In an intriguing follow-up to Tuesday’s report that Russian hackers gained access to Democratic National Committee servers, an anonymous blogger has claimed he alone was responsible for the breach and backed up the claim by publishing what purport to be authentic DNC documents taken during the online heist. In a blog post published Wednesday, someone with the handle Guccifer 2.0 published hundreds of pages of documents that the author claimed were taken during a lone-wolf hack of the DNC servers. One 231-page document purports to be opposition research into Donald Trump, the presumptive Republican nominee. Other files purport to be spreadsheets that included the names and dollar amounts of large DNC donors. Yet another document purportedly came from the computer of presumptive Democratic nominee Hillary Clinton while she was secretary of state. “Worldwide known cyber security company CrowdStrike announced that the Democratic National Committee (DNC) servers had been hacked by ‘sophisticated hacker groups,” Wednesday’s blog post stated. “I’m very pleased the company appreciated my skills so highly))) But in fact, it was easy, very easy.”
The documents are either authentic copies of the files they purport to be, or they’re elaborate hoaxes that required time and skill and were rushed out less than 24 hours after Tuesday’s report of the DNC hack. “They all seem reasonable,” Rob Graham, a researcher and CEO of security firm Errata Security, told Ars of the documents he has examined so far. “If they are fake, someone has done a lot of research. They would have to be a really smart hoaxer.”
If the documents are authentic, they would appear to contradict the claim by CrowdStrike, the security firm the DNC brought in to investigate suspicions its servers had been hacked, that the attackers didn’t access financial or donor information. They would also cast doubt on other aspects of the report. For instance, they would suggest that either CrowdStrike misattributed the breach to the wrong groups, or failed to detect that one or more additional actors had also gained high-level access and made off with a trove a confidential information.
“It’s certainly possible that CrowdStrike could have misattributed one or both of these attacks,” said Justin Harvey, chief security officer of Fidelis Cybersecurity, a firm that competes with CrowdStrike in investigating large-scale hacking operations. “Without forensic evidence, it’s really difficult to drive down to the truth of this attack.”