Security company releases new evidence of Russian role in DNC hack


JUDY WOODRUFF: The CIA and other U.S. intelligence agencies have concluded the Russian government was behind the email hack into the Democratic National Committee and other political organizations, but have yet to produce their evidence publicly. President-elect Trump has questioned that conclusion.

Today, the private cyber security company that first uncovered the DNC hack unveiled new details they claim confirm Russian military intelligence service was behind the computer breach.

Here to explain all of this is Dmitri Alperovitch. He's the co- founder of CrowdStrike, the company that did the investigating. And Thomas Rid, he's a professor at King's College London. His latest book is "Rise of the Machines: A Cybernetic History."

And we welcome both of you to the "NewsHour".

Dmitri Alperovitch, let me start with you. What is this new information?

DMITRI ALPEROVITCH, CrowdStrike: Well, this is an interesting case we've uncovered actually all the way in Ukraine where Ukraine artillerymen were targeted by the same hackers who were called Fancy Bear, that targeted the DNC, but this time, they were targeting their cell phones to understand their location so that the Russian military and Russian artillery forces can actually target them in the open battle.

JUDY WOODRUFF: So, this is Russian military intelligence who got hold of information about the weapons, in essence, that the Ukrainian military was using, and was able to change it through malware?

DMITRI ALPEROVITCH: Yes, essentially, one Ukraine officer built this app for his Android phone that he gave out to his fellow officers to control the settings for the artillery pieces that they were using, and the Russians actually hacked that application, put their malware in it and that malware reported back the location of the person using the phone.

JUDY WOODRUFF: And so, what's the connection between that and what happened to the Democratic National Committee?

DMITRI ALPEROVITCH: Well, the interesting is that it was the same variant of the same malicious code that we have seen at the DNC. This was a phone version. What we saw at the DNC was personal computers, but essentially, it was the same source used by this actor that we call Fancy Bear.

And when you think about, well, who would be interested in targeting Ukraine artillerymen in eastern Ukraine who has interest in hacking the Democratic Party, Russia government comes to find, but specifically, Russian military that would have operational over forces in the Ukraine and would target these artillerymen.

JUDY WOODRUFF: So, just quickly, in the sense, these are like cyber fingerprints? Is that what we're talking about?

DMITRI ALPEROVITCH: Essentially the DNA of this malicious code that matches to the DNA that we saw at the DNC.

JUDY WOODRUFF: Thomas Rid, to you in London, as you read about this, understand this new information, what do you make of it? How do you see it?

THOMAS RID, King's College, London: Well, the important piece, I think, is that we're looking at only one piece in a larger puzzle which CrowdStrike has discovered is one piece of a larger picture. And the picture is already rich. We know how they choose their targets. We know thousands of their targets even by individual names. We know how they get in, how they move around, how they take information out, we know the infrastructure, the flight card they used to take the information out.

And I think we're approaching the point where the evidence is so rich that there are only two reasons not to accept it — one, because you don't understand the technical details because you don't have to skills, or because you don't want to understand it for political reasons.

JUDY WOODRUFF: Well, you do have the technical expertise. Does it hold up for you?

THOMAS RID: Yes. You know, what I do is I look at specific cases and I drill down and I zoom into the details of the picture and look at that detail. So, we can often link specific cases like the one that Dmitri was just describing to another case because the tool set that they're using is the same, really like the tool of the burglar that breaks into one building and uses the same or a comparable tool in another building.

So, one thing that I'm, for instance, interested in and that I focused on is how they broke into the German parliament and that we can link that to the DNC and, indeed, we can also link those two cases. So, the evidence is really strong that we have at this point.

JUDY WOODRUFF: So, the evidence is really strong. Are you saying there is just no doubt about it, at this point?

THOMAS RID: Among people who studied the true forensic evidence, among people who do incident response, the vast majority of this community — and, you know, bear in mind this is an entire profession trained to do digital investigations — most people in that profession accept the evidence that we have. It's really not controversial anymore that we're looking at a major Russian campaign.

You know, keep in mind: this has been going on for many years. This particular act, that we watched them for eight years, and over the past year, they made quite a lot of mistakes which revealed themselves.

JUDY WOODRUFF: Now, Dmitri Alperovitch, we want to point out and we said earlier, you were — your company was the one that uncovered this in the first place. You were working for the Democratic National Committee. Are you still working — doing work for them?

DMITRI ALPEROVITCH: We're protecting them going forward. The investigation is closed in terms of what happened there. But certainly, we've seen the campaigns, political organizations are continued to be targeted, and they continue to hire us and use our technology to protect themselves.

JUDY WOODRUFF: I ask you that because if there's a question of conflict of interest, how do you answer that?

DMITRI ALPEROVITCH: Well, this report was not about the DNC. This report was about information we uncovered about what these Russian actors were doing in eastern Ukraine in terms of locating these artillery units of the Ukrainian army and then targeting them. So, what we just did is said that it looks exactly as the same to the evidence we've already uncovered from the DNC, linking the two together.

JUDY WOODRUFF: So, if there's still someone out there like the president-elect or others who support him who say, we just don't believe this, we don't think it's been proven, we haven't seen the CIA and the FBI's information, what's your response to that?

DMITRI ALPEROVITCH: Well, I think it's legitimate to ask questions and this is why we wanted to produce more evidence that raises the level of confidence that we have, even internally, that this is Russian intelligence agency called the GRU. I think it's also important for the government to release their own evidence. And I'm encouraged that President Obama ordered this review. I hope the report that comes out will be made public so that everyone can look at it and make their own judgments.

JUDY WOODRUFF: Thomas Rid, what more would you need to see, what more a skeptic need to see in order to erase all doubt?

THOMAS RID: Of course, we can always see more evidence and look for more details, for instance on specific names of operators, and we know that, you know, some intelligence agencies in the United States seem to have that information.

But let's keep something in mind. What they want to achieve — what this Russian operation is trying to achieve at this point is to drive a wedge between the president-elect, between the next administration and the intelligence community. And so far, if you see that as part of the operation, they have been spectacularly successful. So, releasing more evidence and then having critics possibly even the president-elect say, well, that's not good enough, that is exactly the outcome that they want because it introduces friction inside the security establishment in Washington.

JUDY WOODRUFF: Just quickly. Dmitri, is that what you see as well?

DMITRI ALPEROVITCH: I think it's important to bring out the evidence. Some people legitimately have questions about this. It's important for the U.S. government to tell us what they know because they have access to classified intelligence and sourcing methods that we are not privy to as a private security company. So, I think it's important to know what happened in the most consequential hack we've ever seen.

JUDY WOODRUFF: And, of course, we have no way of knowing if that's what they will do — what they will do. But, of course, we will continue to watch it very closely, as well you Dmitri Alperovitch, Professor Thomas Rid. We thank you both.


Recently in World