Two (Three, Four?) Data Points on DNC Hack: Why Does Wikileaks Need an Insurance File?

Actually, let me make that three data points. Or maybe four.

First, Reuters has reported that the DCCC has also been hacked, with the hacker apparently believed to be the same entity (APT28, also believed to be GRU). The hackers created a spoof version of ActBlue, which donors use to give money to campaigns.

The intrusion at the group could have begun as recently as June, two of the sources told Reuters.

That was when a bogus website was registered with a name closely resembling that of a main donation site connected to the DCCC. For some time, internet traffic associated with donations that was supposed to go to a company that processes campaign donations instead went to the bogus site, two sources said.

The sources said the Internet Protocol address of the spurious site resembled one used by Russian government-linked hackers suspected in the breach of the DNC, the body that sets strategy and raises money for the Democratic Party nationwide.

That would mean hackers were after either the donations themselves, the information donors have to provide (personal details including employer and credit card or other payment information), or possibly the bundling information tied to ActBlue.

Second, Joe Uchill, who wrote one of the stories — on two corrupt donors to the Democratic Party — that preceded both publication at the Guccifer 2 site and Wikileaks, said Guccifer gave him the files for the story because Wikileaks was dawdling in publishing what they had.

Screen Shot 2016-07-29 at 12.59.01 PM
Guccifer posted some of the documents Uchill used here.

This detail is important because it says Julian Assange is setting the agenda (and possibly, the decision to fully dox DNC donors) for the Wikileaks release, and that agenda does not perfectly coincide with Guccifer’s (which is presumed to be a cut-out for GRU).

As I’ve noted, Wikileaks has its own beef with Hillary Clinton, independent of whom Vladimir Putin might prefer as President or any other possible motive for Russia to do this hack.

Now consider this bizarre feature of several high level leak based stories on the hack: the claim of uncertainty about how the files got from the hackers to Wikileaks. This claim, from NYT, seems bizarrely stupid, as Guccifer and Wikileaks have both said the former gave the latter the files.

The emails were released by WikiLeaks, whose founder, Julian Assange, has made it clear that he hoped to harm Hillary Clinton’s chances of winning the presidency. It is unclear how the documents made their way to the group. But a large sampling was published before the WikiLeaks release by several news organizations and someone who called himself “Guccifer 2.0,” who investigators now believe was an agent of the G.R.U., Russia’s military intelligence service

The claim seems less stupid when you consider these two cryptic comments from two equally high level sourced piece from WaPo. In a story on FBI’s certainty Russia did the hack(s), Ellen Nakashima describes that the FBI is less certain that Russia passed the files to Wikileaks.

What is at issue now is whether Russian officials directed the leak of DNC material to the anti-secrecy group WikiLeaks — a possibility that burst to the fore on the eve of the Democratic National Convention with the release of 20,000 DNC emails, many of them deeply embarrassing for party leaders.

The intelligence community, the officials said, has not reached a conclusion about who passed the emails to WikiLeaks.

“We have not drawn any evidentiary connection to any Russian intelligence service and WikiLeaks — none,” said one U.S. official. Doing so will be a challenge, in part because the material may not have been passed electronically. [my emphasis]

The claim appears this way in a more recent report.

The bureau is trying to determine whether the emails obtained by the Russians are the same ones that appeared on the website of the anti-secrecy group WikiLeaks on Friday, setting off a firestorm that roiled the party in the lead-up to the convention.

The FBI is also examining whether APT 28 or an affiliated group passed those emails to WikiLeaks, law enforcement sources said.

Now, the doubts about whether the files were passed electronically is thoroughly fascinating. I assume the NSA has Assange — and potentially even the Wikileaks drop — wired up about 100 different ways, so the questions about whether the files were passed electronically may indicate that they didn’t see them get passed in such a fashion.

Add in the question of whether they’re even the same emails! We know the DCCC hack is targeting donor information. The Wikileaks release included far more than that. Which raises the possibility GRU is only after donor information (which is part of, but just one part of, what Guccifer has released).

But then there’s this detail. On June 17, Wikileaks released an insurance file — a file that will be automatically decrypted if Wikileaks is somehow impeded from releasing the rest of the files. It has been assumed that the contents of that file are just the emails that were already released, but that is almost certainly not the case. After all, Wikileaks has already released further documents (some thoroughly uninteresting voice mails that nevertheless further impinge on the privacy of DNC staffers). They have promised still more, files they claim will be more damaging. Indeed, Wikileaks claims there’s enough in what they have to indict Hillary, though such claims should always be taken with a grain of salt. Correction: That appears to have been a misunderstanding about what Assange said about the previously released State emails.

But here’s the other question.

There’s no public discussion of Ecuador booting Assange from their Embassy closet (though I’m sure they’re pretty tired of hosting him). His position — and even that of Wikileaks generally — seems pretty stable.

So why does Assange believe they need an insurance file? I don’t even remember the last time they issued an insurance file (update: I think it was when they released an insurance file of Chelsea Manning’s documents). So is there someone else in the process that needs an insurance file? Is there someone else in the process that would use the threat of full publication of the files (which presumably is going to happen anyway) to ensure safety?

I’ll leave that question there.

That said, these data point confirms there are at least two players with different motivations: Wikileaks, and the Russian hackers. But the FBI isn’t even certain whether the files the Russians took are the same that Wikileaks released, which might suggest a third party.

Meanwhile, James Clapper (who thankfully is willing to poo poo claims that hacks that we ourselves do are unique) seems very interested in limiting the panic about this hack.

Update: Oh! I forgot this fifth data point. This absolutely delightful take-down of Debbie Wasserman Schultz includes this claim that Wikileaks has malware in its site, which I’ve asked around and doesn’t seem to be true.

Staff members were briefed in a Tuesday afternoon meeting in Washington that their personal data was part of the hack, as were Social Security numbers and other information for donors, according to people who attended. Don’t search WikiLeaks, they were told — malware is embedded throughout the site, and they’re looking for more data.

Who told the DNC Wikileaks is releasing malware, and why?

Update: here’s what the malware claim is about: When it posted the “AKP emails,”  WL either added or did not remove a bunch of malware included in those emails, and as a result, that malware is still posted at the site. That is, the malware is associated with a separate set of documents available at the site.

image_print
15 replies
  1. Phil Perspective says:

    Given the total freak out by the vaguely-left punditry on the web, there has to be more to this story. At least I hope so. Otherwise, why the complete freak out? Also, I find it hilarious that, supposedly, the DNC used passwords that weren’t exactly hard to unscramble. IIRC, the WikiLeaks Twitter account said that the DNC passwords weren’t even as complicated/hard to guess as Hillary4Eva and BernieSucks215. Makes you wonder what kind of incompetent IT people the Democrats hire.

    • P J Evans says:

      Ever consider that professional hackers (especially those with state backing) aren’t going to be stopped by most system security measures?

  2. bloopie2 says:

    Let’s make a bet. I say that, five years from now, when a hack/leak like this happens, you, emptywheel, if still blogging on security matters, will devote, at most, one (1) post as to the provenance of the hack/leak (not as to its substantive implications). Why only one? Because they will be so commonplace as to be just little blips on the radar. And why that? Because US cyber defenses, whether they be governmental or private, will be only tepidly enhanced from today’s levels, while the attacks will be significantly elevated in both audacity and ability. It’s the wave of the future, you know–the computer allowing you to work from home. (Maybe not, though–there’s that little matter of getting paid for your work. Who’s supporting Guccifer, for example? Can someone hack him to find out? Or, maybe they will just grab the occasional credit card or bank account to help make ends meet?) Anyway, I’ll lay down one “attagirl”. In?

  3. SpaceLifeForm says:

    Some dots:

    . Ip addys prove nothing. If you control enough
    high level routers via backdoors, you can make
    any network traffic appear to come from anywhere.
    I could appear to be from China, or even Russia,
    or it could really be coming from Langley.

    . Malware can come from anyware, it does not
    have to be on the website, it can be injected into
    your web traffic on the fly. It does not matter or not
    if the website uses https, that is easily defeated
    with MITM proxy. If they do not have the cert keys
    to do the MITM, that is just an NSL away.

    Connect those two dots. You can NOT trust.

  4. Evangelista says:

    Marcy,
    It’s good to see you up to snuff on your analytics again. I was beginning to worry politics might have been clouding your horizons.

    So far I haven’t seen any definitive assertions that the hacks were Russian, except in reporting. The news presenters are presenting “Russian hackers” as fact, but without indications of actual fact backing.

    I would caution to be careful in this regard, yourself, to not accidentally, or just going with the flow, adopt the reporter-inserted bias of incompetent Newsy reporting.
    Note that the FBI seems to be showing some competent-investigator caution in this regard, unlike in other recent political and hysteria correlate events. Although this exciting indication of improvement gives me hope, it is cautious hope (I still would not trust the agency to be able to find dogshit on a sidewalk, especially if the line-up of suspect dogs were all power-structure connected).

    You might note the similarity between the DNC Hack rush-to-judgment accusation and prove-the-presumption investigation since and theMalaysian Heavy 17 airliner destruction accusations and more-twisted-than-the-MH-17-airframe ‘investigation in that case, where the struggle to ‘prove’ the rushed accusation still continues.

    Ain’t nohow no grounds to concede credibility to the current power-structure sycophants controlled investigative establishment in any branches. We gotta demand the whole logic-chain, and full document of each and every link.

    Two other minor points: One, why would Putin give a damn who might be President of the U.S. in 2017? He has done magnificently well under Obama and the Neocons, who have tripped themselves up so consistently at every step, that there is no way anyone can say for sure if Putin is a great world leaderr, or if he has just had his plate in the right place every time those trying to dump his breakfast have flipped the pan. Look at Crimea, which he had to have, and they threw it to him, look at Russia’s need to demonstrate, especially to Eastern Europe, that it is not the old Soviet Union, and the Ukrainian situation (helping, but no invading) providing the demonstration, look at Putin’s need to sell Russias on sacrificing to achieve self-sufficience, instead of continuing trade of oil (gas) for Euro-goods dependence, and the West’s sanctions doing the sell for him, look at the need for a Russian show-of-force in face of NATO’s eastward pushing, and Russia’s need to stop the oil-price slide from reducing her world-currency trade revenues, and the West’s duplicity in its Syrian campaign giving Russia a place and a situation in which to mount a practical ‘wargame’ show-of-force, stopping ISIS stolen oil sales (through Israel, a player on the American duplicitous side) glutting of the oil markets, making Russia the hero of the Mid-East and showing real practical-use force, while also winning friends around the world by turning the US-West coalition of the duplicitous Middle-East war-effort on its head. Do you see the problem in evaluating Putin as a world leader? Is he Great? Or are his opponents just total fuck-ups? Could Hillary, carrying on for the neocon, do any worse? Especially with her country’s economy on the ropes and more Americans ready to fight at home than over-seas. And Europeans rapidly coming to the same viewpoint in their home theatres?

    Point two, re Wikileaks’ insurance: The likely explanation is the magnitude of the reaction-eruption, with the increase of likelihood of nationally organized attack against Wikileaks. Remember thew Wikileaks got caught with masses of ‘cable-gate’ data diverted, and so lost, which was ‘uninsured’. I think the insurance is just learned-lesson precaution.

    • bevin says:

      I agree.
      It really is weird that the improbable idea that Russia is deeply concerned about the outcome of the Democratic Convention- a nonsense obviously designed to divert attention from the substance of the DNC revelations- has gained any traction at all.
      Have journalists no shame? Is there no competition between media outlets?
      It is one of those ‘get over yourself, Beltway residents’ moments.
      The world finds it hard to tell the difference between Trump and Clinton; and the Clinton Democrats and Trump Republicans. I’m pretty certain most Americans do too.

      • Peterr says:

        It is not in the least bit weird for Russia to be deeply concerned about US electoral politics. This is what the foreign ministries of every government worry about, our own State Dept included. Consider, for instance, how the US, EU, and Russia were all deeply concerned about the Brexit vote in the UK. In every case, the foreign ministry is asking over and over again different versions of the same question: “Will the new leader be better or worse for us when it comes to X?”
        .
        Specifically with respect to Russia and these hacks, NPR had a good piece this afternoon from All Things Considered, in which they asked Russians about this. From the piece:

        Konstantin von Eggert, a commentator and host for the opposition-leaning news channel TV Rain, says Russia’s leadership has reasons for seeing a Trump presidency as a win-win situation.
        .
        Trump could either seek improved relations with Russia, he says, “or he’ll create such a mess in the White House and in Washington generally that America will be weakened by a permanent political crisis and will not have much time to deal with Russia or for that matter, any other issues.”

        Let the record show that the Beltway media often needs to get over itself. Let the record also show that I do not believe that this is one of those times. The world can easily distinguish between Trump and Clinton. Clinton they know, from years of experience. They may like her or dislike her, but they are clear about who she is. OTOH, they look at Trump, shake their heads, and then ask their US friends “WTF are you Americans even thinking about here?”

        • bevin says:

          “…The world can easily distinguish between Trump and Clinton. Clinton they know, from years of experience. They may like her or dislike her, but they are clear about who she is. OTOH, they look at Trump, shake their heads, and then ask their US friends “WTF are you Americans even thinking about here?”

          The point is that if the world knows Clinton from her record of warmongering and irresponsibility- her appalling behaviour over Libya has become her signature.

          As to Trump the world if it knows him, sees him as just another semi-educated clown. Few are surprised that he emerged victorious from the Primary process (without cheating either!) the world has been waiting for him since Mark Twain was a schoolboy. He is the epitome of The Confidence Man, the long anticipated apotheosis of the grifter beneath the mask of Puritanism. Entirely authentic: a Rotarian Messiah. The Realtor Writ Large.

        • Rugger9 says:

          If it wasn’t clear before, the last two weeks made it intuitively obvious to the most casual observer (except bevin) the difference between HRC Democrats and Trump supporters (mostly Republican but note how many GOP stars stayed away from Cleveland). The HRC-Ds included the Bernie camp in the convention and put almost all of their views into the platform, while the Trumpies ran off the opposition using strong-arm tactics and questionable vote management. The HRC-Ds extended olive branches to the Bernie camp and worked with Bernie on making the party unified with hope in making America great, the Trumpies engaged in a hate-fest of plagiarized speeches (funny how Junior stole OBAMA’s line, not the other way around) in order to frighten the world. The HRC-Ds included and honored the sacrifices made by Americans of all colors and faiths (notice how Faux cut away during Khan’s and the mothers’ speeches for ads) but the Trumpies demonized everyone they could except for the businessman whose model is built on deception and stiffing his contractors. According to bevin, there’s no difference at all. All of this was documented, unlike the insinuation by bevin that HRC stole her delegates. Put up or shut up, bevin, on that claim.
          *
          Why bevin is so clueless about Russian interest sort of baffles me, since it has been explained many times to bevin. In addition to what Peterr observed, there is also the matter of Russian financing of Trump projects first admitted then denied by Trump’s camp. However, when the videos of Donald a couple of years ago saying he knew Putin very well were played next to the one last week saying Trump didn’t know Putin at all, we know once again that Trump is a PROVEN LIAR. As I explained before as well, financial desperation is a classic lever to capture an asset by the KGB. This situation has been signaled by the Donald’s willingness to violate long-standing NATO treaty obligations with respect to the Baltics. Perhaps bevin can explain why a KGB mole POTUS is a good idea for America.

    • emptywheel says:

      One of the entire points of this post is to suggest the possibility of a third role here: if the FBI doesn’t know how WL got the emails, they don’t necessarily know that the theft of emails to leak to WL was Russia.
      .
      And while I have caveated “believed to be” the Russia claims, there are fairly good reason to believe they did hack. But if they didn’t hack and THEN share the emails, it becomes clear affecting the election wasn’t their plan. If they just spied to watch Hillary that would be fairly normal for a nation-state.
      .
      I also think it possible, as I’ve noted earlier, that even if Russia was targeting Hillary, it was as much a response to Ukraine as it was an interest in the election. Subtle difference but important one.

      • wayoutwest says:

        It’s interesting how you try to build your case against Putin/Trump and extend this fabricated diversion from the Clintonite’s crimes of actually manipulating an election. I suppose it might impress those who already are in the thrall of the Red Queen but repeating rumors even with disclaimers is still rumormongering especially after top US officials have publicly stated they have no evidence to back up these rumors/claims, only suspicions. I well understand that the truth and facts are viewed as foreign concepts by the Clintonites if they reflect badly on the Party , its leaders or minions and Putin offers a convenient foreigner to tie to this meme but its not working.

        I wasn’t certain about this not so subtle attempt at persuasion/manipulation until I noticed your most recent tweets about the photo ID laws which are hyped as ‘ racist election stealing’ even though there has never been any hard data produced that shows these laws have any measureable effect on voting, in fact they may have increased voting participation among minorities in reaction to a perceived threat. The one case I read about did nullify one draconian restriction these racists won’t be able to enforce, limiting these poor helpless people to using only six different types of photo ID.

        • John Casper says:

          You wrote, “It’s interesting how you try to build your case against Putin/Trump… .”
          .
          39.1 Where has ew, tried to, “build,” a, “case against Putin?”
          .
          Please quote it, and provide a link.
          .
          39.2 Where has ew, tried to, “build,” a, “case against,” Trump?
          .
          Please quote it and provide a link.
          .
          You wrote, “and extend this fabricated diversion from the Clintonite’s crimes of actually manipulating an election.
          .
          39.3 Do you have any evidence of DNC violations of criminal statutes?
          .
          Please quote it and provide a link.
          .
          39.4 Do you have any evidence that connects the, “Clintonites?”
          .
          Please quote the relevant parts and provide a link.
          .
          39.5 Who are the, “Clintonites?”
          .
          You wrote, “I suppose it might impress those who already are in the thrall of the Red Queen… ”
          .
          39.6 Who is the, “Red Queen?”
          .
          You wrote, “… but repeating rumors…”
          .
          39.7 What, “rumors,” are you claiming ew repeated?
          .
          You wrote, “…even with disclaimers….”
          .
          39.8 What, “disclaimers?”
          .
          You wrote, “…is still rumormongering….?
          .
          Until you state what, “rumors,” you mean, your accusation of “rumormongering,” is groundless.
          .
          You wrote, “…especially after top US officials have publicly stated they have no evidence to back up these rumors/claims, only suspicions.”
          .
          Note from a previous thread: 38.8 Are you, “…falling in line to accept the warped idea that exposing the truth is a threat and people need to be warned and fearful?”
          .
          I already asked this on an earlier thread. https://www.emptywheel.net/2016/07/27/what-are-the-dnc-hacks-rated-on-obamas-new-cyber-orange-alert-system/#comments
          .
          The quoted words are yours from that thread.
          .
          You wrote, “I well understand that the truth and facts are viewed as foreign concepts by the Clintonites if they reflect badly on the Party….”
          .
          Wrong. If Sec. Clinton was concerned about the, “Party,” she would have supported the nominee who polled better against Trump, Sen. Sanders.
          .
          You wrote, “…its leaders…”
          .
          Wrong, the Democratic Party is not just its leaders.
          .
          You wrote, “…or minions…”
          .
          39.9 Who are the, “minions?”
          .
          You wrote, “…and Putin offers a convenient foreigner to tie to this meme…”
          .
          Putin is a, “convenient foreigner?”
          .
          39.10 Is there any other reason he’s tied, “…to this meme…”
          .
          You wrote, “…but its not working.”
          .
          39.11 Do you know the difference between its and it’s?
          .
          39.12 Where’s your evidence it’s, “not working.”
          .
          Please provide a relevant quote with a link.
          .
          39.13 Why do you ignore one of the central themes in emptywheel’s work, both parties politicize intelligence?
          .
          You wrote, “I wasn’t certain….”
          .
          You should have stopped there.
          .
          You wrote, “…about this not so subtle attempt at persuasion/manipulation…”
          .
          Only took twelve words for you to insult your own intelligence. According to you, it wasn’t subtle, but you still weren’t “certain.”
          .
          39.14 What persuasion/manipulation?
          .
          Please quote all examples and link to their origin.
          .
          You wrote, “…until I noticed your most recent tweets about the photo ID laws…”
          .
          39.15 What tweets?
          .
          Please quote them.
          .
          39.15.1 When is the last time, “photo ID,” appeared in emptywheel’s timeline?
          .
          You wrote, “…which are hyped as ‘ racist election stealing’ even though there has never been any hard data produced that shows these laws have any measureable effect on voting,…”
          .
          39.15.1.1 Do you see the red squiggly line under your, “measureable?”
          .
          39.15.2 You’re opposed to photo ID laws?
          .
          Sounds like it.
          .
          39.15.3 If they don’t have any measurable effect, shouldn’t they be repealed?
          .
          39.15.4 What purpose do they serve?
          .
          You wrote, “in fact they may have increased voting participation among minorities in reaction to a perceived threat.”
          .
          That contradicts your previous sentence, which stated they don’t have any, “measurable effect.”
          .
          39.15.5 Which is it?
          .
          Please provide a quote to substantiate which ever contradictory claim you made you now think is correct. Please provide a link to that quote.
          .
          You wrote, “The one case I read about…”
          .
          39.15.5.1 You admit to only having read one article about one case requiring photo ID’s for voting?
          .
          You wrote, “did nullify one draconian restriction these racists won’t be able to enforce, limiting these poor helpless people to using only six different types of photo ID.”
          .
          39.15.6 Is that last 26-words a direct quote or a paraphrase?
          .
          39.15.7 Do you have a link to the one article you’ve claimed to have read about this?

  5. seedeevee says:

    “these data point confirms there are at least two players with different motivations: Wikileaks, and the Russian hackers”

    We’ve yet to see any proof (confirmation) of Russian hackers.

  6. Curious says:

    What had me wondering, now: is torrent tech secure enough so that I can trust that I am downloading the authentic torrent file, and not some thing that has been put in its place.

Comments are closed.