Get PolitiFact in your inbox.

What we know about Russia's role in the DNC email leak

Lauren Carroll
By Lauren Carroll July 31, 2016

WikiLeaks founder Julian Assange won’t say who leaked thousands of Democratic National Committee emails, even as security experts believe it was the work of Russian government hackers.

Some of the leaked emails show that some DNC employees clearly favored presidential nominee Hillary Clinton over Bernie Sanders in the Democratic primary despite claims of neutrality, and the controversy forced Rep. Debbie Wasserman Schultz of Florida to resign as DNC chair.

The Clinton campaign has focused on the question of who obtained and leaked the internal documents to distract from the real story of how the DNC tried to undermine Sanders’ campaign, Assange said on NBC’s Meet the Press July 31.

"The Clinton campaign tries to take attention away from a very serious domestic allegation about election interference and (tries to) bring in foreign policy," he said.

But it would be a big deal, Meet the Press host Chuck Todd said, if a foreign government is trying to covertly influence the presidential election. Some Democrats view the leak, combined with Donald Trump’s seeming affinity for Russian President Vladimir Putin, as evidence Russia is trying to tip the election in the Republican presidential candidate’s favor.

The U.S. government has not yet publicly named the culprit behind the DNC hack. But there seems to be widespread agreement among cybersecurity experts and professionals that the attribution belongs to Russian intelligence actors. Whether Russia hacked the DNC intending to affect the election remains unknown.

"The consensus that Russia hacked the DNC is at this point very strong, albeit not unanimous," said cybersecurity consultant Matt Tait, who has been critical of Clinton’s email practices. "The consensus that Russia hacked the DNC in support of Trump is, by contrast, plausible, but something for which the jury at this stage is very much still out."

Here’s a brief timeline of the attack, based on what cybersecurity researchers have found: In June, cybersecurity firm CrowdStrike reported that two hacking groups, who CrowdStrike and many others believe are competing Russian intelligence agencies, had breached the DNC system. About 24 hours later, a Romanian hacker calling himself Guccifer 2.0 claimed credit for the breach and leaked DNC documents to American media outlets, including Gawker and The Hill. Also in June, WikiLeaks founder Julian Assange said he had "emails related to Hillary Clinton which are pending publication," and Guccifer 2.0 claimed to be WikiLeaks’ source.

On July 22, WikiLeaks released the DNC emails.

The evidence

The tactics of the hack resembled traits of two Russian intelligence groups, dubbed APT28 and APT29, also known as Fancy Bear and Cozy Bear, according to cybersecurity experts who examined the hack.

Following the hackers’ breadcrumb trail, cybersecurity experts have posited that Guccifer 2.0 (not to be confused with the original Guccifer, who is a known lone hacker) is not really an independent hacker. Rather, he is a Russian government decoy to deflect attention from the DNC breach.

The U.S. government is not ready to publicly name the suspected perpetrators behind the DNC hack, but the New York Times has reported that intelligence agencies have "high confidence" regarding the Russian government’s involvement.

Translation: The agencies have likely corroborated the technical evidence with other intelligence, like human or financial sources, said Susan Hennessey, a Brookings Institution fellow and a former lawyer for the National Security Agency.

As of yet, there’s no evidence anyone other than Russia breached the DNC. So unless someone hacked the Russian agencies, the Russian government is likely WikiLeaks’ source, Hennessey said. Additionally, Assange and the Russian government have a well-documented relationship, for example the fact that Assange has hosted a television show on RT, a state-owned network.

"Added together, the most logical inference is that the Russians gave the documents to Wikileaks," Hennessey said. "Circumstantial, yes, but strong enough to be the operating assumption for the intelligence community."

Why might Russia do this? Hennessey’s theory is Russia likely hacked the DNC to conduct standard espionage and then happened upon the emails, though it’s also possible they went in searching for something to leak, she said.

Tait was skeptical about claims that the Russian government was behind the hack at first. But when Gawker published the DNC’s opposition research file on Trump, he changed his mind. For one, he saw technical signs tying the Russian government to the hack and subsequent leaks. Further, although many foreign governments might plausibly want to hack the DNC for espionage, "mass-dumping stolen or intercepted political data to influence the public media has all the hallmarks of a Russian information influence operation," Tait wrote on the blog Lawfare.

The doubt

The vast majority of expert commentary seems to agree the Russian government hacked the DNC. But Jeffrey Carr, CEO of cybersecurity firm Taia Global, remains skeptical.

He said many of these technical indicators pointing to Russia are traits that have been publicly outed as Russian previously, so it doesn’t make sense that Russian intelligence agencies would use them again for covert activity. He also posed the question how "a country known for the world's most sophisticated software engineers" would be so easily caught.

"It makes much more sense to me that the Russian government had nothing to do with this, but that Russian-speaking hackers did it on their own for fun or profit or both," Carr said.

If, in fact, the Russian government is behind the DNC hack, its motivations aren’t clear.

"As to whether Russia wanted to help Trump or hurt Clinton, I think it's certainly possible, but something that requires a lot more caution than the media have been giving it thus far, and something for which we have much less solid evidence," Tait said.

Tait said the initial DNC hack was "espionage as usual," and the leak could have been an attempt to discredit CrowdStrike’s initial assessment that Russia was behind the hack rather than a coordinated attempt to boost Trump.

When evaluating the motivations behind the leak, Hennessey said it’s reasonable to consider that Trump has taken positions favorable to Russia and that Russia has a tense relationship with Clinton. They could have wanted to cause chaos in American politics, not necessarily to sway the election but possibly to distract from something else, like diplomatic negotiations regarding Syria.

"The weight of the evidence favors an explanation that the Russians leaked the documents to favor Trump, so it is more than a conspiracy theory but still speculative," Hennessey said.

Sign Up For Our Weekly Newsletter

Our Sources

New York Times, "Released Emails Suggest the D.N.C. Derided the Sanders Campaign," July 22, 2016

New York Times, "To Democrats, Email Hack Suggests Trump Has New Supporter: Putin," July 25, 2016

New York Times, "Spy Agency Consensus Grows That Russia Hacked D.N.C." July 26, 2016

New York Times, "Why Security Experts Think Russia Was Behind the D.N.C. Breach," July 26, 2016

New York Times, "Following the Trail of Stolen Emails From Russia to WikiLeaks," July 27, 2016

CrowdStrike, "Bears in the Midst: Intrusion into the Democratic National Committee," June 15, 2016

Vice, "All Signs Point to Russia Being Behind the DNC Hack," July 25, 2016

Defense One, "How Putin Weaponized Wikileaks to Influence the Election of an American President," July 24, 2016

Lawfare, "What Does the US Government Know About Russia and the DNC Hack?" July 25, 2016

Lawfare, "Is Trump a Russian Agent? A Legal Analysis," July 27, 2016

Lawfare, "On the Need for Official Attribution of Russia’s DNC Hack," July 28, 2016

Washington Post, "Is there a Russian master plan to install Trump in the White House? Some intelligence officials are skeptical," July 27, 2016

Reuters, "U.S. theory on Democratic Party breach: Hackers meant to leave Russia's mark," July 28, 2016

Los Angeles Times, "U.S. intelligence official says foreign spy services are trying to hack presidential campaign networks," May 18, 2016

Medium, "Can Facts Slow The DNC Breach Runaway Train?" July 26, 2016

Medium, "The DNC Breach and the Hijacking of Common Sense," June 20, 2016

The Hill, "Intel head cautions against 'hyperventilation' over DNC breach," July 28, 2016

Email interview, Brookings fellow Susan Hennessey, July 28, 2016

Email interview, cybersecurity consultant Matt Tait, July 28, 2016

Email interview, cybersecurity consultant Jeffrey Carr, July 31, 2016

Browse the Truth-O-Meter

More by Lauren Carroll

What we know about Russia's role in the DNC email leak