Russian Hacking Campaign Hits Republicans, Too

The Russian hackers who breached the servers of the Democratic National Committee struck a far wider range of targets than thought, and researchers have now tied a mysterious website hosting leaked emails, including from the Republican Party, to the same Moscow operatives who stole Democratic Party correspondence.

In a Friday blog post, researchers at ThreatConnect, an intelligence firm, identified a website known as DCLeaks.com as a “Russian-backed influence outlet.” That website hosts leaked emails and other documents from a variety of officials, including former NATO commander Gen. Philip Breedlove, philanthropist and investor George Soros’s Open Society Foundation, and Republican staffers.

The targeting of foreign political parties by spies represents a standard technique of espionage, but it is the public release via WikiLeaks of material apparently stolen from DNC servers that has so alarmed U.S. officials. The use of DCLeaks to publish information may indicate that Russia is more willing than previously believed to carry out influence operations against the United States using information obtained through computer breaches.

The identification of DCLeaks as a likely Russian outfit also has important implications for the timeline of events surrounding the hacking of the DNC. The site was first registered in April, around the time hackers believed to be working on behalf of Russian military intelligence first breached the DNC.

“This would indicate an intent to operationalize this material earlier than we thought,” Toni Gidwani, director of research operations, said.

DCLeaks posted emails stolen from Republicans including state-level officials from Illinois, Rhode Island, and Connecticut, campaign staff for Sens. John McCain and Lindsey Graham, and various consultants.

A cursory review of the emails has not revealed much beyond standard intra-party correspondence about fundraisers and events, and the usual internet flotsam and jetsam — chain emails and apocalyptic predictions about the coming era of socialist mind control. But the very fact of the intrusion — given the high-profile political scalps claimed by the Russian hack of the DNC — should be cause for concern for the GOP, experts say.

“If the RNC is not looking deeply into the same kind of adversary activity they are very naive,” said Robert M. Lee, the CEO of Dragos, a cybersecurity company, and a former cyber warfare operations officer for the U.S. Air Force.

A spokesperson for the Republican Party did not answer questions about the email archive.

DCLeaks predated the publication of some 20,000 stolen Democratic emails, and was used by the hacker calling himself Guccifer 2.0 to share other purloined emails with journalists. The website was set up in April, and in June, Guccifer 2.0 used the site to share documents from the breached email account of Clinton campaign volunteer Sarah Hamilton with a journalist at The Smoking Gun, an internet news outlet.

Most security experts think Guccifer 2.0 is a ruse created by Russian intelligence to deflect attention from Moscow’s involvement in the hackings; both U.S. intelligence and private cybersecurity firms have fingered Russian intelligence as the culprits.

Late Friday, Guccifer 2.0 posted his latest trove of documents, uploading to his website documents he claimed were stolen from the servers of the Democratic Congressional Campaign Committee.

While it remains unclear exactly how the hacked DNC emails ended up in the hands of WikiLeaks, the Clinton campaign has accused Russia of attempting to tip the scales in favor of Republican presidential nominee Donald Trump. Throughout his unorthodox campaign, Trump has repeatedly echoed Kremlin talking points, from denigrating NATO to blaming President Barack Obama for the creation of the Islamic State.

But more than Democrats are apparently at risk: the emails on DCLeaks suggests that Russian hacking operations swing both red and blue.

DCLeaks divides its email caches into “portfolios” for each of its victims, and the most newsworthy by far belong to Gen. Breedlove. In June, the site released correspondence from the former NATO commander in which he sought the advice of former officials — including former Secretary of State Colin Powell — about how to persuade the White House to adopt a more aggressive policy against Russia in Ukraine, where Moscow has annexed the Crimean Peninsula and fomented a rebellion in the eastern part of the country.

“I may be wrong, … but I do not see this WH really ‘engaged’ by working with Europe/NATO. Frankly I think we are a ‘worry,’ … ie a threat to get the nation drug into a conflict,” Breedlove wrote to Powell. Breedlove later said the emails had been stolen by unidentified hackers working on behalf of a nation-state.

“The leaked emails provide an even more dramatic picture of the intense back-channel lobbying for the Obama administration to begin a proxy war with Russia in Ukraine,” the Intercept wrote about the emails last month.

The site currently maintains a password protected site for emails belonging to Billy Rinehart Jr., a Clinton campaign staffer, whose Gmail account appears to have been hacked with techniques customarily used by hackers working for Moscow. According to the Smoking Gun, which has corresponded with Guccifer 2.0 about the site, the Rinehart emails are mostly mundane.

“The extent of campaign dirt, as it were, was limited to a March email with the subject line ‘FYI-Oreos are now a political issue,’” the Smoking Gun writes.

DCLeaks purports to be a part of genuine effort to shine a light on U.S. politics; it claims to be a watchdog over a government in the pocket of the “lobbying interests of Wall Street fat cats, industrial barons and multinational corporations’ representatives who swallow up all resources and subjugate all markets,” according to its website.

Since WikiLeaks released a trove of emails on the eve of the Democratic convention that showed party officials attempting to undermine the candidacy of Sen. Bernie Sanders, U.S. officials have broadened the scope of their investigation. According to the New York Times, the email accounts of more than 100 Democratic officials have been breached by the hackers.

According to Reuters, U.S. officials first briefed top congressional leaders on the DNC breach a year ago, but did not inform the party.

DMITRY ASTAKHOV/AFP/Getty Images