New Report Says Russian Hacking Came From Russia

Fight disinformation. Get a daily recap of the facts that matter. Sign up for the free Mother Jones newsletter.


Today the FBI and the Department of Homeland Security released a joint report directly accusing the Russians of hacking into the servers of “a U.S. political party,” including a spearphishing campaign “launched as recently as November 2016, just days after the U.S. election.” I’m not quite sure why they’re being so precious about naming the DNC, which has gotten several miles of press coverage, but the ways of intelligence organizations are mysterious:

This document provides technical details regarding the tools and infrastructure used by the Russian civilian and military intelligence Services (RIS) to compromise and exploit networks and endpoints associated with the U.S. election….This activity by RIS is part of an ongoing campaign of cyber-enabled operations directed at the U.S. government and its citizens.

The report doesn’t actually say an awful lot about how they know this hacking comes from Russia, but it does include one bit of signature code to watch out for. We also learn about lots of funky code names for Russian hacking operations:

APT28, APT29, Agent.btz, BlackEnergy V3, BlackEnergy2 APT, CakeDuke, Carberp, CHOPSTICK, CloudDuke, CORESHELL, CosmicDuke, COZYBEAR, COZYCAR, COZYDUKE, CrouchingYeti, DIONIS, Dragonfly, Energetic Bear, EVILTOSS, Fancy Bear, GeminiDuke, GREY CLOUD, HammerDuke, HAMMERTOSS, Havex, MiniDionis, MiniDuke, OLDBAIT, OnionDuke, Operation Pawn Storm, PinchDuke, Powershell backdoor, Quedagh, Sandworm, SEADADDY, Seaduke, SEDKIT, SEDNIT, Skipper, Sofacy, SOURFACE, SYNful Knock, Tiny Baron, Tsar Team, twain_64.dll, VmUpgradeHelper.exe, Waterbug, X-Agent

So what are we going to do about this? Here’s the New York Times:

The Obama administration struck back at Russia on Thursday for its efforts to influence the 2016 election, ejecting 35 Russian intelligence operatives from the United States and imposing sanctions on Russia’s two leading intelligence services.

The administration also sanctioned four top officers of one of those services, the military intelligence unit known as the G.R.U., which the White House believes ordered the attacks on the Democratic National Committee and other political organizations….In addition, the State Department announced the closing of two “recreational facilities” — one in New York, another in Maryland — that it said were used for Russian intelligence activities, although officials would not say whether they were specifically used in the election-related hacks.

This brings back memories, doesn’t it? It’s just like the Cold War, and Russia will no doubt expel 35 Americans in a few days. However, this also puts Donald Trump on the spot. Will he reverse the sanctions on GRU when he takes office? It’s one thing to do nothing and hope everyone forgets about it, but it’s quite another to actively reverse sanctions that are based on the conclusions of our own intelligence agencies. What are you gonna do, Donald?

HERE ARE THE FACTS:

Our fall fundraising drive is off to a rough start, and we very much need to raise $250,000 in the next couple of weeks. If you value the journalism you get from Mother Jones, please help us do it with a donation today.

As we wrote over the summer, traffic has been down at Mother Jones and a lot of sites with many people thinking news is less important now that Donald Trump is no longer president. But if you're reading this, you're not one of those people, and we're hoping we can rally support from folks like you who really get why our reporting matters right now. And that's how it's always worked: For 45 years now, a relatively small group of readers (compared to everyone we reach) who pitch in from time to time has allowed Mother Jones to do the type of journalism the moment demands and keep it free for everyone else.

Please pitch in with a donation during our fall fundraising drive if you can. We can't afford to come up short, and there's still a long way to go by November 5.

payment methods

ONE MORE QUICK THING:

Our fall fundraising drive is off to a rough start, and we very much need to raise $250,000 in the next couple of weeks. If you value the journalism you get from Mother Jones, please help us do it with a donation today.

As we wrote over the summer, traffic has been down at Mother Jones and a lot of sites with many people thinking news is less important now that Donald Trump is no longer president. But if you're reading this, you're not one of those people, and we're hoping we can rally support from folks like you who really get why our reporting matters right now. And that's how it's always worked: For 45 years now, a relatively small group of readers (compared to everyone we reach) who pitch in from time to time has allowed Mother Jones to do the type of journalism the moment demands and keep it free for everyone else.

Please pitch in with a donation during our fall fundraising drive if you can. We can't afford to come up short, and there's still a long way to go by November 5.

payment methods

We Recommend

Latest

Sign up for our free newsletter

Subscribe to the Mother Jones Daily to have our top stories delivered directly to your inbox.

Get our award-winning magazine

Save big on a full year of investigations, ideas, and insights.

Subscribe

Support our journalism

Help Mother Jones' reporters dig deep with a tax-deductible donation.

Donate