Many U.S. officials and cyber security experts in and out of government are convinced that state-sponsored Russian hackers are the ones who stole 20,000 emails from the Democratic National Committee and leaked them to the public just in time to disrupt the Democrats’ national convention in Philadelphia.
Here’s why the experts are so confident the Russians did it:
- GEOGRAPHY: At least one of the hacker groups attacking the DNC appeared to cease operations on Russian holidays, and its work hours aligned with a Russian time zone, cybersecurity company FireEye concluded in a report.
- LANGUAGE: The hackers also left an obvious digital fingerprint, one cybersecurity expert said, perhaps on purpose: a signature in Russia’s Cyrillic alphabet.
- FORENSIC EVIDENCE: After a different batch of hacked Democratic emails was released last month, a wide spectrum of cyber-security experts concluded that it was the work of Russian intelligence agencies through previously known proxy groups known as COZY BEAR or APT 29, and FANCY BEAR or APT 28. “We’ve had lots of experience with both of these actors … and know them well,” according to the DNC’s own contract cybersecurity firm, Crowdstrike, which blogged that one of the two groups had already gained illegal access to the White House, State Department and even the military’s Joint Chiefs of Staff.
- MOTIVE: Given their mutual and very public bromance, Putin would much prefer a Trump presidency to a Clinton one, and the timing suggests the leak was timed for maximum embarrassment to the Democrats and their presumptive nominee. Clinton campaign manager Robby Mook said the campaign was told by cyber experts that Russian hackers stole and released the emails to help Trump. "I don't think it's coincidental that these emails were released on the eve of our convention here,” said Mook, “and I think that's disturbing.”
- HISTORY: U.S. intelligence officials, including Director of National Intelligence James Clapper, said they had previously seen evidence of foreign hackers spying on U.S. presidential candidates, including some state-sponsored ones, and that such cyber-intrusions would become even more commonplace.
The main reason, however, is that the email hack is exactly the kind of thing Russian hackers can do, are supposed to do, and are used for by Putin and his aides, retired four-star Adm. James Stavridis told NBC News.
“It is certainly well known that the Kremlin uses Russian hackers for a variety of missions,” said Stavridis, who led NATO from 2009 to 2013. “It is certainly well known that Russia possesses those kinds of capabilities. And it certainly seems sensible to assume that the Russians would rather have a Trump than a Clinton presidency.”
“And as the saying goes, crime is so often where motive meets opportunity. And when you put those two elements together, I’d say it’s a real possibility.”
Like other cyber-experts, however, Stavridis said definitively proving such connections is virtually impossible. “I don’t know the answer to that and I’m not sure anyone knows the answer to that except for a few individuals in the Kremlin.”
(Stavridis, who now heads Tufts’ University’s Fletcher School of International Affairs, was mentioned as a possible Clinton running mate, but says he is a registered Independent.)
On Monday, Crowdstrike co-founder and CTO Dmitri Alperovitch declined to comment on the latest release of hacked emails and whether it confirmed his earlier assessment that the Russians were responsible.
“At this time, I don't have any new insights or commentary to share beyond the facts that I presented [earlier],” he told NBC News.
Trump campaign chairman Paul Manafort dismissed allegations of Russian complicity in the leak of DNC emails Monday, as the FBI announced that it is investigating what it called “a cyber intrusion involving the DNC and are working to determine the nature and scope of the matter.”
"A compromise of this nature is something we take very seriously,” said the FBI in a statement, “and the FBI will continue to investigate and hold accountable those who pose a threat in cyberspace.”