Update August 14th: Hacked DNC Documents Leaked: Hacker Promises More Damaging Ones on the Way

B

August 13th Update: This is the first leak of what might become a ‘leaky’ weekend. Information in other parts of the web hints that bigger things are on the way. Watch CNN’s interview with Assange on Sunday. Some of these leaks could be game changers, but, unforeseen obstacles may lead to delays. For the moment, I can only say that these leaks will be targeting Hillary Clinton, which should come as no surprise to anyone following this story. The current batch of leaks from Guccifer2 consist mainly of email details and even some passwords. Although most of the passwords have been changed, I found that some still work. This being the case, I could have taken over the accounts, assuming 2FA was not in play. Keep in mind that any email information can be used for phishing attacks. My guess is that these latest leaks will be harder to trace. By the way, Guccifer2’s Twitter account has been suspended. So much for freedom of speech. (On Sunday morning, August 14th, Guccifer2’s WordPress website was taken down. The reason given was that WordPress received complains. Hmm, I wonder who could have complained? WikiLeaks take note. The documents can still be found in places where people like to share things with each other, if you know what I mean.)

July 26th Update:

I wanted to wait for the dust to settle from the WikiLeaks release before I made this update. Yes, as I and others predicted, the fix was in against Bernie. I’m not a Bernie supporter, but he certainly has a case that the system was rigged against him. When he said that he would replace Wasserman-Schulz when he became president, she wrote, “This is a silly story. He isn’t going to be president.” And when he complained that he wasn’t being treated fairly by the DNC, she quipped, ” Spoken like someone who has never been a member of the Democratic Party and has no understanding of what we do.”

I am amused watching mainstream media trying to explain the hack. Yes, my guess is that a Russian or Russians are behind the attack. I suspected Guccifer2 was from Russia when I saw the timing of his releases. He has since disappeared with the WikiLeaks release. It’s unlikely any new revelations will come with further releases since the hack ended in May. Of course, nothing would stop them from hacking the DNC again.

Does Putin want Donald Trump to be president? Not really. I monitor Russian TV and the truth is that they would prefer Bernie. When CNN’s Fareed Zakaria asked Putin directly why he supported Trump, Putin jumped on him and told him he should stop exaggerating what he said. He then told the intimidated Zakaria to act like a professional journalist. It was like a raptor confronting a terrified iguana. Putin claimed he made one comment about Trump doing a good job and it was treated like an endorsement. On the other hand, he has no love for Clinton, who he had had experience with as Secretary of State.  He felt she was too pushy when it came to human rights violations.

I was more interested in the Wikileak’s release from a cybersecurity standpoint. I had written about how the DNC was hacked with a phishing email and a fake Google login page. The Gmail trick would allow the attacker to use the hacked Gmail account to exploit DNC contacts. I narrowed the possible attack vector to 3 main DNC employees who maintained both a Gmail and a DNC account or had a Gmail account with numerous DNC account contacts. Most interestingly, one of these 3 people was Wasserman-Schulz herself (Debbie Wasserman Schultz <hrtsleeve@gmail.com>). In other words, she may have put her own neck in the noose.

 

July 12th Update:

The latest Guccifer2 release focuses primarily on DNC plans to disrupt or otherwise undermine the Republican National Convention. The fear is that the convention may give Trump credibility in the mind of undecided voters. To undermine the convention, the DNC plans to use what can only be described as juvenile tactics. If you think I’m exaggerating, here is some of what they plan.

“Trumpocalypse Survival kit (tote bag)

Barf bag, Tylenol/Advil, Clothespin (to hold nose while voting for Trump), Alka Seltzer/Pepto Bismol (because you’re going to be sick to your stomach after voting for Trump)”

“Go Trump Yourself” Kit

  • Spray Tan
  • Hair Dye
  • Tiny foam fingers /hand clappers
  • Dog Whistle
  • Regular whistle w/ message like “come to think about it Trump isn’t subtle about his hate”

“Volunteers dressed as limo drivers at the airport holding signs with messaging about Trump to ‘greet’ RNC members.”

“Winner of contest (to send Cleveland residents out of the state during the convention) is given their ticket and featured on social media.”

I can’t help but wonder how the Democrats would respond to similar tactics at their convention. My guess is they would be called, juvenile.

Of course, there are other more conventional tactics such as “drop paper on how speakers that evening are as bad as Trump/Cruz”, and putting out a “full Page Ad in Cleveland Plain Dealer calling on GOP convention to stand up to Trump”. They also plan an intensive social media campaign that will apparently rely heavily on tweets from the convention floor. I question the use of Latinos and African Americans to give concerts or to serve as cooks at special luncheons as this seems like stereotyping, e.g. all African Americans and Latinos must be Hillary supporters. I also question the ploy to encourage fast food workers to stage a city-wide strike as this could backfire. (Workers could be fired or replaced leading to an increase in unemployment.)

And for all of you Bernie Sanders supporters, you should know that as far back as May, the DNC had planned a “morning press conference and breakfast for reporters: Unity theme with Bernie.” I wonder if anyone asked Bernie if he would participate or if it was just assumed he would fall in line and support Hillary. Say what you will, the DNC is a well-oiled machine. I wonder if the RNC has any similar plans. They’d better have.

Guccifer says he has fought off a couple of attacks on his WordPress site. That just comes with the territory. There are many government agencies and Hillary supporters who want him to stop releasing this information. Just keep in mind that the DNC has the money to hire some good hackers…off the record, of course.

 

June 30th  Update:

Guccifer2 reappeared today with a release of more hacked documents from the DNC. When I read these documents, the one overriding realization I come away with is on just how huge the Hillary-DNC machine must be. No stone is left unturned by their staff. One document (over 500 pages long) was written only to prepare President Obama for a debate with Mitt Romney. Other documents detail every possible attack angle the Republicans might use against Clinton and how she should defend herself. There are more lists of donors complete with amounts donated and addresses. There is also Hillary Clinton’s financial statement for May, 2016.

However interesting these documents may be in their own right, the most interesting information is from Guccifer2 himself (yes, he makes it clear he is male). He talks about how he purchased a zero-day exploit in the deep web for $1,500 to attack the DNC. He has no particular party affiliation but clearly dislikes Hillary. He claims he is more or less indifferent to Trump. Guccifer2 debunks claims made by many security investigators that he is associated with Russian-government-supported hacking teams. I will be writing more about the attack in my next post, Here’s How Russian Hackers Used Google to Spear Phish Clinton and the DNC.

Guccifer2 claims to come from Eastern Europe. If so, his English is far better than most hackers from this region and makes me think he may have, at least for a while, lived in the U.S. Could he be living there now? That’s not impossible. As he writes,

I can only tell you that I was born in Eastern Europe. I won’t answer where I am now. In fact, it’s better for me to change my location as often as possible. I have to hide. But generally, it’s not that important for where I live. I can work wherever there’s an Internet connection. So I feel free in any free country.

He seems to be enjoying his sudden fame (Nowadays the  whole world’s talking about me. It’s really cool!) and lists his heroes as Assange, Snowden, Manning, and Marcel Lazar, the original Guccifer. He claims, like them, that he is not interested in money and is hacking for ideals. His desire for more publicity may be his ultimate undoing. At some point he may just put out too much information and give himself away or, like the original Guccifer, may want to be caught for the increased attention he may receive.

—————–

June 23rd Update:

To read these new zipped documents, you will be asked for a password. The password is

 #GucCi2/0

 This extensive document release, from the purported DNC hacker, Guccifer2, reveals one key fact: the DNC is meticulously organized. Like most career bureaucrats, Hillary Clinton is good at forming departments, groups, sub-groups and committees to organize sub-groups. In other words, like most government agencies, she seems to be profoundly overstaffed. For this reason, she has amassed a library-sized collection of documents on every possible attack angle, both from an offensive and defensive perspective. Most of these documents contain detailed information on possible strategies. They are strategies for Clinton to use to deflect attacks or platforms from which to launch an attack.

Other documents can be found in this cache as well, like the one listing the contributors to the Clinton Foundation. Though the information can be found elsewhere on the internet, considering the current political debate, it probably helps having all of this information in one place. Here are a few entries that should be noted. Yes, for those having any doubts, there are Middle East donors among the regular donors.

clinton foundation donors 1

Middle East donors are also listed among the top donors.

Clinton foundation big donorsJPG

You may wonder who some of these donors are. UNITAID is an international organization formed to fight AIDS. AUSAID has the same goals but is based in Australia. The Saban Foundation and Haim Saban have been supporting the Clintons for years. According to the New York Times, Haim Saban and his wife “slept in the White House several times during President Clinton’s two terms.” The times went on to note that Clinton should be “grateful for Mr. Saban’s commitment to the Democratic Party, including his $7 million donation two years ago, the largest individual donation in its history.”

You may also question why Norway is so generous. The Norwegian government claimed it only wanted to give money for humanitarian assistance. This begs the question as to why they chose the Clinton Foundation over other organizations. Some have claimed that they wanted to buy influence, but influence for what? Some suggest that recent arms deals that Norway concluded with the US may have been based on this influence. Others say the recent announcement by President Obama that the US would help Norway develop nuclear power plants may be tied to this donation, but who really knows. Certainly, indirect influence buying is not an unusual gambit in the world of international politics.

The other documents that merit some attention are those that give the prices paid for speeches by both Bill and Hillary. For the year 2014 to May of 2015, Hillary Clinton received $13,645,000 for these speeches. Bill Clinton’s speaking income alone from 2001 to 2012 amounted to a whopping $105,882,691.

I’m sure the information given here could be useful for Republican strategists. I’m surprised the mainstream media hasn’t given it more attention.

————————-

 

(Update 2, June, 22nd:

This is the third in the series of leaks from Guccifer2, the purported hacker of the DNC and its files. This time, you will find a list of Hillary Clinton’s most vulnerable points and how she should defend herself against these attacks (59 pages). But I have a question. If this is a DNC document, why isn’t there a similar list for Bernie Sanders? Could it be that it was already presumed that Hillary would be the DNC candidate?

 One of the most interesting documents, developed in 2015, delineated democratic or potential democratic candidates’ positions on a variety of topics. Named the “Cheat Sheet”, it points out differences between potential candidates. Here’s an example:

 guccifer3

The highlights are not mine but are on the original document. It seems to show a change in focus as Sanders became a viable candidate. Seems like a document that could be useful to the Republicans.

 Another document is a copy of Hillary Clinton’s financial statement which can be seen elsewhere online. However, I recommend it to anyone who believes Clinton is strapped for cash. It soon becomes apparent you can’t shake her hand for less than $200,000.

 There are additional donor lists for those interested. So far, though, I don’t find any documents that are particularly incriminating.

(Update 1: The DNC hacker, Guccifer2, has released more documents taken from his hack. The documents give more details on donors, supporters, and detractors, as well as expose some of the DNC election strategies. In the final analysis, it proves false the claim that no personal information was leaked. There are numerous phone numbers, emails, personal addresses, as well as financial data. However, I found nothing that would change the political landscape. Here is a link to the data.)

A hacker, referring to himself as Guccifer2, has released documents from the recent hack of the Democratic National Committee (DNC) network. The documents seem valid as among them is the so-called opposition report on Donald Trump. Oddly, this report may be the least problem for the DNC as other documents will certainly cause more embarrassment.

The Trump report itself contains a long (200+ pages long), minutely detailed account of  all the weaknesses Donald Trump has that can be exploited. The key weakness to exploit is delineated in the opening paragraph of the report.

“One thing is clear about Donald Trump, there is only one person he has ever looked out for and that’s himself. Whether it’s American workers, the Republican Party, or his wives, Trump’s only fidelity has been to himself and with that he has shown that he has no problem lying to the American people. Trump will say anything and do anything to get what he wants without regard for those he harms.”

 In other words, the Democratic nominee, probably Hillary Clinton, should exploit Trump’s dishonesty and selfishness in his political, business, and personal life. Under numerous topics, Clinton can choose from numerous quotes and examples to, for example, liven-up a speech or add some spark to a dull debate. Here are a few examples of some of these potential fiery rejoinders. (It seems like all of them could end with an exclamation point.)

White Supremacists and neo-Nazis are thrilled about Trump’s call to ban all Muslims from entering the U.S. and see it as an energizing force for their movement.

 Trump doesn’t just oppose comprehensive immigration reform like his fellow GOPers, he vilifies immigrants for political gain and proposes outrageous solutions based on absurd and false information.

Trump doesn’t just oppose gun control like most of his GOP colleagues; he has actively pushed the idea that more guns are the answer to gun violence.

 Donald Trump seems to be on a mission to out-do his fellow GOP candidates when it comes to denying the scientific reality of climate change and has repeatedly called climate change a hoax.

 Trump’s derogatory and degrading comments to and about women, as well as his tumultuous marriages, have been well publicized.  And as a presidential candidate, Trump has adopted many of the backwards GOP policies that we’ve come to expect from his party.

 Well, you get the idea.

Though much of the information on Trump can be found elsewhere, some of the other documents released have information which could do far more harm to the DNC. The first person to be exposed by these documents may be Debbie Wasserman-Schultz. She initially brushed aside the attacks as if they were just a minor nuisance. She claimed that the attack was addressed “aggressively and swiftly.” Well, it’s hard to define the aggressive component of this statement, but even CrowdStrike, the firm hired to investigate the attack, found that the hacker(s) were on the network for over a year.  In addition, the DNC claimed that “no financial, donor or personal information appears to have been accessed or taken”. Well, that’s not exactly the case. The leaked documents contain lists of donors, the amounts they donated, and even their email addresses. For example, here are some donors you may recognize.

dnc hack

 

The metadata on some documents contain the name, Феликс Эдмундович, which translates as Felix Edmundovich. This is just speculation, but it is possible this refers to the name of the founder of the Russian secret police, Felix Edmundovich Dzerzhinsky. In any event, this could help confirm CrowdStrike’s accusations of Russian government involvement in the hack.

Guccifer2 finds it laughable that CrowdStrike found this hack sophisticated. “I’m very pleased the company appreciated my skills so highly))) But in fact, it was easy, very easy.” In fact, in naming himself after Guccifer, the hacker who is now serving time for hacking Hillary’s emails, he may be alluding to Guccifer’s social engineering, non-technical style of hacking. on Hillary’s email. This would imply that he compromised an endpoint on the DNC network through a spear phishing email. His English skills are certainly better than most foreign-based hackers which is important because it is usually a hacker’s poor English skills that give them away. Compromising an endpoint is the most common way to get into a network. (see my post “It Security’s Weakest Link”: The Endpoint Security Problem to learn more on how to protect a network from such attacks.)

Perhaps most embarrassing of all is that Hillary Clinton could have been hacked again through the DNC hack. Worse yet, we may have not seen the end of these leaked documents. As the hacker notes, “Do you think I’ve been in the DNC’s networks for almost a year and saved only 2 documents? Do you really believe it? Here are just a few docs from many thousands I extracted when hacking into DNC’s network.” The hacker initially put up these “few docs” on a private WordPress website but the site has been up and down since then. He also claimed to have given Wikileaks the majority of the documents, but Wikileaks has not put them up as of this writing. All total, he claims to have over 100GB of data. We will have to wait to see if any of this contains game changing information.

The other documents released today show the strategy that Clinton will use to win the election. In a nutshell, she will show her strong affiliation with the middle class and attack the GOP for supporting big business and the wealthy. Something that sounds as if it were extracted from the Bernie Sanders playbook. In fact, from what one can read in the comments on the hacker’s site, it’s the Bernie Sanders supporters who are most positive about the release of these documents. They are encouraging him to release any documents that show the primary elections were ‘fixed’ in some way. This seems to be a commonly held belief among many of his supporters. If it is true, as CrowdStrike noted, that the hacker would have had access to chats and emails, we may, indeed, learn of some surprising DNC strategies. But 100GB of documents? By the time we actually find such evidence, the election may have already been decided. We’ll just have to wait and see if Wikileaks gives us a searchable database as they did with the Hillary emails.

Stay tuned for updates.

 

 

About Steve Mierzejewski

Marketing consultant for InZero Systems, developer of the next generation in hardware-separated security, WorkPlay Technology. I've worked in Poland, Japan, Korea, China, and Afghanistan. I'm a writer, technical editor, and an educator. I also do some work as a test developer for Michigan State University.
This entry was posted in Uncategorized. Bookmark the permalink.

One Response to Update August 14th: Hacked DNC Documents Leaked: Hacker Promises More Damaging Ones on the Way

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s