F.B.I. Examining if Hackers Gained Access to Clinton Aides’ Emails


Photo

Workers wrapped up preparations on Monday at the Wells Fargo Arena in Philadelphia for the Democratic National Convention.

Credit
Jim Wilson/The New York Times

WASHINGTON — The F.B.I. investigation into the suspected state-sponsored Russian theft of emails and documents from the Democratic National Committee’s computer networks has expanded to determine if aides and organizations considered close to Hillary Clinton were also attacked, according to federal officials involved in the investigation.

But so far, a sampling of senior Clinton aides at the Democratic National Convention in Philadelphia found none who said they had been notified by the F.B.I. or private investigators that their private emails had been compromised. At this point, law enforcement officials say, there is evidence only of attempts to gain access to those associates through “spear-phishing” attacks, often crude efforts to get someone to click on an email that releases malware into the computer.

The committee has said that Russia hacked into its computers and has been supported in its assertion by several private cybersecurity firms, including Crowdstrike, the company that investigated the committee’s breach.

Two years ago, several Clinton aides who had worked at the State Department were notified that their accounts there had been broken into by one of the same Russian intelligence agencies, the Federal Security Service, or F.S.B., suspected of getting into the committee’s system. That hacking, which went largely undetected while Mrs. Clinton was secretary of state in President Obama’s first term, gave the Russian intelligence services what one diplomat termed a road map of Mrs. Clinton’s associates and frequent email partners.

Mrs. Clinton’s private server while she was secretary of state, in Chappaqua, N.Y., would have been another obvious target. But last month the F.B.I. director, James B. Comey, said there was no “direct evidence” that Russia or any other power had “successfully hacked” into Mrs. Clinton’s server. Still, he said, there was evidence that intruders had tried, and when Mr. Comey said any successful intruders were probably far too skilled to leave evidence of their intrusion behind, law enforcement officials said, he had the Russians in mind.

For years American intelligence agencies and the F.B.I. have tracked the operations here of two of the most sophisticated state-run hacking groups in the world, the G.R.U., Russia’s military intelligence agency, and the F.S.B., the state security service and successor, twice removed, of the K.G.B. of the Soviet era.

The activities of the two groups in the United States and around the world have been tracked for so many decades that their successes and misadventures are the subject of movies and lore in both the United States and Russia. But since they turned to hacking techniques and sometimes cyberweaponry, the Obama administration has rarely protested in public about the group’s boldest information-warfare attacks, in part to avoid retaliation.

The administration decided not to publicly identify the Russians as the power behind State Department, White House and Joint Chiefs of Staff intrusions. James R. Clapper Jr., the director of national intelligence, told Congress that the United States would not name or shame any country engaged in ordinary espionage — of the kind the United States also does — but should focus instead on setting norms against the theft of intellectual property and destructive attacks. For that reason, Mr. Obama has focused on agreements with China to protect corporate secrets.

Now some administration officials think they may have misunderstood Russia’s intentions. After the public release of the emails and documents that brought down the chairwoman of the Democratic Party, Debbie Wasserman Schultz, and the threat by WikiLeaks to release more documents from this and other hacks, administration officials say they are in a strange new world in which Russia may be using the products of espionage to influence an American election.

Some outsiders agree. “There is nothing new in one nation’s intelligence services using stealthy techniques to influence an election in another,” Jack Goldsmith, a professor at Harvard Law School, wrote on the Lawfare blog on Monday. He noted that the United States had engaged in covert actions to influence elections in Indonesia, Italy, Chile and Poland during the Cold War.

But he added that “doing so by hacking into a political party’s computers and releasing their emails does seem somewhat new.” It could foretell an era of data manipulation, in which outsiders could tinker with votes, or voter data, or “lose” electronic ballots.

Federal officials say their investigation has been underway since the spring, when the committee notified the F.B.I. of the intrusion. The committee’s suspicions were triggered by what appeared to be a relatively clumsy attack by the G.R.U. In the course of investigating that attack, the F.B.I. discovered an earlier, more sophisticated attack on the committee by the F.S.B., which is often in competition with the G.R.U.

But investigators say the committee was reluctant to cooperate deeply in the federal investigation, relying instead — as many companies do — on private investigators that they hired. The committee brought in Crowdstrike, which reported publicly in June that it had evidence that the hack began last summer.

Julian Assange, who founded WikiLeaks, argued to Richard Engel of NBC in an interview broadcast Monday that “there is no proof of that whatsoever” that Russia was behind the original hacking. “We have not disclosed our source, and of course, this is a diversion that’s being pushed by the Hillary Clinton campaign.”

Mr. Assange also said another round of emails to be released would provide “enough evidence” to indict her, but her campaign manager, Robby Mook, said, “He says a lot of things, so I’m not, I’m not going to pay attention to that.”

Many cybersecurity firms that have examined the evidence released by Crowdstrike say Russia appears to be the source. Thomas Rid, a cyberexpert and author of “Rise of the Machines,” noted in an article published on Vice’s website that the intruders made several mistakes: “One leaked document included hyperlink error messages in Cyrillic,” because the documents had been edited with Russian language settings, and other “metadata” was consistent with “identical fingerprints” found in attacks on the German Parliament. The Germans named one of Russia’s intelligence agencies as the attacker in that case.

Continue reading the main story



Source link

About admin

Check Also

Chips Off the Old Block: Computers Are Taking Design Cues From Human Brains

For years, the central processing units, or C.P.U.s, that ran PCs and similar devices were ...

Leave a Reply

Your email address will not be published. Required fields are marked *