Nation/World

US consensus grows that Russia hacked the Democratic National Committee

WASHINGTON — U.S. intelligence agencies have told the White House they now have "high confidence" that the Russian government was behind the theft of emails and documents from the Democratic National Committee, according to federal officials who have been briefed on the evidence.

But intelligence agencies have cautioned that they are uncertain whether the electronic break-in at the committee's computer systems was intended as fairly routine cyberespionage — of the kind the United States also conducts around the world — or as part of an effort to manipulate the 2016 presidential election.

The emails were released by WikiLeaks, whose founder, Julian Assange has made it clear that he hoped to harm Hillary Clinton's chances of winning the presidency. It is unclear how the documents made their way to the group. But a large sampling was published before the WikiLeaks release by several news organizations and someone who called himself "Guccifer 2.0," who investigators now believe was an agent of the GRU, Russia's military intelligence service.

The assessment by the intelligence community of Russian involvement in the DNC hack, which largely echoes the findings of private cybersecurity firms that have examined the electronic fingerprints left by the intruders, leaves President Barack Obama and his national security aides with a difficult diplomatic and political decision: whether to publicly accuse the government of President Vladimir V. Putin with engineering the hacking.

[Democratic emails release was timed to harm Hillary Clinton]

Such a public accusation could result in a further deterioration of the already icy relationship between Washington and Moscow, at a moment when the administration is trying to reach an accord with Putin on a cease-fire in Syria and on other issues. It could also doom any effort to reach some kind of agreement about acceptable behavior in cyberspace, of the kind the United States has been discussing with China.

Stealing information about another country's political infighting in hardly new, and the United States has conducted covert collection from allies like Germany and adversaries like Russia for decades. Publishing the documents — what some have called "weaponizing" them — is a different issue. Clinton's campaign has suggested that Putin was trying to even the score after the former secretary of state denounced a 2011 Russian election as filled with fraud.

ADVERTISEMENT

"The first thing that the secretary of state did was say that they were not honest and not fair, but she had not even yet received the material from the observers," Putin said at the time. "She set the tone for some actors in our country and gave them a signal," Putin continued. "They heard the signal and, with the support of the U.S. State Department, began active work."

Campaign officials have also suggested that Putin could be trying to tilt the election to Donald Trump. But they acknowledge that they have no evidence.

Asked on Tuesday, at the Democratic convention in Philadelphia, whether "there's more to the Trump/Russian relationship that hasn't come out," John Podesta, the Clinton campaign chairman, said, "Well, he certainly has a bromance with Mr. Putin, so I don't know." Podesta said that while Russia has a "history" of interfering in democratic elections in Europe, it would be "unprecedented in the United States."

The Republican platform, adopted last week in Cleveland, calls on the United States to "respond in kind and in greater magnitude" to cyber attacks, saying that "Russia and China see cyber operations as part of a warfare strategy during peacetime. Our response should be to cause diplomatic, financial and legal pain."

But the Trump campaign has dismissed the accusations about Russia as a deliberate distraction, meant to draw attention away from the content of nearly 20,000 emails and documents from the Democratic committee that WikiLeaks started releasing on Friday. They showed efforts to impugn Sen. Bernie Sanders of Vermont in his effort to challenge Clinton for the nomination.

On Twitter Tuesday night, Trump said that in order to deflect "the horror and stupidity of the Wikileakes disaster," Democrats were saying: "Russia is dealing with Trump. Crazy!"

"For the record," he said, "I have ZERO investments in Russia."

Secretary of State John Kerry raised the attack with his Russian counterpart, Sergey Lavrov, on Tuesday at a meeting of foreign ministers in Vientiane, Laos. Lavrov dismissed the idea that Russia was involved, telling reporters who asked about the charges: "I don't want to use four-letter words."

Kerry made no accusations, saying he had to allow the FBI to "do its work" before he drew "any conclusions in terms of what happened or who's behind it."

The federal investigation, involving the FBI and the intelligence agencies, has been going on since the Democratic National Committee first called in a private cyber security firm, Crowdstrike, in April.

[Democrats nominate Hillary Clinton despite sharp divisions]

Preliminary conclusions were discussed on Thursday at a weekly cyberintelligence meeting for senior officials. The Crowdstrike report, supported by several other firms that have examined the same bits of code and telltale "metadata" left on documents that were released before WikiLeaks' publication of the larger trove, concludes that the Federal Security Service, known as the FSB, entered the committee's networks last summer.

The GRU, a competing, military intelligence unit, was a later arrival. Investigators believe it is the GRU that has played a bigger role in releasing the emails.

In an essay published on Lawfare, a blog that often deals with cyber issues, Susan Hennessey, previously an attorney for the National Security Agency, called the published evidence about Russian involvement "about as close to a smoking gun as can be expected when a sophisticated nation-state is involved." Assange's threat to release documents, she wrote, "means, put simply, that actors outside the U.S. are using criminal means to influence the outcome of a US election. That's a problem."

But U.S. intelligence agencies have their doubts that the Russian intention, at least initially, was to sway the American election. The intrusion began just shortly after Trump announced his candidacy for the Republican nomination. At the time, his chances looked minuscule. One senior official noted that while the cyberattack might have been intended to embarrass Clinton, who was the presumptive nominee, it could not have been aimed at bolstering Trump.

It is far from clear that Obama or the FBI director, James Comey, would ever name Russia as the origin of the hack. Obama has only once accused a country of attacking an American organization, when he said that North Korea was the source of the 2014 attack against Sony Pictures Entertainment. But the United States has no relationship with North Korea, and there was little to lose from identifying it.

In the case of Russia and China — countries with which the United States has complex relationships — Obama has in the past made the opposite decision. He never named the Russian intelligence agencies as the perpetrators of hacks on the State Department and White House unclassified email systems, or on the Joint Chiefs of Staff.

ADVERTISEMENT

While the administration has called out the People's Liberation Army of China for stealing intellectual property, it never publicly accused the Chinese intelligence services of stealing the security-clearance files on more than 21 million Americans who held or applied for clearances.

By happenstance, the intelligence report on the Democratic National Committee hacking was circulating here on the day that Obama issued a new policy, long in development, to organize the government's response to major cyberattacks and to set up a six-point "grading system" to assess the severity of strikes against U.S. companies, government agencies and organizations.

The action against the Democratic committee, they said, would qualify as a "significant cyber incident," which was defined as one that causes "demonstrable harm to the national security interests, foreign relations or economy of the United States, or to the public confidence, civil liberties or public health and safety of the American people."

Ranking the DNC hack in the pantheon of other penetrated networks is difficult. The top ranking under Obama's system would be reserved for an attack that disabled U.S. power grids, for example, akin to the suspected Russian attack on Ukraine's electrical system in December. The attack on the Office of Personnel Management and Sony, which destroyed 70 percent of the studio's computers, would also rank above the "category 3" level, which defines a "significant" attack.

But the ranking system does not mandate what kind of response the president would authorize. And it was designed before many in Washington imagined the use of cyberattacks to release information in the midst of a dizzying, and volatile, presidential campaign.

ADVERTISEMENT