Hacker claims credit for breach of Democrat computers, posts files online

Security company CrowdStrike still thinks top Russian government hacking groups were involved

A hacker claiming responsibility for the recent data breach of the Democractic National Committee in the US apparently has posted the stolen files online.

The hacker, who goes by the name Guccifer 2.0, leaked the files on Wednesday following a breach of DNC computers that has been blamed on Russian hackers.

The posted files include a 231-page dossier containing opposition research on presumptive Republican presidential nominee Donald Trump. They also include documents concerning expected Democratic nominee Hillary Clinton’s election strategy, items on U.S. foreign policy, and donor lists.

“Here are just a few docs from many thousands I extracted when hacking into DNC’s network,” the hacker wrote.

Guccifer 2.0 said the rest of the files have been sent to Wikileaks for posting.

The DNC could not immediately be reached for comment. Details of the breach were announced on Tuesday, but the attacks started as far back as last summer.

Two separate hacking groups with links to the Russian government were involved and are considered among the world's best, according to CrowdStrike, the security firm that the DNC hired to stop the attack. One of the groups, called Cozy Bear, is believed to have hacked networks used by the White House and the U.S. State Department last year.

However, the posting by Guccifer 2.0 implied the attack was carried out by one person. On Wednesday, the hacker mocked CrowdStrike.

“I’m very pleased the company appreciated my skills so highly,” he wrote. “But in fact, it was easy, very easy.”

The name Guccifer refers to a Romanian hacker named Marcel Lehel Lazar who breached Clinton’s personal email server in 2013. He has been extradited to the U.S., where he awaits sentencing after pleading guilty to identity theft and unauthorized access to protected computers.

This new hacker, Guccifer 2.0, is warning that more breaches could come.

“Guccifer may have been the first one who penetrated Hillary Clinton’s and other Democrats' mail servers. But he certainly wasn’t the last,” the hacker said.

CrowdStrike still stands by its findings that Russian government hackers were involved. The company is working to verify the documents' authenticity and origin and said the Guccifer 2.0 postings could be part of a disinformation campaign.

Join the CSO newsletter!

Error: Please check your email address.

More about CrowdStrike

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Michael Kan

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place