DNC staffers: FBI didn’t tell us for months about possible Russian hack

Sean Gallagher
A report by Reuters suggests that the FBI was aware of a possibly Russian-sponsored intrusion into the network of the Democratic National Committee as early as last fall. But investigators from the FBI only initially told DNC staff that they should be on the lookout for strange activity on their network—and the feds didn't mention a potential state-sponsored attack until they informed the Clinton campaign in March about a phishing campaign.
Unnamed DNC staffers told Reuters' Mark Hosenball and John Walcott that the FBI had been investigating a potential intrusion into the DNC's network since the fall of 2015. After the initial warning to look for anything suspicious, DNC IT staff checked network logs and scanned files, finding nothing suspicious. When asked to provide more information to help identify a problem, the FBI "declined to provide it," according to the Reuters report.
It was not until March that the DNC IT team realized the severity of the intrusion of their systems, though Reuters did not report what triggered their realization. At about the same time, the FBI reportedly warned the Clinton campaign of the attempted attacks, according to a Yahoo News report. Spear-phishing attacks were detected in March and April against the DNC and the presidential campaign organization of Hillary Clinton by the security company SecureWorks, as Ars has previously reported.
Part of the reason why the attack may have persisted for so long was that the DNC may not have had much in the way of a security team to begin with. Much of the technology work for the websites, fundraising, and field support for the DNC (as well as the Clinton campaign and the Democratic Congressional Campaign Committee) is provided by outside organizations, including NGP VAN and ActBlue. Several sources Ars has spoken to have said that there was little in the way of an internal information security team at DNC prior to the intrusion.
Despite being aware of the possible breach in March, the degree of access that the attackers had wasn't clear until June, after the DNC brought in the security firm CrowdStrike and other experts to assist. For more than two more months, the alleged "Fancy Bear" and "Cozy Bear" threat groups, purportedly associated with Russian intelligence agencies, were allowed to continue to siphon data out of the network and spread. After detection, the "Fancy Bear" group apparently re-established its intrusion on the systems of the Democratic Congressional Campaign Committee, hacking a Web server and redirecting would-be donors to a malicious website as Ars reported last month.
It's not clear how widely the DNC IT staff warned the rest of the committee's staff once the breach was discovered; it's also not clear if anyone understood what was going on. A May e-mail from one DNC staffer noted warning messages of a possible "state actor" hack of her Yahoo e-mail account despite frequently changing passwords.
An FBI spokesperson refused to comment on the Reuters report because of the ongoing investigation into the case.

Comments