back to article Russian government hackers spent a year in our servers, admits DNC

The US Democratic National Committee (DNC) has confirmed that hackers thought to be part of Russian state intelligence have had access to their servers for nearly a year. They have read emails, chat logs, and opposition research documents. The attack was uncovered six weeks ago, after IT admins noticed something strange was …

  1. Destroy All Monsters Silver badge
    Windows

    A exercise run for new recruits

    An analysis of the servers showed that no financial, donor or personal information had been accessed or stolen by the two teams, the DNC said

    That would bejust the list of the pulsating-neon-ultra-hard-right members of Israeli "democracy", it can be had from Wikipedia too.

    Also shady people with real estate "interests", wall street types and other rifraf.

    1. BillG
      Joke

      Re: A exercise run for new recruits

      An analysis of the servers showed that no financial, donor or personal information had been accessed or stolen by the two teams, the DNC said

      Adding, "Hey, we're politicians, would we lie to you???"

      1. Anonymous Coward
        Anonymous Coward

        Did Iain Thomson Make Something Up?

        The quoted DNC paragraph about Trump at the end doesn't seem to fit the article and I can't find that quote anywhere else. Did Iain just completely make that up?

        On a related note does El Reg do any internal vetting for accuracy? I think making stuff up in he press is legally actionable in Great Britain.

        1. Anonymous Coward
          Anonymous Coward

          Re: Did Iain Thomson Make Something Up?

          "making stuff up in he press is legally actionable in Great Britain"

          Probably not, as that would put at least 90% of the UK press out of business.

          Libel is actionable, and the relevant laws in the UK are more favourable to the ligitant than they are in, say, the US - although this changed in England and Wales recently ( also, I think, in Scotland ), but not in Northern Ireland.

    2. Destroy All Monsters Silver badge
      Big Brother

      Re: A exercise run for new recruits

      Apparently at least 5 people are completely unaware about how "campaigns" actually work and who those "donors" are. AIPAC does not stand for "American Indians for Peace and Cooperation".

      Also note that pathological liar Hillary is the candidate of choice for the reboot of PNAC. Yeah, we will see more of "Victoria Nuland", "Color Revolutions", "Surges in faraway lands", "Putin is Hitler", "China containment", "Nuclear renewal" and "Responsibility to Protect" nation wrecking and induced ultrakill under that woman'spsycho's watch.

      Not ok with pathological liar description? Here is what she has to say about Orlando:

      “The attack in Orlando makes it even more clear, we cannot contain this threat. We must defeat it. And the good news is that the coalition effort in Syria and Iraq has made recent gains in the last months.

      “So we should keep the pressure on ramping up the air campaign, accelerating support for our friends fighting to take and hold ground and pushing our partners in the region to do even more.

      “We also need continued American leadership to help resolve the political conflicts that fuel ISIS recruitment efforts.

      “But as ISIS loses actual ground in Iraq and Syria, it will seek to stage more attacks and gain stronger footholds wherever it can, from Afghanistan, to Libya, to Europe.

      “The threat is metastasizing….”

      Nothing of the above fits any reality I am aware of.

      1. Anonymous Coward
        Anonymous Coward

        Re: A exercise run for new recruits

        "Nothing of the above fits any reality I am aware of."

        Ms Clinton' statements have never dealt in reality.

  2. zb

    Hillary's mail server

    I bet they hacked that as well.

    1. tom dial Silver badge

      Re: Hillary's mail server

      Until a denial is issued, we may assume for convenience that Clinton and the DNC hired their admins from the same applicant pool and got similar skill levels.

      Once a denial is issued, we can evaluate it for credibility.

      1. bombastic bob Silver badge
        Pirate

        Re: Hillary's mail server

        "Until a denial is issued, we may assume for convenience that" Mrs. "Clinton and the DNC hired their admins from the same applicant pool and got similar skill levels."

        Considering the politics of the DNC, and the EXPECTATION that their security team are ALSO of a similar political mindset, the average intelligence of their 'pool' might just be a room temperature I.Q. number (in Farenheit, not Celsius, I'm being kind that way). General snarky comment on average intelligence of average gummint employees notwithstanding.

        /me ducks for expected rotten veggies and thumb-downs from the 'howlers'

        Oh, and it looks like they were running WINDOWS servers! I'd have to wonder if a properly configured (and firewalled) BSD or Linux server would've been so easily cracked... unless they have a root password of 'dadada'. And allow ssh logins to root. Without 'fail2ban' or some other means to cut down on the crack attempts. Yeah.

      2. Anonymous Coward
        Anonymous Coward

        Re: Hillary's mail server

        "..hired their admins from the same applicant pool.."

        Well, Mr Pagliano's IT qualifications were that he worked on her 2008 campaign, which morphed into an "IT" job in the State Department. I'm sure he is an inspiration to all clowns everywhere, and a role model for DNC IT folks.

    2. Anonymous Coward
      Anonymous Coward

      Re: Hillary's mail server

      Since the FBI looked for several months and said they found no evidence of intrusion, if someone did break in it sounds like they did a better job than these heavy handed DNC hackers did.

      At any rate, it isn't as though US government run servers have a good security record either, witness the hack that got personal information for pretty much everyone with a security clearance from the OPM. Hackers are as likely to have broken in to the 'official' state department mail server as they are into Hillary's email server. If anything, the fact that few knew about her server (at the time) would have made it less of a target, even if it was less secure. Security through obscurity isn't recommended, but it sometimes works.

      1. Anonymous Coward
        Anonymous Coward

        Re: Hillary's mail server

        "Since the FBI looked for several months and said they found no evidence of intrusion, if someone did break in it sounds like they did a better job than these heavy handed DNC hackers did."

        What are you on about?

        Are you not aware the FBI has a confirmed hacker of the email server in custody?

    3. Ralph B

      Re: Hillary's mail server

      > I bet they hacked that as well.

      Well, it was hacked ... by the US State Department.

  3. Mark 85 Silver badge

    The Russians? I'm surprised the NORKS didn't get blamed. They seem to be the scapegoat for quite a few of the other break-ins. Ok.. add the Chinese since they supposedly got the personnel database.

    1. Anonymous Coward
      Anonymous Coward

      Well they gotta blame bad guys. When Israel is caught red handed hacking into the US, do you really think they're going to say that? Of course not, they'll blame someone else who the public has already been told to hate.

    2. bombastic bob Silver badge

      "I'm surprised the NORKS didn't get blamed." "add the Chinese since they supposedly got the personnel database."

      Maybe *THEY* learned to *NOT* leave footprints behind? Or the other possibility... we were *MEANT* to find those footprints!

  4. gerdesj Silver badge

    intelligence have had access to their servers for nearly a year

    Unfortunately the locals don't count.

  5. Ted's Toy

    A government intelligence service is an oxymoron

  6. Anonymous Coward
    Joke

    Do they seriously expect us to believe this commie cyber BS

    "hackers thought to be part of Russian state intelligence have had access to their servers for nearly a year .. two different hacking teams had had the run of the DNC's servers. Both of them were already well known and are thought to be state-sponsored groups."

  7. a_yank_lurker Silver badge

    Not Surprised

    Though it is below the radar it is not surprising major political parties would be hacked. What is disturbing is this hack has been going on for at least a year.

  8. frank ly

    "...two files had been stolen."

    Does that mean that the files weren't there anymore or that logs showed they'd been copied to a remote location? Maybe the "clumsy attempts" included not modifying the log files after exfiltration. It would be interesting to know the technical details.

    1. Voland's right hand Silver badge

      Re: "...two files had been stolen."

      My exact thought - two files for which there was an access log. That probably means 2000+ for which the access log entry has been successfully erased.

  9. ammabamma
    Facepalm

    Careful what you wish, you may regret it! Careful waht you wish, you just might get it!

    I don't think this was what the electorate had in mind when they said they wanted "more openness and transparency" from the government...

    1. Doctor Syntax Silver badge

      Re: Careful what you wish, you may regret it! Careful waht you wish, you just might get it!

      'I don't think this was what the electorate had in mind when they said they wanted "more openness and transparency" from the government'

      And when a government talks about openness and transparency it's the electorate's stuff that's to be open and transparent, not theirs (except to state-sponsored APTs, of course).

      1. Eddy Ito

        Re: Careful what you wish, you may regret it! Careful waht you wish, you just might get it!

        But it isn't open and transparent to the public, just the hackers. If the hackers would release the information then we, the electorate, would have a more open and transparent election and potentially government. Like the government types like to say when prattling to the hoi palloi, "if you've done nothing wrong then you've got nothing to hide."

        1. Mark 85 Silver badge

          Re: Careful what you wish, you may regret it! Careful waht you wish, you just might get it!

          If the hackers would release the information then we, the electorate, would have a more open and transparent election and potentially government.

          Timewise, it's probably too late for that. Maybe 6 months ago. Right now it looks like we have a choice between "bad" and "worse" though those terms are interchangeable on each of the two main candidates.

  10. ewenallison

    Blackmail bait

    Were the hackers looking for info they could use to pressure or even blackmail him? Did they get any? There's a scary thought. Just sayin'.

  11. Crisp

    Why not just keep running the server and fill it with misinformation?

    They could have had a lot of fun with that.

    1. Doctor Syntax Silver badge

      Re: Why not just keep running the server and fill it with misinformation?

      Shhh.

    2. Keith Glass
      Trollface

      Re: Why not just keep running the server and fill it with misinformation?

      They're a political party. . . .how would that be any different from normal operations ?

  12. Anonymous Coward
    Anonymous Coward

    OK, now there's a company I won't use for security..

    "Political organizations do not invest much in IT security, as they have few assets worth stealing, so this attack was likely carried out by low-level hackers within the attacking organization," said John Gunn, a veep at VASCO Data Security.

    "The DNC can't really have anything on Trump that isn't already somewhere on the internet, and it is hard to imagine that the hack would reveal anything more intriguing than what Trump is already saying almost daily."

    No, you utter limp wristed dimwit, they may not have anything on Trump, but you forget that use of that server means they inherit a trust relationship. They now own a server that is on US soil, of a known US political organisation.

    How easy do you think it will be to send email with malware that will be opened? Spam checkers see a legitimate US origin, and see links to a webserver in the US with a good reputation - it's the perfect stage to start a further stage of an APT attack or act as a proxy for all sorts of problems.

    I cannot believe that a muppet who alleges to be a security professional cannot see the side effects of owning resources that belong to a trusted facility (OK, "trusted" as in established, I wouldn't trust anyone or anything associated with politics so let's park that one). It's not about the resource itself as they can hire a VM anywhere, it's about the trust network this belongs to, THAT is the value they wanted.

    1. Anonymous Coward
      Anonymous Coward

      Re: OK, now there's a company I won't use for security..

      not to mention damage done by adding or altering content.

    2. ecofeco Silver badge

      Re: OK, now there's a company I won't use for security..

      Most IPSECS experts are snake oil con men.

      1. Anonymous Coward
        Anonymous Coward

        Re: OK, now there's a company I won't use for security..

        Most IPSECS experts are snake oil con men

        I can confirm that. And I'd include a large proportion of the now apparently defunct CLAS consultants in that. The number of times I had to pull utter idiots out of the fire before they got themselves burned to badly is staggering. The problem is that you can't leave them stuck for educational purposes in the hope they get removed from the roster for sheer incompetence because it victimises others.

        The simplest red flag for me is when someone calls themselves an expert. There are VERY few people who deserve that title, and giving it to yourself makes you too American for me to trust you with anything sensitive.

  13. Aodhhan

    Typical Democrats

    Democrat leadership as a whole believe they are above the fray, entitled and don't have to live by the same rules as everyone else. This attitude creates ignorance to rules, regulations and best practices to many things including information security.

    The leadership in the White House, with this attitude allowed intrusion after intrusion into their own systems. Post mortem analysis showed misconfiguration and failure to follow NIST and DISA guidelines which had been in place since 2007; such as certification and accreditation practices.

    Once again their attitude and ignorance bites them. Maybe they did get into financial records... maybe they didn't. Those in the Democrat Party with any power have been caught in so many lies or spin statements, there is no way you can believe them.

    I like how they say... they went after 'communication'. Which means, all email, text, messaging, etc. was breached. Heck, with this information they wouldn't have to go after database files. I'm sure much of this information was sent to the DMC via email. Not to mention all the information gathered from messaging and text.

    Perhaps they don't have much on Donald Trump, but what about emails and other damaging communications which come to light which could indicate the DNC is behind demonstrations which became violent, resulting in injury to people and damage to property.

    Democrat philosophy: You must be robots, you can't have your own thought on issues, you must believe ours. If you don't, then we do everything to destroy you. Also, we say we're the compassionate party, but really we aren't. <-- Lovely, considering the USA was built on the notion, that people should be able to think freely, encourage debate, and critical thinking.

    John Gunn is an idiot who makes his company look bad. You can't make a statement like this unless you've been hired by all political establishments in a capacity which allows you to have enough knowledge to make this statement. Don't just 'guess'.

    Realistically, any political establishment with a brains wouldn't host their own servers (like the DNC did), they would use a 3rd party hosting service which typically brings the costs down and increases security. Apparently, the DNC wanted to host their own systems... why do you think this is?

    Go ahead, give me a thumbs down because you just read the title instead of the whole comment.

    1. Anonymous Coward
      Anonymous Coward

      Re: Typical Democrats

      An alternative conclusion might be that if the more competent of the two teams has bothered hacking into the DNC system then maybe thats because they've already penetrated all of the more valuable systems that they can.

    2. Anonymous Coward
      Anonymous Coward

      Re: Typical Democrats

      I heard recently that Clinton super PACs have been paying homeless people and undocumented immigrants to protest and incite violence at Trump rallies. It's also interesting that Clinton's campaign denounces the violence by blaming the Sanders campaign, while the Sanders campaign has always preached non-violence and chooses to blame the individual perpetrators. There has been no evidence linking the violent protesters to any of the current presidential campaigns, so for all we know they are simply concerned citizens with uncontrollable tempers.

      It's also been suggested that Trump would be a great ally to Putin, given their shared disdain for progressive activists. Going with that line of thinking, I suppose Putin would be pretty upset to learn that Clinton is trying to sabotage Trump.

  14. Anonymous Coward
    Anonymous Coward

    Putin endorsed Trump!

    Having all that background on Trump is probably why Putin endorsed him so resoundingly in December. He called Trump "bright and talented" but he knows the Donald is a lightweight!

    1. Anonymous Coward
      Anonymous Coward

      Re: Putin endorsed Trump!

      "He called Trump "bright and talented.."

      I believe he meant for a presidential candidate.

      The bar is pretty low.

  15. ecofeco Silver badge

    I've said it over and over

    The PTB DO NOT understand the Internet.

  16. This post has been deleted by its author

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021