Did Russian Intelligence Hack the DNC Servers?

Short answer: nobody knows, but the media is treating it as a fact based primarily on a single technical source employed by the Democratic National Committee. I read the source’s publicly available explanation. Here’s what I found.

A Quick Taste of Media Conclusions

Despite a line in paragraph five saying “Proving the source of a cyberattack is notoriously difficult,” the New York Times offers the following statements.

  • “researchers have concluded that the national committee was breached by two Russian intelligence agencies;”
  • “Though a hacker claimed responsibility for giving the emails to WikiLeaks, the same agencies are the prime suspects;”
  • “Whether the thefts were ordered by Mr. Putin, or just carried out by apparatchiks who thought they might please him, is anyone’s guess.”
  • “It is unclear how WikiLeaks obtained the email trove. But the presumption is that the intelligence agencies turned it over, either directly or through an intermediary. Moreover, the timing of the release, between the end of the Republican convention and the beginning of the Democratic one, seems too well planned to be coincidental.”

There’s more, but you get the picture. The article also quotes Clinton staffers citing unnamed experts and researchers.

Who Are These Experts?

The only experts cited work for a company hired by the Democratic National Committee to investigate the hack. There is no indication of any neutral third party investigation. The company, Crowdstrike, issued a publicly available report on what they found.

The report title makes clear the company’s conclusion: Bears in the Midst: Intrusion into the Democratic National Committee.

What Does the Report Say?

The report has some technical explanations, but focuses on conclusions that seem to be at best presumptions, despite the media treating them as fact.

  • The key presumptive conclusion seems to be that the sophistication of the hacks points to a nation-state actor. “Their tradecraft is superb, operational security second to none and the extensive usage of ‘living-off-the-land’ techniques enables them to easily bypass many security solutions they encounter. In particular, we identified advanced methods consistent with nation-state level capabilities.”
  • The hackers, two separate entities Crowdstrike says worked independently, used techniques known to be used by Russians. Better yet, with no evidence at all presented, Crowdstrike concludes, “Both adversaries engage in extensive political and economic espionage for the benefit of the government of the Russian Federation and are believed to be closely linked to the Russian government’s powerful and highly capable intelligence services.” Also, for one of the alleged hackers, “Extensive targeting of defense ministries and other military victims has been observed, the profile of which closely mirrors the strategic interests of the Russian government.”
  • By the end of the report Crowdstrike is just plain out called…

Read more