operational security second to none" (see The Intercept link below).

Finally, another security firm called ThreatConnect analyzed the headers of an email from Guccifer 2.0, claiming that the apparent high-level backing and Russian geolocation prove a Russian connection. This analysis has also been questioned.

The independent media site The Intercept has concluded, as of mid-December 2016, that there is not enough evidence to prove that the emails were stolen by the Russian government.

Edward Snowden has called for the NSA to issue their own findings but the NSA has not made any comment on the hack.

Avery
  • 44,313
  • 16
  • 183
  • 179
  • 3
    You make a wrong claim. The question is about documents that Wikileaks released. The DNC documents that contain marks of Russian editing are documents that were released by other sources. Secondly the fact that at least two organisations who hacked the DNC were Russian government agencies also doesn't mean that those were the only people who hacked the DNC. – Christian Sep 15 '16 at 19:36
  • 2
    @Christian Thanks, I had absolutely no idea these were two separate groups of documents, nor did the tertiary source I based this answer on (a current events podcast). – Avery Sep 15 '16 at 20:38
  • As far as I can tell Guccifer claimed to be the only hacker? Where did Wikileaks claim their files came from? – Avery Sep 16 '16 at 12:39
  • @Avery : Guccifer is person from Romania that the Romanian transfered in March of this year to the US because of hacking charges. He claimed in May to have hacked Clinton's email server. Then there's Guccifer 2.0 who is a person who created a wordpress blog who claims to be responsible for the documents given to Wikileaks. He also released some documents on his website and gave documents to other parties besides Wikileaks. Documents on his website contained the Russian metadata (http://arstechnica.com/security/2016/06/guccifer-leak-of-dnc-trump-research-has-a-russians-fingerprints-on-it/) – Christian Sep 16 '16 at 19:32
  • Additionally the CrowdStrike found that there are at least two separate Russian groups that hacked the DNC. Julian Assange is on record for saying that DNC security was as bad, so it wouldn't be surprising if any number of other parties who are interested also hacked the DNC. Various other parties like China might have also hacked the DNC. That's why the NSA doesn't say it's certain that the emails Wikileaks released come from the Russian hack. – Christian Sep 16 '16 at 19:52
  • 3
    Additionally, [toolkits and IP addresses that were used in the DNC attack were also used in a previous attack on the German parliament](http://motherboard.vice.com/read/all-signs-point-to-russia-being-behind-the-dnc-hack). That previous attack on Germany is attributed to Russia, and as far as I can tell, that attribution is undisputed. – ESultanik Oct 05 '16 at 14:15
  • 1
    CrowdStrike ["quickly gained notoriety for providing threat intelligence and attribution to nation state actors" (Wikipedia)](https://en.wikipedia.org/wiki/CrowdStrike). Seems to be their speciality. It is run by ex-FBI folks and ["is focused on helping enterprises and governments"](https://en.wikipedia.org/wiki/Dmitri_Alperovitch) although Wikipedia doesn't give a source for the latter. There are allegations about their relationship with the government on [Reddit](https://www.reddit.com/r/politics/comments/4ooe6x/allegedly_disappears_as_russians_blamed_for_dnc/). – Keith McClary Oct 21 '16 at 00:35
  • @KeithMcClary Thanks, I have added some additional links about CrowdStrike – Avery Oct 21 '16 at 00:53
  • What in particular reveals that Guccifer does not speak Romanian? The transcript shows him to be speaking fine (I do not know the language). On what grounds did the article consider him a non-native speaker? – VF1 Jan 07 '17 at 21:26
  • @VF1 The article contains a quote from a native speaker calling his Romanian poor, correct? – Avery Jan 07 '17 at 21:27
  • 1
    Right, it contains a transcript in which the interviewer says that his native-speaking friend said Guccifer's Romanian is poor. If they referenced some obvious grammatical error, then that's believable, but the fact that it was an online conversation makes me think there's a possibility the hacker was merely being ungrammatical (as his English was, as well). – VF1 Jan 07 '17 at 21:32
  • @VF1 I can see the internal logic to your statement, but from a common sense perspective I don't understand how online conversation implies bad grammar more than an offline conversation would. – Avery Jan 07 '17 at 21:33
  • 1
    Really? It's a pretty accepted phenomenon that people don't use as-good grammar online in instant messaging environments. I can supply research here, but that's hardly controversial. – VF1 Jan 07 '17 at 21:44
  • Avery asks above, "Where did Wikileaks claim their files came from?" For an answer to this and the overall question, see my detailed answer, with lots of references, here: http://skeptics.stackexchange.com/questions/35508/could-only-russia-s-senior-most-officials-have-authorized-the-efforts-to-leak/35655#35655 – user1521620 Jan 13 '17 at 04:24
3

There are two separate entities publishing documents about DNC emails. One is a blog by someone who calls himself Guccifer 2.0, the other is Wikileaks. The name Guccifer comes from a Romanian hacker who was extradited earlier this year to the US. An individual who claimed among other thing that they hacked Clinton's emails.

The problem is that the DNC information security was bad. Former NSA and CIA director Hayden said:

So, without concrete evidence, which I don’t have, and apparently the FBI doesn’t have either, what I have felt comfortable saying about this is that I would lose a whole lot of respect for a whole bunch of intelligence agencies around the world, if they hadn’t penetrated that server and gotten access to the emails.

That means that will Russia likely has hacked the DNC, so have a whole bunch of other intelligence agencies. Any of those intelligence agencies, various private hackers and also various people inside the DNC could have given Wikileaks the data.

Two ex-NSA employees with Edward Snowden and William Binney said that the NSA has the capability to say if Russia is guilty.

At a time where the mainstream media found Russia guilty NSA chief Clapper said:

Director of National Intelligence James Clapper said today he’s “not ready” yet to say Russia was behind the DNC hack.

Does the information from Guccifer 2.0, the other is Wikileaks come from the same source? Guccifer 2.0 claims it does, Wikileaks doesn't confirm or deny but states there no public evidence that it comes from the source. Given that it's likely according to Hayden that multiple intelligence agencies have access to the information it's not impossible that the information comes from different sources.

Wikileaks itself publishes documents in a clean form. Some of the documents that Guccifer 2.0 gave to news outlets (not the files Wikileaks released) contained meta data that included Russian information. The Russian intelligence agencies are usually competent enough to not leave traces like that, so you could see this as evidence that one of the other intelligence agencies who after Hayden assessment also have access to the DNC information wanted to harm US Russian relationship.

Craig Murray who was a former ambassador of the United Kingdom said that he knows who the source of the documents that Wikileaks published happen to be and it isn't the Russians. He claimed that the documents came from leaks and not from hacks. According to him the source had legal access to the documents.

Julian Assange also said that Wikileaks didn't get the documents from a state actor.

Christian
  • 33,271
  • 15
  • 112
  • 266
  • 2
    Christian, I've removed the paragraph that referred to the other answer because it was unreferenced. I believe I have not distorted the overall meaning of your answer. If you want to put it back in please do this: add a reference that "well funded parties are spreading misinformation" and do not reference the other user at all (you can criticize the other answer without doing that: "the other answer is incorrect" <- yes "the other user is spreading misinformation" <- no) – Sklivvz Oct 06 '16 at 20:25