As journalists and political operators pored over the 20,000 emails leaked from the servers of the Democratic National Convention, one Democratic staffer frantically searched for his name. It was only when he failed to find it that he began to fear for the worst.
"Like everyone in DC, I immediately searched my name," said the strategist, who works with the DNC. "I wasn't in there, which I was happy about, until I realized just how sinister this leak actually was."
The staffer, like cybersecurity officials who spoke to BuzzFeed News, said the leaks were sinister because those behind the attack might be drip-feeding the emails to the public to create maximum damage for the Clinton campaign.
The biggest story to emerge from the publication of the emails on Friday by WikiLeaks was the Democratic Party’s apparent favoritism of Hillary Clinton over Bernie Sanders — something that heightened divisions at the opening of the convention in Philadelphia on Monday, prompted a party apology, and precipitated the resignation of Debbie Wasserman Schultz as DNC chair.
The question now is what comes next. According to the security firm Crowdstrike, the hackers were parked in the DNC servers for months, raising the possibility that there may still be more emails to come, potentially some that are fabricated.
These are the questions cybersecurity experts are wrestling with as they come to terms with the possibility that the political party has been hacked by a foreign power seeking to influence the outcome of an election. While some who believe that the U.S. has been meddling in foreign elections for decades see the DNC email scandal as karma, cybersecurity experts also see it as setting a dangerous new precedent for what cyberespionage can achieve.
“This is a bellwether of things to come,” said Ajay Arora, CEO of cybersecurity firm Vera. “The techniques are advancing. There are strategic attacks, and then there is tactical warfare. There are parties out there now thinking, hey, let’s affect outcome of whole election.’”
The email leak dominated the Monday news cycle as the convention got ready to launch in Philadelphia. By mid-morning, the FBI said it was investigating the hack and Russia was believed to be behind the attack.
Russia has a history of using its cyber capabilities for this kind of advanced geopolitical meddling, from Germany and Ukraine to Poland and Georgia, but no country, said cybersecurity experts, has ever inserted itself so obviously into a US election.
“Russia has been synonymous with spying through their whole history. They are one of the best in the world at it, and they love it,” said Eric O'Neill, a former FBI counterintelligence and counterterrorism operative who now works as a security strategist at the cybersecurity firm, Carbon Black. "I’m sure we [the US] do it, we are after this kind of policy and info. If we could do it, we would do it too… But Russia and China are much more aggressive than we are."
It would be one thing, cybersecurity experts said, to breach a campaign's email servers and use that intelligence to strategize about foreign relations going forward. That kind of thing is as old as the world’s first email servers. But breaching email servers and then strategically leaking those emails, bit by bit, to cause maximum damage to a political party in the midst of a heated election has no known precedent in the West. Perhaps because it is the sort of thing that would have been nearly impossible without today’s social media sites and platforms like WikiLeaks, which advocates publishing breaches in whole, anonymously, and without redactions.
While cybersecurity experts see Russian fingerprints in the metadata within the breached emails, the Russian government can firmly plant itself at arms length from the emails, pointing at WikiLeaks and arguing that anyone could have been behind the breach. WikiLeaks, on its official Twitter account, has said it would not reveal its sources.
“People are going to become more sophisticated about these leaks, about how strategic they are,” said Arora. “We are still in dark ages. People are still using crossbows, but soon we will be onto machine guns...what you could potentially see is a world where you could get your hands on all sorts of data, and then release the data for your strategic advantage.”
Data breaches were once the purview of activists, known as hacktivists, or petty criminals involved in fraud and vandalism. Today, they are the tools of state-sponsored actors, said Danny Rogers, CEO of the cybersecurity firm Terbium Labs. As the sophistication of breaches has grown, so have false flag operations, where fake documents are planted alongside real ones, or where subtle changes are made to documents to make them more incriminating. Rogers, who spends much of his time perusing alleged data leaks on the Dark Web, said that in the case of massive breaches, it was difficult to distinguish between authentic documents from those that are altered.
“How do we gauge authenticity. Are some of the documents doctored?” asked Rogers. “We run into this all the time in our work — we come across alleged data breaches and leaks, and a lot of it is fake. It’s really hard to tell the difference between real and fake. It’s definitely the kind of thing one has to take with a grain of salt and ask, what are the motivations behind the people doing it?”
Sheera Frenkel is a cybersecurity correspondent for BuzzFeed News based in San Francisco. She has reported from Israel, Egypt, Jordan and across the Middle East. Her secure PGP fingerprint is 4A53 A35C 06BE 5339 E9B6 D54E 73A6 0F6A E252 A50F
Got a confidential tip? Submit it here.