A flood of information has emerged that connects GOP presidential nominee Donald Trump to a questionable cast of characters who are linked to Russian interests, including a former campaign advisor for the pro-Russian former Ukrainian Prime Minister Viktor Yanukovych, an adviser and investor in Russia’s state-run gas company Gazprom, and a convicted stock manipulator with ties to the Russian mafia.
Two cybersecurity firms, CrowdStrike and Fidelis Cybersecurity, have linked Guccifer 2.0 to APT groups Cozy Bear (also known as CozyDuke or APT 29) and Fancy Bear (also known as Sofacy or APT 28). He has claimed that he is a Romanian hacker and that he acted alone in hacking the Democratic National Committee (DNC) computer systems and the Bill, Hillary and Chelsea Clinton Foundation.
Dominique Davis, CEO at Red Cell Infosec, alerted SCMagazine.com to a document in the email dump published by WikiLeaks that contains the DNC General Fund bank account and routing number and wire instructions. He told this publication that he informed the FBI last week of the unencrypted data. “Any hacker on the net right now could empty this account.” The document was discovered through Red Cell Infosec’s open-source threat intelligence analysis platform, Davis told SCMagazine.com.
Industry professionals are in general agreement that the documents released by Guccifer 2.0 were likely the result of a hack of DNC email servers by Russian actors. Some pros viewed the exclusive focus on Democratic targets as an indication of aligned interests with the Trump campaign.
“A lot of that money comes from the same war chest, which is unfortunately the religious right and defense companies,” said Davis. He likened Trump’s ties to Putin’s financial backing from the Orthodox Church.
One industry pro did not view Trump’s connections to Russian interests as a motive in Guccifer 2.0’s focus on Democratic targets, noting that he would prefer not to believe “a Manchurian candidate is just one step away from the White House.” Dimitri Sirota, CEO of BigID, stated in comments provided to SCMagazine.com that Trump “doesn’t seem to be the kind of person who keeps secrets well.”
“There is a basis to believe Russian state actors passed some of the stolen material to Wikileaks to influence US policy towards Russia,” Leo Taddeo, chief security officer of Cryptzone, wrote in comments emailed to SCMagazine.com. “Putin and his leadership are trying to influence Clinton and her future stance toward Europe’s missile defenses and NATO expansion.”
“It’s probably a deliberate attempt to influence the election by whoever implemented the attack,” said Sirota. He noted that he believed Putin would be inclined to demonstrate its capabilities, as a show of force to gain Clinton. Russia has engaged in similar uses of cyber-strategies in the past to achieve its diplomatic goals. “They certainly have the capability,” he said.
Taddeo agreed that Putin has a message to Clinton. The message is: If she demonstrates a willingness to ease away from the missile defense shield launched by the U.S. and NATO in May, then Russia will allow her to continue her campaign.
“Politicians are not known for the best cybersecurity, but in light of recent events, they are focused on that more and more,” said Darren Hayes, assistant professor and director of cybersecurity at Pace University’s Seidenberg School of Computer Science and Information Systems, speaking with SCMagazine.com. He noted that the DNC may not be the only targeted by Russian APT groups. “It may mean that they are more sophisticated and may have better ways of identifying an APT attack.”
Davis disputed this. “The facts are that we’re reading about their bank accounts and routing numbers appearing on Wikileaks.”