On Monday, the FBI announced that it is launching a probe into the hack of the Democratic National Committee’s emails on Monday. Wikileaks published nearly 20,000 DNC emails, which included political infighting, potentially portraying Bernie Sanders as an atheist to hurt him in the South and strong-arming the media. The main suspects in this hack are two organizations believed to be surrogates for the Russian government, codenamed FANCY BEAR and COZY BEAR by the cybersecurity firm, Crowdstrike. The company previously announced on a blog that it believes FANCY BEAR gained access in April, while COZY BEAR had access since the summer of 2015. Another cybersecurity company, FireEye, quickly identified a connection to the Kremlin. Both groups have work schedules that match the Moscow/St. Petersburg time zone, neither work on Russian holidays, and both have a level of sophistication not likely possible without government assistance.
COZY BEAR is also known for hacking the State Department, the White House and the Joint Chiefs of Staff, with their well-known signature spear-phishing technique. However, the day after Crowdstrike’s CTO made a blog post recording their findings, someone with the alias Guccifer 2.0 claimed sole responsibility for the hack, despite other cybersecurity firms backing Crowdstrike’s findings. Unfortunately for Guccifer 2.0 (a self-proclaimed Romanian), a twitter user discovered that his blog signature was in Cyrillic. He also made several simple mistakes in Romanian in a twitter interview with Motherboard, which now portrays Guccifer 2.0 as a cover for the Russian government. Disturbingly, Wikileaks appears to be comfortable with being used as a political weapon, as many of the documents released contain the credit card and social security numbers of Democratic donors. The Clinton campaign has accused the Russians of trying to help Donald Trump in the election, while Trump mocked the accusation over Twitter.