Hackers working for the Russian government broke into the Democratic National Committee's computer network, according to The Washington Post, gaining access to emails and chat transcripts -- and opposition research on Republican presidential candidate Donald Trump.
Hackers had been hiding inside the network since last summer, but the committee finally realized something was up when the data trove on Trump was taken, the Post reported. It's not clear what was included in that research, but the data is likely to contain sensitive information the Democrats thought could be damaging to Trump. That information could in turn provide clues to the Democrats' game plan for defeating Trump in the presidential election this November.
The breach is the latest in a string of hacks into US government-related systems, including a breach of a White House computer network, a US State Department system, and a network at the Pentagon. The same hacking group that targeted the information on Trump also attempted to breach an unnamed government agency, according to research released Tuesday from cybersecurity company Palo Alto Networks. In that attack, the hackers tried to email malicious software from a compromised US Ministry of Foreign Affairs email account.
In the DNC's case, two different Russian hacking groups targeted its systems, according to CrowdStrike, the cybersecurity company called in by the Democrats to find the hackers and kick them out. The Democratic National Committee didn't respond to a request for comment.
These hackers were no slouches, and CrowdStrike Chief Technology Officer Dmitri Alperovitch wrote in a blog post Tuesday that they most likely work for different arms of the Russian government.
"[O]ur team considers them some of the best adversaries out of all the numerous nation-state, criminal and hacktivist/terrorist groups we encounter on a daily basis," Alperovitch wrote. "Their tradecraft is superb."
A Russian Embassy spokesman told the Post he had no knowledge of the intrusions.
The first group -- code-named Cozy Bear -- was in the computer network since last summer, and the second group -- code-named Fancy Bear -- entered the system in April, Alperovitch said. Cozy Bear went after DNC communications, and the Fancy Bear hackers went after research like the information on Trump, Alperovitch said in an interview.
The groups were working independently of each other, Alperovitch said. They each were skilled in hiding their presence. But once the DNC called in CrowdStrike, the gig was up, Alperovitch said. Like many cybersecurity companies, CrowdStrike is using tools that go beyond the traditional approach of looking for malicious code. They also examine the vast amount of behaviors that different users show across a network; that's how CrowdStrike researchers spotted the spies in the machines.
The DNC isn't alone in having hackers in its systems for months upon months before getting wise. The average time it takes to even notice hackers, let alone cut off their access to a network, was estimated by cybersecurity firm FireEye to be more than 146 days in 2014.
That number is improving -- the average was more than a year in 2012 -- but Paul Martini, CEO of cybersecurity firm iboss, said it's still too long. "All organizations need to do a better job in the postinfection phase by catching hackers in the process of stealing data," Martini said.