On June 14, the Democratic National Committee reported that it was the victim of a data breach, allegedly by attackers from Russia. On June 15, a hacker identified only as “Guccifer” emerged, claiming responsibility for the breach, denying any connection to Russia and refuting security firm CrowdStrike’s research on the attack.
For CrowdStrike’s part, co-founder Dmitri Alperovitch told eWEEK in a brief email exchange that everything is not as it seems.
When the DNC discovered that it had been the victim of a data breach, it called in CrowdStrike to investigate. CrowdStrike determined that the DNC had been hacked by two different Russia-based groups that it identified as FuzzyBear and CozyBear.
“Worldwide known cyber security company CrowdStrike announced that the Democratic National Committee (DNC) servers had been hacked by ‘sophisticated’ hacker groups,” Guccifer wrote in a public disclosure. “I’m very pleased the company appreciated my skills so highly))) But in fact, it was easy, very easy.”
Guccifer claims to have been the first to hack the DNC, but won’t necessarily be the last. In an attempt to validate the DNC hack claims, Guccifer published multiple reports that allegedly were stolen from the DNC servers, including one on Donald Trump dated Dec. 19, 2015, a list of DNC donors and Hillary Clinton emails.
“The main part of the papers, thousands of files and mails, I gave to Wikileaks,” Guccifer wrote. “They will publish them soon.”
For his part, presumptive Republican presidential candidate Donald Trump has his own unique views on the DNC hack.
“We believe it was the DNC that did the ‘hacking’ as a way to distract from the many issues facing their deeply flawed candidate and failed party leader,” Trump said in a statement.
Despite the claims made by Guccifer, CrowdStrike is standing by its research and attribution. In a statement CrowdStrike sent to eWEEK, the company noted that the Guccifer blog post presents documents alleged to have originated from the DNC.
“Whether or not this posting is part of a Russian Intelligence disinformation campaign, we are exploring the documents’ authenticity and origin,” CrowdStrike stated. “Regardless, these claims do nothing to lessen our findings relating to the Russian government’s involvement, portions of which we have documented for the public and the greater security community.”
Tomer Weingarten, CEO of security firm SentinelOne, said his firm’s research team has not been actively investigating any specific group or individual in the case of the DNC hack but, when the code from the hack was released, SentinelOne immediately traced it back to some publicly available techniques that are typically used to evade antivirus software.
“Nothing about the technique seemed all that sophisticated—in fact, we thought it was slightly atypical for a government-grade attack to use publicly known techniques,” Weingarten told eWEEK.
In almost every hack, accurate attribution is difficult because there rarely is a smoking gun, according to Weingarten. What’s more important than attribution, he said, is the need to understand and investigate the breadth and depth of a hack.
“Attribution is hard—not always accurate, but in some cases doable,” Weingarten said. “And who knows—maybe there were multiple hackers inside the DNC network.”
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.