Spy Agency Consensus Grows That Russia Hacked D.N.C.
By
DAVID E. SANGER and
ERIC SCHMITTJULY 26, 2016
Photo
Secretary of State John Kerry, left, and the Russian foreign minister, Sergey V. Lavrov, on Tuesday in Vientiane, Laos. CreditJorge Silva/Reuters
WASHINGTON — American intelligence agencies have told the White House they now have “high confidence” that the Russian government was behind the theft of emails and documents from the Democratic National Committee, according to federal officials who have been briefed on the evidence.
But intelligence agencies have cautioned that they are uncertain whether the electronic break-in at the committee’s computer systems was intended as fairly routine cyberespionage — of the kind the United States also conducts around the world — or as part of an effort to manipulate the 2016 presidential election.
The emails were released by
WikiLeaks, whose founder, Julian Assange, has made it clear that he hoped to harm Hillary Clinton’s chances of winning the presidency. It is unclear how the documents made their way to the group. But a large sampling was published before the WikiLeaks release by several news organizations and someone who called himself “Guccifer 2.0,” who investigators now believe was an agent of the G.R.U., Russia’s military intelligence service.
The assessment by the intelligence community of Russian involvement in the D.N.C. hack, which largely
echoes the findings of private cybersecurity firms that have examined the electronic fingerprints left by the intruders, leaves President Obama and his national security aides with a difficult diplomatic and political decision: Whether to publicly accuse the government of President Vladimir V. Putin of engineering the hack.
Such a public accusation could result in a further deterioration of the already icy relationship between Washington and Moscow, at a moment when the administration is trying to reach an accord with Mr. Putin on a cease-fire in Syria and on other issues. It could also doom any effort to reach some kind of agreement about acceptable behavior in cyberspace, of the kind the United States has been discussing with China.
Stealing information about another country’s political infighting is hardly new, and the United States has conducted covert collection from allies like Germany and adversaries like Russia for decades. Publishing the documents — what some have called “weaponizing” them — is a different issue. Mrs. Clinton’s campaign has suggested that Mr. Putin was trying to even the score after the former secretary of state denounced a 2011 Russian election as filled with fraud.
“The first thing that the secretary of state did was say that they were not honest and not fair, but she had not even yet received the material from the observers,” Mr. Putin said at the time. “She set the tone for some actors in our country and gave them a signal,” Mr. Putin continued. “They heard the signal and, with the support of the U.S. State Department, began active work.”
Continue reading the main story
Democrats Allege D.N.C. Hack Is Part of Russian Effort to Elect Donald TrumpJULY 25, 2016
Campaign officials have also suggested that Mr. Putin could be trying to tilt the election to Donald J. Trump. But they acknowledge that they have no evidence.
Asked on Tuesday at the Democratic convention in Philadelphia whether “there’s more to the Trump/Russian relationship that hasn’t come out,” John Podesta, the Clinton campaign chairman, said, “Well he certainly has a bromance with Mr. Putin, so I don’t know.” Mr. Podesta said that while Russia has a “history” of interfering in democratic elections in Europe, it would be “unprecedented in the United States.”
The Republican platform, adopted last week in Cleveland,
calls on the United States to “respond in kind and in greater magnitude” to cyberattacks, saying that “Russia and China see cyber operations as part of a warfare strategy during peacetime. Our response should be to cause diplomatic, financial and legal pain.”
But the Trump campaign has dismissed the accusations about Russia as a deliberate distraction, meant to draw attention away from the content of nearly 20,000 emails and documents from the Democratic committee that were released by WikiLeaks starting on Friday. They showed efforts to
impugn Senator Bernie Sanders of Vermont in his effort to challenge Mrs. Clinton for the nomination.
Secretary of State John Kerry raised the attack on the D.N.C. with his Russian counterpart, Sergey V. Lavrov, on Tuesday at a meeting of foreign ministers in Vientiane, Laos. Mr. Lavrov dismissed the idea that Russia was involved, telling reporters who asked about the charges: “I don’t want to use four-letter words.”
Mr. Kerry made no accusations, saying that he had to allow the F.B.I. to “do its work” before he drew “any conclusions in terms of what happened or who’s behind it.”
The federal investigation, involving the F.B.I. and the intelligence agencies, has been going on since the Democratic National Committee first called in a private cybersecurity firm, Crowdstrike, in April.
Preliminary conclusions were discussed on Thursday at a weekly cyberintelligence meeting for senior officials. The Crowdstrike report, supported by several other firms that have examined the same bits of code and telltale “metadata” left on documents that were released before WikiLeaks’ publication of the larger trove, concludes that the Federal Security Service, known as the F.S.B., entered the committee’s networks last summer.
The G.R.U., a competing, military intelligence unit, was a later arrival. Investigators believe it is the G.R.U. that has played a bigger role in releasing the emails.
In an essay published on Lawfare, a blog that often deals with cyberissues, Susan Hennessey, previously a lawyer for the National Security Agency, called the published evidence about Russian involvement “about as close to a smoking gun as can be expected when a sophisticated nation-state is involved.” Mr. Assange’s threat to release documents, she wrote, “means, put simply, that actors outside the U.S. are using criminal means to influence the outcome of a US election. That’s a problem.”
But American intelligence agencies have their doubts that the Russian intention, at least initially, was to sway the American election. The intrusion began just shortly after Mr. Trump announced his candidacy for the Republican nomination. At the time, his chances looked minuscule. One senior official noted that while the cyberattack might have been intended to embarrass Mrs. Clinton, who was the presumptive nominee, it could not have been aimed at bolstering Mr. Trump.
It is far from clear that Mr. Obama or the F.B.I. director, James Comey, would ever name Russia as the origin of the hack. Mr. Obama has only once accused a country of attacking an American organization, when he said that North Korea was the source of the 2014 attack against Sony Pictures Entertainment. But the United States has no relationship with North Korea, and there was little to lose from identifying it.
In the case of Russia and China — countries with which the United States has complex relationships — Mr. Obama has in the past made the opposite decision. He never named the Russian intelligence agencies as the perpetrators of hacks on the State Department and White House unclassified email systems, or on the Joint Chiefs of Staff.
While the administration has called out the People’s Liberation Army of China for stealing intellectual property, it never publicly accused the Chinese intelligence services of stealing the security-clearance files on more than 21 million Americans who held or applied for clearances.
By happenstance, the intelligence report on the D.N.C. hack was circulating here on the day that Mr. Obama issued a new policy, long in development, to organize the government’s response to major cyberattacks and to set up a six-point “grading system” to assess the severity of strikes against American companies, government agencies and organizations.
The action against the Democratic committee, they said, would qualify as a “significant cyber incident,” which was defined as one that causes “demonstrable harm to the national security interests, foreign relations or economy of the United States, or to the public confidence, civil liberties or public health and safety of the American people.”
Ranking the D.N.C. hack in the pantheon of other penetrated networks is difficult. The top ranking under Mr. Obama’s system would be reserved for an attack that disabled American power grids, for example, akin to the suspected Russian attack
on Ukraine’s electrical system in December. The attack on the Office of Personnel Management and Sony, which destroyed 70 percent of the studio’s computers, would also rank above the “category 3” level, which defines a “significant” attack.
But the ranking system does not mandate what kind of response the president would authorize. And it was designed before many in Washington imagined the use of cyberattacks to release information in the midst of a dizzying, and volatile, presidential campaign.
David E. Sanger reported from Washington, and Eric Schmitt from Colorado Springs. Amy Chozick contributed reporting from Philadelphia.