The Russian government’s cyber-espionage campaign against the American political system began more than a year ago and has been far more extensive than publicly disclosed, targeting hundreds of key people –- Republicans and Democrats alike -- whose work is considered strategically important to the Putin regime, official sources told NBC News.
The targets over the past two years have included a Who's Who of Hillary Clinton associates from her State Department tenure, the Clinton Foundation and her presidential campaign, as well as top Republicans and staffers for Republican candidates for president.
Starting in earnest in 2015, Russian hackers used sophisticated “spearphishing” techniques to steal emails and other data from Capitol Hill staffers, operatives of political campaigns and party organizations, and other people involved in the election and foreign policy. That’s according to NBC News interviews with more than two dozen current and former U.S. officials, private sector cybersecurity experts and others familiar with the FBI-led investigation into the hacks.
“For the past two years, there has been a massive increase in hacking by the Russians,” said Dmitri Alperovitch, a cybersecurity expert whose CrowdStrike firm was retained to investigate the hack of the Democratic National Committee.
“Not all of it is politics. It is across the board,” added Alperovitch, who is involved in the investigation. “But it got more intense this year with the election.”
The Obama administration finally blamed Russia publicly for the hacks on Friday, prompting another round of denials by Russia. But behind the scenes, the FBI and Department of Homeland Security have provided numerous classified briefings in recent months to Capitol Hill staffs about the hacks. The briefings described targeting of both parties, primarily by accessing the private email accounts of operatives, one senior Capitol Hill staffer who attended the briefings told NBC News on Thursday.
The staffer said that many victims were notified by investigators that they had been hacked, and told to conduct damage assessments, but said the victims were not put under obligation to make the hacks public.
Orders From the Kremlin
U.S. authorities believe the hacking campaign originated with direct orders from the Kremlin and is an attempt to influence the presidential election and advance the broader strategic objectives of the Putin regime.
The hack has especially targeted individuals around Democratic nominee Clinton, according to sources with knowledge of the investigation. Friday's release of campaign chair John Podesta's hacked emails and apparent excerpts of Clinton's Goldman Sachs speeches was the latest in the series of email dumps, including the release of data stolen from DNC and Democratic Congressional Campaign Committee staffers. Democrats are bracing for the potential release of still more emails hacked from Democratic sources. Sources said emails from individuals associated with the Clinton Foundation were hacked, and may be part of upcoming data dumps from WikiLeaks or DCLeaks.com.
But the hackers –- some of whom are believed to be Russian government employees working regular hours just like other bureaucrats –- have also quietly targeted a broad array of Republicans too as part of the same cyberespionage campaign, say sources.
One cybersecurity expert involved in the investigations said “hundreds of people” have been targeted. “High-profile former officials, political figures, current officials.”
“I can’t tell you who the Russians are going to leak information about next,” he told NBC News. “The only thing I can tell you is that there are going to be more leaks.”
Some Republicans contacted by NBC News were aware of attempted hacks, but none reported recent breaches. In June, DCLeaks.com, believed by U.S intelligence to be linked to the Russian government, released hacked emails dating from 2015 of some Republican targets, including staffers for the campaigns of John McCain and Lindsey Graham -- both Putin critics -- and staffers from state parties.
Russia has long used hacking and other high-tech tools to gather intelligence, just like the United States, China and other nations eager to gain strategic advantage over rivals and even allies.
But U.S. officials have gone on red alert out of fear that the current hacking effort is part of a broader “active measures” campaign to influence the upcoming U.S. election, and hurt Clinton while boosting the chances of her Republican rival, Donald Trump.
Why Republicans Too?
U.S. officials and cybersecurity experts say Russian government hacking of Republicans serves several purposes in this election cycle.
One is that it provides Moscow with a deep understanding of the internal workings of the campaigns, their plans and objectives and the key players who wield power and influence in Washington even if the GOP doesn’t take the White House.
A more ominous concern is that the information hacked from Republican operatives could be “weaponized” through the strategic leaking of information, either before or after the election.
In an interview with NBC News, Rep. Adam Schiff of California, top Democrat on the House Intelligence Committee, said he could not discuss any specific victims identified by U.S. investigators, Republican or Democratic.
But, Schiff told NBC News, “The Russians are interested in both political parties.”
“They would certainly target Republicans if there is a chance of a Republican becoming president, which obviously there is,” Schiff said. “They would also target Republicans that would influence the next president, and they would also target people with the interest in disrupting [the election] or sowing discord.”
One prominent Republican, former Bush administration Secretary of State Colin Powell, had his personal emails hacked and released last month via DCLeaks.com. Those emails contained biting comments by Powell about both Clinton and her husband, former President Bill Clinton, and Trump.
Schiff said the leaks of Powell’s emails already “have sown additional discord into our political process. So there’s obviously a reason for foreign hackers to hack members of both parties.”
Schiff said he believes the Russians have an interest in Trump winning the presidency. “Whether they will go so far as to interfere in a way that makes it more likely, I think they are limited in their ability to affect the outcome. But they can certainly cause a lot of discord and confusion.”
Richard Andres, a cybersecurity and national security strategy expert with the U.S. military’s National War College, said Russia has been perfecting its ability to use digital means to manipulate the internal politics –- and elections –- of other countries for more than a decade, especially in Eastern Europe.
“These guys have made hacking political parties and their supporters a science,” Andres told NBC News. “I’m not sure the U.S. has built up any defenses against this type of thing.”
“What we’ve been seeing here in the U.S. so far is mild by comparison to what they do in their own backyard,” Andres said. “If they continue to escalate, we should expect to increasingly see false flag operations designed implicate various political actors, falsified leaks, blackmail, false calls to their opponents’ political supporters and more.”
Top Republican: Not Aware of Any Hacks
Sean Spicer, a spokesman for the Republican National Committee, said he was not aware of any Republican operatives who had been hacked, and that the RNC cybersecurity staff was in close contact with the FBI and probably would have heard about it.
A representative of Sen. McCain said his senate reelection campaign was not aware of any staffers being hacked.
Kevin Bishop, spokesman for Sen. Graham, said, “We have not disputed that Senator Graham’s campaign was hacked, that some campaign related email accounts were hacked.” He described the victims as low-level staffers. “We haven’t said anything about it and don’t expect to.” Graham was a contender for the GOP presidential nomination.
Interviews with Republican campaign and party officials indicated they have been on guard for hacking.
Trump himself has previously said he has no idea who is hacking of Democrats. But an advisor to the Trump campaign said the campaign’s cybersecurity specialists have been warning since last spring that hackers, likely from Russia, “are being very aggressive and trying to find out whatever they can about both campaigns.”
“They are aware that the Russians and others are very eager to see our communications, that there are people out there from other countries that would like to hack into our systems,” the advisor told NBC News. “So we are paying close attention to it.”
Trump campaign hires are given a briefing in which they are warned about such breaches, and told not to use campaign email for personal communications, the advisor said.
In 2015, at least one Trump campaign staff member’s email account was infected with malware and then sent malicious emails to colleagues, according to the advisor, who said that and other concerns prompted the campaign to upgrade its security.
Another senior Republican official confirmed that they were aware of widespread targeting of GOP operatives in the current campaign, both at the campaigns and on Capitol Hill.
Officials noted that both the McCain and Romney campaigns were hacked in 2008 and 2012 respectively, as was Obama’s –- though authorities attributed at least some of those to the Chinese.
“It’s entirely possible that they did it and we just never knew,” said one GOP veteran who worked on a Republican presidential primary campaign. “And I remember many times where the campaign server was running slowly and we’d just switch to Gmail or G-chat. Maybe it was naïve on my part but I never attributed it to hacking.”
Last month, House Homeland Committee Chairman Mike McCaul (R.-Texas) told CNN that the Republican National Committee had been hacked. Spicer, the RNC spokesman, was quick to tweet that there had been no known breach “of @gop networks" and McCaul issued a quick retraction.
McCaul, however, didn’t retract his broader assertion that he had been told in classified briefings that the Russian hacking campaign targeted Republicans as well as Democrats.
“They are not discriminating one party against the other,” McCaul said, adding that the Russians “have hacked into both parties at the national level” and targeted "Republican political operatives."
“What they intend to do with that information,” he said, “I don’t know.”
In Through the Front Door
The two Russian hacking groups blamed for the current cyberespionage campaign, dubbed Fancy Bear and Cozy Bear, also have been blamed for breaching other U.S. targets over the past year or two, including the unclassified systems at the White House, State Department and the military’s offices of the Joint Chiefs of Staff.
In the current hacking of the political system, they have focused on an indirect approach, according to numerous officials and cybersecurity experts familiar with the hacks.
Those sources said Fancy Bear and Cozy Bear –- each tied to a different Russian intelligence agency –- have been specifically targeting the personal emails of individuals through very sophisticated “spearphishing” campaigns where they get someone to click on an email, link or photo purportedly from a trusted source.
That introduces malware onto whatever computer, cellphone or other device they’re using, and in many cases, it allows the hackers to breach work email accounts and even work files and databases that contain sensitive information, officials and experts say.
After vacuuming up everything from that victim, the hackers “move laterally” through their network of friends and business associates and steal all their information too.
“Essentially people are opening their front door and letting them in,” said Toni Gidwani, a former Defense Intelligence Agency official whose ThreatConnect cybersecurity firm has investigated many of the hacks. She said these particular spearphishing techniques are a hallmark of the two Russian hacker groups. “It’s something they keep coming back to because it works.”
Like others, Gidwani said the size and scope of the hacking campaign isn’t known publicly because investigators mostly know about the cases in which information has been leaked.
“It’s perfectly possible that … people and organizations are being targeted and breached but that if the adversary doesn’t see the value in leaking it, and holding on to it, we wouldn’t know,” Gidwani said. “They could just be waiting for the right time to release it.”