TOPICS > Nation

Reconstructing the Russian hacks leading up to the election

December 14, 2016 at 6:35 PM EDT
Reports that the CIA believes Russia sought to help the president-elect win the election by hacking Democratic political organizations has rocked the nation. Mr. Trump dismisses claims that Russia had any influence in the process or that it wanted him in office. Hari Sreenivasan examines what investigations have revealed with Dmitri Alperovitch of Crowdstrike and Eric Lipton of The New York Times.

HARI SREENIVASAN: The recent reports that the U.S. intelligence community believes Russia sought to help Donald Trump win the election through the hacking of Democratic political organizations has rocked the country.

As we just heard, President-elect Trump dismisses the idea that Russia was responsible or that it wanted him to win the White House.

Today’s New York Times featured an extensive timeline of the hacking, and what it may have wrought.

I’m joined now by one of the reporters who wrote the story, Eric Lipton, and by Dmitri Alperovitch. He is the co-founder of CrowdStrike, the cyber-intelligence firm that investigated the hacking of the DNC.

Eric Lipton, I want to start with you.

Your reporting shows a really large gap between when the FBI reached out to the DNC and when President Obama or the U.S. government attributed that these hacks were by the Russians. What caused this?

ERIC LIPTON, The New York Times: That’s right.

I mean, it was September of 2015 that the FBI first reached out to the DNC to alert an I.T. contractor who worked there that there appeared to be someone operating within their system, and that operator was perhaps linked to Russian hackers.

And it wasn’t until October of 2016, so more than a year later, that the administration and the intelligence agencies formally issued a statement attributing that cyber-attack to the Russian actors. And so that’s quite a long time. And it was — many, many months passed between when the FBI first essentially called the DNC and the time in which the DNC in fact confirmed that the hackers were present. That didn’t take place until late April.

So there was quite a delay. And that delay occurred at a time when the presidential election was playing out. And then the hacked e-mails then became public and had an influence on that process.

HARI SREENIVASAN: Dmitri Alperovitch, within days of your company getting the contract with the DNC, you figured out who was behind this. How did you do it?

DMITRI ALPEROVITCH, CrowdStrike: Well, the DNC Called us in, in May of 2016, in May of this year.

They wanted us to check out these anomalous activities that they were starting to see on the network. And we deployed our technology called Falcon on every machine within the company, within the corporation. And basically it allowed to us essentially see everything that was happening on every server and laptop and desktop at the Democratic National Committee.

And what we found is that there were two actors independently operating within that network. And the tradecraft that they were using, the tools that they were using and other digital forensics, sort of digital fingerprints, if you will, indicators that we picked up, matched to the indicators that we had previously associated with these two groups.

They are called Fancy Bear and Cozy Bear, and that we affiliated with Russian intelligence agencies.

HARI SREENIVASAN: Eric, as Dmitri’s software pointed out, this wasn’t the first time that Russians had done this. It just seems to be an escalation.

ERIC LIPTON: That’s right.

Certainly, during the Obama and McCain race, there was hacking that occurred there. And there has been quite a number of federal agencies that have been attacked and infiltrated by some of the same players that went into the DNC.

So, and, in fact, the director of national intelligence gave a warning in 2015, saying there was already evidence that there was — folks were targeting the presidential candidates for this year’s elections. So there was lot of reasons to be on the guard for a possible cyber-attack.

And so you have to wonder why — that said, the Russians, if in fact it was the Russians — and everything suggests that it was — are quite, you know, quite skilled at infiltrating systems. But you do sort of wonder why there wasn’t a higher state of alert at the DNC to detect and stop an incursion.

HARI SREENIVASAN: Dmitri, is the standard operating procedure for the FBI and how they warn companies? It seemed, in Eric’s report, at the beginning, they were dealing with a low-level I.T. guy who was a subcontractor, and that person didn’t even believe that it was actually an FBI call.

DMITRI ALPEROVITCH: Well, I think you have to appreciate that the FBI does literally hundreds of notifications like this on a weekly basis.

There’s a lot of intrusions that are happening in our country from a variety of different nation-state adversaries that the FBI picks up in the course of their investigations. So most of the time, they just don’t have the resources to do more than try to call and notify a corporation.

I think in this case, however, given the high-profile target, given that this was an election season, I think more should have been done. Given the proximity of the DNC to the FBI headquarters, just about a mile away, someone could have gone to the DNC and notified them in person.

HARI SREENIVASAN: You know, Eric, one of the stories — you had a separate piece about this, but one of the things that got buried in this while we were all focused on the DNC hack and perhaps the Podesta e-mails were how some of this information actually made it down into very key House races, the hack into the DCCC, the congressional campaign committee.

ERIC LIPTON: That’s right.

So, at the same time as the hackers got into the DNC, they share a building and actually have a connection between the computer system of the DNC and the Democratic Congressional Campaign Committee. And so they were able to take tens of thousands of pages of documents from the DCCC, which oversees the House races by Democrats.

They took these documents and then they distributed them to bloggers and reporters in individual states at key moments, like right before specific debates, before primaries, to try to damage the standing of the Democratic candidates.

And all the documents that went out were related to, you know, opposition research other collections of documents from the Democrats. Those document dumps, you know, had real consequences on some Democrats.

So, while the Trump folks suggest that this had no impact on the election, I think, if you look at some of the House races, in particular in Florida, there was a particular House race where the party wanted one woman who was running, Annette Taddeo, to be their candidate, and she lost after the document dump embarrassed her, and it became a subject of debates and news coverage.

And that was — that was consequential. And it didn’t get much attention from the media, because we were so focused on other things.

HARI SREENIVASAN: Dmitri, we just have a few seconds.

Are there enough measures in place in preventing this from happening again?

DMITRI ALPEROVITCH: I think every organization needs to assume that they are compromised.

We see so much of these intrusions from nation-states and criminal groups that it’s a daily occurrence for organizations, companies, and nonprofits and government agencies alike. So everyone needs to be focused on doing compromise assessments to make sure that their networks are truly clean.

HARI SREENIVASAN: All right, Dmitri Alperovitch from CrowdStrike, Eric Lipton from The New York Times, thank you both.

ERIC LIPTON: Thank you.