The hackers of the Lynde and Harry Bradley Foundation left a faint and winding trail that seems to point toward Russia.

Besides their digital footprints, the cyber thieves left behind a series of spilled secrets, broken laws and unsettling questions about how voters and the news media should react when international hackers seek to influence American politics.

“These are very powerful techniques for manipulating institutions of all types,” said Dave Aitel, whose career includes six years as a National Security Agency analyst and nearly two decades in the cyber-security field.

“(Hackers) definitely will succeed some of the time, so we need to figure out what we do about it,” said Aitel, now chief executive officer of the Miami-based firm Immunity. “It’s not the media’s problem. It’s democracy’s problem.”

The Bradley Blueprint National Wisconsin A closer look at the grants Documents

The Bradley Blueprint National Wisconsin A closer look at the grants Documents

Experts in cyber security point to evidence that the theft of the conservative Milwaukee foundation's files was likely the work of Russian hackers. The documents were posted online briefly last year and provided to the Milwaukee Journal Sentinel. Media ethics experts say the American public has an interest in knowing what those documents show about their government.

“Anytime you have information that is relevant to your audience, you have a duty to get it to that audience,” said Kelly McBride, vice president of the Poynter journalism foundation in St. Petersburg, Fla. “But you have to verify that it’s true.”

To do that, Journal Sentinel reporters spoke with officials at the Bradley Foundation, who confirmed the hacked documents, and people mentioned in the hundreds of thousands of pages. Rather than dumping out all the hacked documents, the Journal Sentinel is focusing on those that most directly affect public policy.

"These records shed light directly on laws and policies being considered by our elected officials — and on efforts to influence the elections process itself," said Journal Sentinel Editor George Stanley.

“If citizens are going to remain in charge, they must have access to information about what their elected representatives are doing in their name — and why," Stanley said.

Support our investigative journalism Become a Milwaukee Journal Sentinel subscriber today and get unlimited digital access to support stories like this one.

Support our investigative journalism Become a Milwaukee Journal Sentinel subscriber today and get unlimited digital access to support stories like this one.

When hacked emails from the chairman of Hillary Clinton's presidential campaign, John Podesta, were released last year, writers at the Bradley-funded Wisconsin Watchdog website wrote about them in October and again in November. But the foundation's former chief executive, Michael Grebe, says it's wrong to write about Podesta's hacked documents — or those from the foundation.

"I am very critical of (the Journal Sentinel) for going with this story, recognizing that other media outlets are also following this pattern," Grebe said. "Where have we come as a society? People steal records, illegally, and expose them. And then otherwise reputable media rely on those stolen records for their reporting."

A spokeswoman for the parent of Wisconsin Watchdog had no immediate comment.

From Russia with malware

In 2016, Russian hackers appeared to target Democrats in the presidential election. That raises an obvious question: why would these international cyber-thieves target a conservative foundation in Milwaukee?

The hackers appear to have put out the authentic Bradley files in an attempt to lend credence to their release — days before the election — of forged letters about Clinton’s campaign.

On Oct. 30, a hacker known on Twitter as Anonymous Poland released three fake letters in which Bradley's vice president of finance Cynthia Friauf supposedly directed the foundation's financial manager, Rothschild Asset Management, to transfer a total of $156 million to Clinton's campaign.

The properties of the electronic file were made to look as if Friauf had created it, the Journal Sentinel found. But despite its digital sophistication, the fraud was unconvincing, given Bradley's staunchly conservative outlook and the fact that a foundation couldn't legally contribute such a sum directly to a presidential campaign.

"If you know anything about the Bradley Foundation, it's ridiculous," said Rick Graber, Bradley's current CEO.

"You feel violated. It's as if someone broke into your house or stole your laptop," he said.

It's unclear why the hackers thought it would be credible that Bradley would give money to Clinton — Anonymous Poland's account went dark after the election and its user didn't respond to messages from a reporter. But one Anonymous tweet references the Rothschild family, which is often mentioned in anti-Semitic conspiracy theories.

What is clear is that this same Anonymous Poland Twitter user also referenced the hacking of materials from last summer's hack of the World Anti-Doping Agency, which followed the agency's call to ban Russian athletes from the Rio Olympics. That hack — which Anonymous Poland talked about weeks before materials were released — was widely seen by experts as the work of Russian intelligence.

The account last year also released what it says were hacked documents from the Ukraine — another major focus for Russia.

Aitel, the cyber-security executive, said all the signs point to Russian involvement in the doping hack. He pointed to both the hacking techniques used and to common sense — Russia had something to gain from discrediting the anti-doping agency.

The Anonymous account drew the attention of analysts at Wapack Labs Corp., a New Hampshire security firm that was tracking the Olympics. Wapack analysts looked at the Anonymous Poland posts and saw the hacker's browser history showed visits to Google's Russian site, not its Polish one.

"That's how we came up with a medium to high confidence level that Anonymous Poland was indeed Russian," said Bill Schenkelberg, a former federal investigator who is now a technical director for Wapack.

When Anonymous Poland showed up in the Bradley hack, Schenkelberg said Wapack came to a similar conclusion about that attack: Russian involvement.

Anonymous Poland told the technology site Vocativ that the hack was easy because Bradley had used only an extremely basic administrative username and password.

"“Bro, We are Anonymous," the hacker said of his or her identity.

The Bradley Foundation reported the hack to the FBI and hired lawyers and its own forensic firm to look into the attackers' identity, Graber said. There's been no firm conclusions released by either the FBI or the private investigators.

"I suspect we probably will never know exactly who it is," Graber said.

Public interest duty

Journalists should take care with hacked documents, experts on ethics said. At the same time, they said, the media can't ignore their news value.

“If they’re factual and there’s a link to the public interest, then you have a public interest duty to write these things,” said Stephen Ward, founder of the University of Wisconsin’s Center for Journalism Ethics.

Jeffrey Seglin, an ethicist at Harvard University’s Kennedy School, agreed.

“The ethical response is to make sure that what you’re putting out there is accurate,” Seglin said. “There is this public interest in getting this information to the readers.”

Stanley, the Journal Sentinel editor, pointed to the newspaper's Pulitzer Prize-winning stories in 2009 about fraud within Wisconsin's state-funded child care subsidy program. Those stories were based in part on records on children and parents that were not available to the public and that were provided by a government whistle-blower.

"Those records, when Democrats were in charge of state government, helped us expose massive fraud against state taxpayers that was also causing harm to children," Stanley said. "That's the key for us — is it important information that citizens can use to make their own decisions and choices?"

Daniel Bice and Bill Glauber of the Journal Sentinel staff contributed to this report.