This post was updated at 3:10 PM
Russian hackers have been accessing the Democratic National Committee’s computer network for the past year, and have stolen information including opposition research files on presumptive Republican presidential nominee Donald Trump.
According to CrowdStrike, the security firm the DNC called in to deal with the massive data breach, one group of hackers tied to the Russian government has been stealing information from the national party for about a year.
“They infiltrated the DNC’s network last summer and were monitoring their communications, their email servers, and the like,” company co-founder Dmitri Alperovitch told NPR.
A second group, also tied to Russia, accessed the DNC’s network in April. “They went straight for the research department of the DNC and exfiltrated opposition materials on Mr. Trump,” Alperovitch said.
The Washington Post first reported the DNC break-in.
CrowdStrike doesn’t believe the two distinct groups of Russian hackers — which the company has internally nicknamed COZY BEAR and FANCY BEAR — collaborated with each other.
“Instead,” company co-founder Dmitri Alperovitch wrote in a lengthy blog post, “we observed the two Russian espionage groups compromise the same systems and engage separately in the theft of identical credentials.”
Alperovitch said CrowdStrike was able to clear the hackers out of the computer network last weekend.
In a statement, DNC Chairwoman Debbie Wasserman Schultz said, “The security of our system is critical to our operation and to the confidence of the campaigns and state parties we work with. When we discovered the intrusion, we treated this like the serious incident it is and reached out to CrowdStrike immediately. Our team moved as quickly as possible to kick out the intruders and secure our network.”
It’s not unusual for hackers to break into presidential candidates’ websites. In fact, it’s happened during the last two presidential campaigns. In the most high-profile incident, hackers shut down Mitt Romney’s campaign site for several hours in 2012.
Last month, Director of National Intelligence James Clapper told lawmakers, “We’ve already had some indications of [political hacking]. And a combination of [the Department of Homeland Security] and FBI are doing what they can to educate both campaigns against a potential cyberthreat.”
This isn’t the DNC’s first high-profile data breach, either. Last December, a breakdown in the server that Democrats use to store information about voters allowed staffers from Bernie Sanders’ presidential campaign to briefly access files from the Clinton campaign.
But a campaign-to-campaign data breach is much different from the penetration of a network by foreign hackers. According to CrowdStrike, the two Russian hacking groups have also “previously infiltrated the unclassified networks of the White House, State Department, and US Joint Chiefs of Staff,” as well as private companies in the energy, media and aerospace sectors.
Alperovitch said it’s still not clear how the hackers were able to gain their initial access to the DNC’s network, as they covered their digital tracks. But, he said, “typical tradecraft for these groups is to compromise the network through what is known as spearphishing, where they send fake emails to individuals within the organization, and getting them to click on a link or an attachment.”