Hacker Claims to Leak Stolen DNC Trump Files

RTSGTOQ
Democratic National Committee Chair Debbie Wasserman Schultz, second from from right, attends an LGBT Pride Month reception at the White House in Washington on June 9. REUTERS/Jonathan Ernst

Opposition research on Donald Trump, said to have been stolen by Russian government hackers from the Democratic National Committee, appears to have now leaked online.

A 200-plus page document titled “Donald Trump Report” was posted online by The Smoking Gun website on Wednesday. The document’s metadata suggests it was written by Warren Flood, president of Bright Blue Data LLC, a Democratic data analytics and strategy firm. Flood was also a staffer at the DNC in 2010 and worked for Barack Obama’s presidential campaigns in 2008 and 2012, according to his LinkedIn page. Flood did not immediately respond to Newsweek’s request for comment.

Luis Miranda, DNC communications director, and Mark Paustenbach, the DNC national press secretary, would not say if the document is authentic. News of the hack was first reported by The Washington Post.

The document is fairly anodyne by opposition research standards: a series of narratives—Democratic talking points painting Trump, the presumptive Republican presidential nominee, in a negative light; a deep dive into the New York real estate mogul’s background; and an examination of his positions on a range of issues, from the Islamic State militant group to LGBT rights. The information in the file appears to come entirely from publicly available media reports, and the file seems to contain no shocking revelations about the candidate.

RTSGTOQ Democratic National Committee Chair Debbie Wasserman Schultz, second from from right, attends an LGBT Pride Month reception at the White House in Washington on June 9. REUTERS/Jonathan Ernst

Still, if as the Post claims, there is more to come, then the hack could still prove very embarrassing, both for Trump and for the DNC.

Two groups of hackers—dubbed “Cozy Bear” and “Fancy Bear” by CrowdStrike, the cybersecurity firm called in by the DNC to handle the intrusion—had access to its servers for about a year before they were discovered, CrowdStrike told the Post. Fancy Bear is believed to work for the Russia’s foreign military intelligence agency GRU, while Cozy Bear’s allegiance is less clear. CrowdStrike told the Post it believes Cozy Bear may work for the Federal Security Service, the heir to the KGB, and Russian President Vladimir Putin’s former agency. The two groups did not appear to be working together, Dmitri Alperovitch, CrowdStrike co-founder and chief technology officer, told the Post.

DNC officials learned of the hack in late April after information technology workers noticed unusual network activity. CrowdStrike isn’t sure how the hackers gained access, but speculated to the Post that they may have used phishing emails—emails that appear legitimate but, when clicked, install malicious software on a user’s computer.

An anonymous tipster who sent the same document to Gawker told the the news and gossip website that he or she, not Russian hackers, was responsible for the hack. The claim was disputed by a senior DNC official. Committee officials and security experts confirmed that it was Russian hackers who committed the breach, the Post reported.   

“Our experts are confident in their assessment that the Russian government hackers were the actors responsible for the breach detected in April and May, and we believe that this release and the claims around it may be a part of a disinformation campaign by the Russians,” the official said. “We’ve deployed the recommended technology so that today our systems are secure thanks to a swift response to that attack, and we will continue to monitor our systems closely.”

The anonymous individual also told Gawker that among the stolen files was a list of DNC donors. Congresswoman Debbie Wasserman Schultz, the embattled chair of the DNC, told reporters that financial documents had not been among those stolen from DNC servers.

“The security of our system is critical to our operation and to the confidence of the campaigns and state parties we work with,” she said. “When we discovered the intrusion, we treated this like the serious incident it is and reached out to CrowdStrike immediately. Our team moved as quickly as possible to kick out the intruders and secure our network.”