On 14 June, the US Democratic National Committee (DNC) acknowledged that hackers had access to thousands of internal emails, chat messages and many research documents.
These documents started to leak in large numbers on 25 July on the whistleblower site Wikileaks with the release of almost 20,000 email exchanges between Party officials.
The steps these officials took, including the Chairperson of the Party, Debbie Wasserman Schultz, to undermine Bernie Sanders, the losing candidate in the Democratic primary, are described in detail in these exchanges. Ms. Schultz, who by her position should have remained neutral, resigned under pressure on 27 July.
Only three days from the start of the Democratic Convention which must inaugurate Hillary Clinton as a presidential candidate, these revelations have been made just in time to weaken the Democratic campaign.
The Russian lead
Cyber security company CrowdStrike was involved in securing the Democratic Party servers when suspicious activity was detected in early June. It suspects two groups of Russian hackers of orchestrating the attack: Cozy Bear or APT29 and Fancy Bear or APT 28.
The first, Cozy Bear, was allegedly introduced in the servers of the Democratic Party in June 2015 and gradually intercepted all internal communications of the Party for a year. Fancy Bear allegedly penetrated the servers in April 2016 with the same objectives. Both groups forced the same passwords a few days apart, suggesting that neither group was aware of the other.
There is a troubling body of evidence that supports the conclusions of the CrowdStrike company. First, hackers seem to have neglected the abundance of financial information on donors and the Party workers to focus on political strategy documents. This choice falls more under State espionage than criminal hacking.
Metadata left by the attackers show that at least once during their break-in they used Cyrillic keyboards. Moreover, the well-documented research file on Republican candidate Donald Trump leaked shortly after the attack was formalized includes broken web links where an error message is displayed in Russian.
Another leaked document reveals the pseudonym of the last person who modified the document: Феликс Эдмундович or Felix Dzerzhinsky in Latin script. This name, which is also that of the founder of the Soviet secret police, is another sign confirming the Russian lead.
Two US companies specialized in cyber security, Fidelis Cybersecurity and Mandiant, have since confirmed the findings of CrowdStrike: the attack was conducted by two independent groups of Russian hackers and supported independently of each other by the Russian security apparatus.
The lead of the Romanian hacker who is a critic of Hillary Clinton
On 15 June in the wake of revelations about the penetration of the Democratic Party servers, the hacker Guccifer 2.0 claimed the attack on his blog by publishing documents apparently belonging to the Democratic Party. The hacker is said to be of Romanian nationality and opposed to the policies of Hillary Clinton and denies any links with Russia. His name, Guccifer 2.0, takes that of Guccifer, a Romanian hacker about to be tried in the United States in particular for having penetrated the computer of one of Hillary Clinton’s advisers in 2013.
In a conversation with Vice’s Motherboard site, the hacker wrote in broken Romanian which puzzled the experts. The use of the Russian emoticon “)))” in his blog posts instead of the Romanian emoticon “:)” has reignited the debate about his identity.
Even if the body of evidence indicating the involvement of the Russian government is very troubling, its guilt cannot yet be ascertained.
American democracy faced with the “weaponisation” of data leaks
Many countries, including France and the United States, regularly practice computer intrusions to collect information that interests them. In this sense the penetration of the Democratic Party networks is not surprising. However, the event is unique because the stolen information was then used as a weapon, weaponized to influence the US presidential election.
The Democratic Party seems to be a favourite target of this election campaign. Indeed, this is not the first time that it has suffered from a large attack. Thus, cyber security company SecureWorks discovered that between March and May 2016, another group of Russian hackers called TG-4127 sent malicious emails to 108 accounts of employees of the Hillary Clinton campaign and the nine employees of the Democratic Party.
This suggests that some Russian hackers had not expected the call from Republican candidate Donald Trump on 27 July to attack Hillary Clinton’s account. These repeated cyber attacks have placed international relations issues and cyber security at the core of the US presidential campaign.