Data Loss Prevention (DLP) , Governance & Risk Management , Incident & Breach Response

Lone Hacker Claims to Have Breached DNC

Dumped Document on Donald Trump Allegedly Stolen from Organization
Lone Hacker Claims to Have Breached DNC
An alleged DNC background document dumped by Guccifer 2.0 (source: Gawker)

There's never any lack of lust for fame in the hacking world. Now one hacker, "Guccifer 2.0," has claimed sole responsibility for the breach of the Democratic National Committee's systems, posting a cache of documents on a public website.

See Also: The Alarming Data Security Vulnerabilities Within Many Enterprises

It's a weighty, but as of yet unverified, claim following the DNC's disclosure on June 14 that its networks were breached (see Report: Russia's 'Best' Hackers Access DNC's Trump Research).

The DNC took the fairly unheralded step of allowing the computer forensics firm Crowdstrike to release public details of the intrusions just days after the hackers were booted from the network. Forensic clues point to two known groups nicknamed Cozy Bear and Fancy Bear, both of which may be linked to the Russian government, Crowdstrike believes.

Guccifer 2.0 claims on a newly-created WordPress blog to have hacked the DNC alone, extracting thousands of documents and emails that are now being transferred to the secrets-spilling website Wikileaks.

The alleged hacker took a dig at Crowdstrike, contesting the company's competency: "I'm very pleased the company appreciated my skills so highly. But in fact, it was easy, very easy." Efforts to reach the hacker were unsuccessful.

Crowdstrike is keeping Guccifer 2.0's claims at arm's length, saying it is confident in its conclusion of the source of the attacks.

"Whether or not this posting is part of a Russian intelligence disinformation campaign, we are exploring the documents' authenticity and origin," it said. "Regardless, these claims do nothing to lessen our findings relating to the Russian government's involvement, portions of which we have documented for the public and the greater security community."

Guccifer Legacy

The original Guccifer is Marcel Lazar Lehel of Romania. He accessed the email accounts of close to 100 prominent people, including former Secretary of State Colin Powell and the sister of former President George W. Bush. Lehel pleaded guilty in late May in U.S. federal court to aggravated identity theft and unauthorized access to a computer.

In the blog post, Guccifer 2.0 mentioned his namesake: "Guccifer may have been the first one who penetrated Hillary Clinton's and other Democrats' mail servers. But he certainly wasn't the last. No wonder any other hacker could easily get access to the DNC's servers."

More than One Hack?

The published documents include a meaty, 237-page Word document marked confidential and titled the "Donald Trump Report." It's a comprehensive background briefing on the presumptive Republican presidential nominee. The date on the document is Dec. 19, 2015.

The hacker contested the DNC's assertion no financial data was compromised in its breach. Also released was an Excel file that purports to be a list of high dollar Democratic party donors. According to one screenshot, actor Morgan Freeman of Los Angeles donated $1 million, and film producer Jeffrey Katzenberg $3 million.

Officials with the DNC couldn't immediately be reached. Gawker reported that the DNC is aware that the documents are circulating.

If the documents are genuine, it would indicate perhaps more than even two groups had access to the DNC's systems. This is not unusual. Security audits often find many pieces of malware on vulnerable systems, and it is possible that many actors or groups saw exploitable holes.

The development also doesn't mean that Guccifer 2.0 is necessarily affiliated with either Cozy Bear or Fancy Bear. In fact, state-sponsored cyberespionage groups have no interest publishing their stolen data publicly, as it's intended for internal consumption.


About the Author

Jeremy Kirk

Jeremy Kirk

Executive Editor, Security and Technology, ISMG

Kirk was executive editor for security and technology for Information Security Media Group. Reporting from Sydney, Australia, he created "The Ransomware Files" podcast, which tells the harrowing stories of IT pros who have fought back against ransomware.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.co.uk, you agree to our use of cookies.