Russian intelligence officers were probably seeking information on likely Hillary Clinton voters when they hacked into a leased Democratic Party computer server just two months before the 2016 election, former and current party workers have told BuzzFeed News.
The Russians successfully logged into and copied the contents of the server, which the Democratic National Committee had rented from Amazon Web Services to test applications that would allow campaign workers to access voter information, the former and current employees said.
“It’s clear that the Russians were targeting the DNC’s analytics information and were trying to take the DNC’s data,” Adrienne Watson, a spokesperson for the party, told BuzzFeed News.
The hacked server didn't contain the campaign’s troves of information detailing which voters were likely to cast ballots for Clinton, Watson said, but the applications the Russians stole still could have provided insight into the campaign.
“This was a significant hit that the DNC detected and remediated. While the virtual servers that we know were attacked and copied never housed our central analytics database of voter information, the intruders were able to see important aspects of our analytics software and tools, our methods, where they were developed and tested,” she said.
The revelation last week in the indictment of 12 Russian intelligence agents that hackers had broken into the leased Amazon server in September 2016, long after the Democrats had been told the Russians had been expelled from the party’s computer systems, gave rise to concerns that the hack had allowed the Russians to exploit the Democrats’ own analysis of where Clinton’s campaign was flagging in its final weeks.
But Democratic Party workers said they believe that would have been impossible, because the server had been used only as a “testing ground” for applications, and didn't include full datasets.
It’s impossible to know the intentions of the hackers, but Russians who tried to influence the US election did gather data about voters in a variety of ways, said David Carroll, a professor at New York’s New School who studies data analytics.
“There were multiple attempts to collect information about US voters, and they were very creative,” Carroll said.
Those attempts ranged from the Russian cyberattacks — last week's indictment revealed that the Russian hackers stole information on 500,000 Illinois voters — to efforts by the Internet Research Agency, the online “troll factory” that was indicted in February for election interference, which posed as promotional companies to trick Facebook users into sharing data on their friends and family.
It’s unclear how the Russian officers were able to gain access to the Amazon Web Services server. The Russian hackers had been expelled from the Democratic Party systems in June and had failed in their efforts to reenter them. But because the server was no longer being used at the time of the hack, and because the campaign’s full voter information was believed to still be untouched, the campaign downplayed the incident at the time.
“I think someone stumbled on this one by accident,” said a former campaign employee familiar with the systems involved, who wasn’t authorized to speak on the record and who feared that speaking as an authority on the matter could create problems with his current employer.
“At that point in the campaign, it was largely depreciated,” he said, referring to the server.
Voter information was a key factor in Donald Trump’s 2016 election victory, according to Brad Parscale, who was the head of the Trump campaign’s digital operations and now heads Trump’s 2020 reelection campaign.
But Parscale has denied as recently as Tuesday that he cooperated with any foreign entities in his work on Trump’s campaign.
Meanwhile, the bankrupt political data analytics firm Cambridge Analytica, whose billionaire owner Robert Mercer was one of Trump’s biggest backers, is currently under federal investigation for harvesting some 50 million Facebook users’ data without their permission. Cambridge Analytica reportedly had such poor security practices that former contractors are still able to access its system with their personal Gmail accounts.
This story has been updated and clarified with additional comments from the DNC.