In a new report, CIA, FBI, and NSA say that the hacking campaign that targeted the Democratic National Committee, other political organizations, and government agencies in the months before last year’s presidential election was ordered directly by Russian President Vladimir Putin, but says the intrusions didn’t affect vote-tallying systems.
The report is a declassified version of a intelligence assessment the agencies delivered to President Obama late last week and provides more detailed information about the agencies’ reasoning for its conclusions than previous reports have. The assessment concludes that the hacking operations against the DNC and other political targets were part of a multi-pronged campaign designed to influence the presidential election in favor of Donald Trump.
“Russia’s intelligence services conducted cyber operations against targets associated with the 2016 US presidential election, including targets associated with both major US political parties. We assess Russian intelligence services collected against the US primary campaigns, think tanks, and lobbying groups they viewed as likely to shape future US policies. In July 2015, Russian intelligence gained access to Democratic National Committee (DNC) networks and maintained that access until at least June 2016,” the report says.
In late December, the FBI and Department of Homeland Security released a separate technical assessment of the DNC and other attacks related to the election, and concluded that Russian intelligence services were responsible for those intrusions. That report relied on technical indicators and the use of malware tools and techniques known to be associated with Russian APT groups. In the new assessment, the intelligence community stays away from technical evidence and instead points to the political and economic motivations behind the attacks.
The assessment also indicates that the Russian government likely was behind the dissemination of the stolen DNC emails and other data through accounts ties to a supposed Romanian hacker called Guccifer 2.0.
“We assess with high confidence that the GRU used the Guccifer 2.0 persona, DCLeaks.com, and WikiLeaks to release US victim data obtained in cyber operations publicly and in exclusives to media outlets,” the report says.
“Guccifer 2.0, who claimed to be an independent Romanian hacker, made multiple contradictory statements and false claims about his likely Russian identity throughout the election. Press reporting suggests more than one person claiming to be Guccifer 2.0 interacted with journalists.”
In a Senate hearing last week, Director of National Intelligence James Clapper said the attacks on the DNC and other targets were part of a larger effort.
“This was a multifaceted campaign. The hacking was only one part of it. It included classical propaganda, fake news, disinformation,” said Clapper.
Image: Larry Koester, CC By license.