FBI probes DNC hack as suspicions of Russian involvement widen

Russia's involvement would be a 'watershed moment' in cyberespionage, a security expert said

The FBI has launched an investigation into the hacking of the Democratic National Committee’s computers, even as more evidence surfaced of possible Russian involvement in the attack.

The data breach was first disclosed last month, when hackers published confidential DNC files, including opposition research on Republican presidential candidate Donald Trump.

Then on Friday, Wikileaks published over 19,000 emails that were stolen from the DNC, some of which now threaten to damage the campaign of Democratic presidential candidate Hillary Clinton.

The FBI confirmed on Monday that it was investigating the attack and said the perpetrators would be "held accountable." "A compromise of this nature is something we take very seriously," the agency said in a statement.

The FBI declined to elaborate, but the outcome of its probe could have huge implications. If Russia is found responsible, it would mean a foreign state had tried to influence the outcome of a U.S. presidential election, said Justin Harvey, chief security officer at Fidelis Cybersecurity.

“If a nation-state has crossed this line, and the FBI can show it was Russia, then it will be a watershed moment in cyber security,” he said.

Some security investigators had already blamed Russia for the attacks, and that charge has now been echoed by the DNC and by Clinton's campaign manager.

“I don’t think it was coincidental that these emails were released on the eve of our convention here,” campaign manager Robby Mook said in an interview with CNN on Sunday, referring to the start of the Democratic National Convention in Philadelphia.

Trump has espoused foreign policy views that could be favorable to Russia, giving it an incentive to undermine Clinton's candidacy, the thinking goes.

“You have Trump out there saying he may leave NATO,” Harvey noted. “Russia has tried for over half a century to dissolve NATO.”

Security firm Crowdstrike, which was hired by the DNC to investigate the hack, has blamed the intrusion on two hacking teams with ties to the Russian government. Other firms including Fidelis have agreed with that claim.

The cache of emails released by WikiLeaks on Friday adds to the belief that there was state-sponsored involvement.

yahoo alert state actor hacking WikiLeaks

A security alert from Yahoo to a DNC consultant

In early May, the emails show, Yahoo alerted a DNC consultant that her email account was likely being targeted by “state-sponsored actors.” The consultant had been in contact with journalists in the Ukraine about Trump’s campaign manager, Paul Manafort, apparently trying to establish an alleged link between Manafort and Russia.

There’s still no “smoking gun” to prove Russia’s involvement, Harvey said. Fidelis reached its conclusion based on the malware that was used. The malicious code, including a reused IP address, was found in other attacks believed to have been carried out by the Russian hacking groups.

Not everyone agrees with those findings. A lone hacker known as Guccifer 2.0 has tried to take credit for the breach and denies having any ties to Russia. To prove his claims, he leaked some stolen DNC documents last month and said additional files were sent to WikiLeaks for publication.

But security experts are skeptical. Some believe Guccifer is part of a Russian-led misinformation campaign to divert blame from the country.

Even if it turns out that state-sponsored hackers were not responsible in this case, they'll have learned from the DNC breach, said Yonatan Striem-Amit, CTO at security firm Cybereason.

“Nation-state actors are looking at this right now and realizing that they have a very important tool for political influence,” he said.

Russian officials have flatly denied any involvement with the DNC breach. 

Join the CSO newsletter!

Error: Please check your email address.

More about CNNCybereasonFBINATOYahoo

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Michael Kan

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place