How Russia Pulled Off the Biggest Election Hack in U.S. History

Esquire

How Russia Pulled Off the Biggest Election Hack in U.S. History

...

The Russian campaign burst into public view only this past June, when The Washington Post reported that "Russian government hackers" had penetrated the servers of the Democratic National Committee. The hackers, hiding behind ominous aliases like Guccifer 2.0 and DC Leaks, claimed their first victim in July, in the person of Debbie Wasserman Schultz, the DNC chair, whose private emails were published by WikiLeaks in the days leading up to the Democratic convention. By August, the hackers had learned to use the language of Americans frustrated with Washington to create doubt about the integrity of the electoral system: "As you see the U. S. presidential elections are becoming a farce," they wrote from Russia.

...

CrowdStrike was soon able to reconstruct the hacks and identify the hackers. One of the groups, known to the firm as Cozy Bear, had been rummaging around the DNC since the previous summer. The other, known as Fancy Bear, had broken in not long before Putin's appearance at the St. Petersburg forum. Surprisingly, given that security researchers had long suspected that both groups were directed by the Russian government, each of the attackers seemed unaware of what the other was doing.

...

On June 14, less than an hour after The Washington Post reported the breach at the DNC, CrowdStrike posted a report that detailed the methods used by the intruders. The firm also did something unusual: It named the Russian spy agencies it believed responsible for the hack. Fancy Bear, the firm said, worked in a way that suggested affiliation with the GRU. Cozy Bear was linked to the FSB.

The day after the Post story broke, a website appeared that claimed to belong to a hacker who identified himself as Guccifer 2.0. (Guccifer was the nickname of a Romanian hacker who, among other things, broke into the email account of George W. Bush's sister.) The operators, posing as Guccifer 2.0, dismissed CrowdStrike's attribution, insisting instead that the DNC had been "hacked by a lone hacker." As proof, Guccifer published eleven documents from the DNC, including an opposition-research file on Donald Trump and a list of major Democratic donors. In the weeks that followed, Guccifer offered interviews and batches of documents to several journalists, but he wrote that "the main part of the papers, thousands of files and mails, I gave to WikiLeaks."

...

Matt Tait, a former GCHQ operator who tweets from the handle @pwnallthethings, was particularly prolific. Hours after the first Guccifer 2.0 dump, on the evening of June 15, Tait found something curious. One of the first leaked files had been modified on a computer using Russian-language settings by a user named "Feliks Dzerzhinsky." Dzerzhinsky was the founder of the Cheka, the Soviet secret police—a figure whose mythic renown was signaled by a fifteen-ton bronze statue that once stood in front of KGB headquarters. Tait tweeted an image of the document's metadata settings, which, he suggested, revealed a failure of operational security.

A second mistake had to do with the computer that had been used to control the hacking operation. Researchers found that the malicious software, or malware, used to break into the DNC was controlled by a machine that had been involved in a 2015 hack of the German parliament. German intelligence later traced the Bundestag breach to the Russian GRU, aka Fancy Bear.

Much more
http://www.esquire.com/news-politics/a49791/russian-dnc-emails-hacked/ .