July 27, 2016

The Democratic National Committee found itself embroiled in a cyberscandal after emails from party officials were posted to Wikileaks in the days leading up to the national convention.

The posting threatened to undercut Hillary Clinton's presidential nomination after the emails revealed some evidence that members of the DNC may have tried to actively work against her rival Bernie Sanders. The disclosure also prompted the resignation of Debbie Wasserman Schultz as party chairwoman. 

It's not clear how it happened, but there have been allegations that Russia was behind the hack. Russia's foreign minister, however, has denied involvment. To try and cut through the speculation, we talked to cybersecurity researcher Jamie Winterton, director of strategy for Arizona State University's Global Security Initiative. 

Jamie Winterton

Question: Was the DNC hack really the Russians?

Answer: Do I think it was Russia? Yes — but only after being skeptical and digging into the details. One thing is certain: attribution is incredibly difficult in this space. While the “Russian fingerprints” on the data are pretty convincing, it’s exceptionally hard to say for sure. Once we on the tech side have settled on a “most probable” explanation, based on the data we have available, then the political scientists and ethicists and diplomats come in with questions that I don’t have the answers to: What happens when we implicate a nation-state in a cyberattack? Is this a cyberattack? Does it constitute an act of cyberwar? Those terms are so ill-defined. The playbook hasn’t been written for these incidents yet. 

Q: What makes this particular hack so interesting?

A: Quite frankly, the depth of this operation is pretty impressive. It wasn’t a single email server that was breached, but a comprehensive attack that broke into the personal email accounts of individuals in the DNC. It was well coordinated. It also shows that people are hacking for politically motivated reasons. Lots of hackers used to hack just for credit card information and Social Security numbers for identity theft, or hitting large corporations or hospitals with “ransomware” — these hacks are financially beneficial. That’s still how most people perceive hacking. But here, we see an attack that has a political aim, and goes way beyond an Anonymous-style website defacement. This hack is about reputation. The “why” is still a little fuzzy, even though there are numerous suggestions and speculations out there. 

Q: Why Wikileaks? And what’s the deal with this “Guccifer 2.0” person?

A: Wikileaks is known to be hostile to the U.S. government, and they have extraordinarily little discretion about what they post. Tons of politically irrelevant yet sensitive information was in the DNC email dump — home addresses and Social Security numbers — which is par for the course if we use the recently dumped “Erdogan email” and the Snowden leaks as examples. They had total disregard for many of the individuals who had nothing to do with the politics. 

The Guccifer aspect of this is also fascinating. “Guccifer” is the handle of a Romanian hacktivist that has pulled off several high-level intrusions in the U.S. and Romania. The actual Guccifer is also in jail in Alexandria, Virginia. “Guccifer 2.0” claimed to also be a Russian-hating Romanian who picked up the DNC project from the original Guccifer, but in an online interview with VICE, he or she didn’t seem to be fluent in Romanian. The documents that Guccifer 2.0 created had metadata (hidden data about the document’s whereabouts) in Russian, as well as Russian error messages in some of the documents that had been converted to PDF. So while we don’t have the identity of Guccifer 2.0, we know that his or her backstory doesn’t stand up very well. As far as this person (or group’s) connection to Russian state-sponsored hacking, the evidence is certainly building. 

Q: What could have stopped it from happening?

A: Encrypt everything! I’m here to preach the gospel of encryption. While of course I’m not standing up for unethical, immoral or illegal activities being hidden by encryption, the DNC could have avoided it by encrypting their files and communications. It’s also a good idea to pay attention to your Yahoo! or Gmail notifications that say, “Hey, this looks like state-sponsored hacking.” In that event, just changing your password is not going to save you. 

Logan Clark

Media Relations Officer , Department of Media Relations and Strategic Communications