The FBI has launched an investigation into the hacking of the Democratic National Committee’s computers, even as more evidence surfaced of possible Russian involvement in the attack.
The data breach was first disclosed last month, when hackers published confidential DNC files, including opposition research on Republican presidential candidate Donald Trump.
Then on Friday, Wikileaks published over 19,000 emails that were stolen from the DNC, some of which now threaten to damage the campaign of Democratic presidential candidate Hillary Clinton.
The FBI confirmed on Monday that it was investigating the attack and said the perpetrators would be "held accountable." "A compromise of this nature is something we take very seriously," the agency said in a statement.
The FBI declined to elaborate, but the outcome of its probe could have huge implications. If Russia is found responsible, it would mean a foreign state had tried to influence the outcome of a U.S. presidential election, said Justin Harvey, chief security officer at Fidelis Cybersecurity.
“If a nation-state has crossed this line, and the FBI can show it was Russia, then it will be a watershed moment in cyber security,” he said.
Some security investigators had already blamed Russia for the attacks, and that charge has now been echoed by the DNC and by Clinton's campaign manager.
“I don’t think it was coincidental that these emails were released on the eve of our convention here,” campaign manager Robby Mook said in an interview with CNN on Sunday, referring to the start of the Democratic National Convention in Philadelphia.
Trump has espoused foreign policy views that could be favorable to Russia, giving it an incentive to undermine Clinton's candidacy, the thinking goes.
“You have Trump out there saying he may leave NATO,” Harvey noted. “Russia has tried for over half a century to dissolve NATO.”
Security firm Crowdstrike, which was hired by the DNC to investigate the hack, has blamed the intrusion on two hacking teams with ties to the Russian government. Other firms including Fidelis have agreed with that claim.
The cache of emails released by WikiLeaks on Friday adds to the belief that there was state-sponsored involvement.
In early May, the emails show, Yahoo alerted a DNC consultant that her email account was likely being targeted by “state-sponsored actors.” The consultant had been in contact with journalists in the Ukraine about Trump’s campaign manager, Paul Manafort, apparently trying to establish an alleged link between Manafort and Russia.
There’s still no “smoking gun” to prove Russia’s involvement, Harvey said. Fidelis reached its conclusion based on the malware that was used. The malicious code, including a reused IP address, was found in other attacks believed to have been carried out by the Russian hacking groups.
Not everyone agrees with those findings. A lone hacker known as Guccifer 2.0 has tried to take credit for the breach and denies having any ties to Russia. To prove his claims, he leaked some stolen DNC documents last month and said additional files were sent to WikiLeaks for publication.
But security experts are skeptical. Some believe Guccifer is part of a Russian-led misinformation campaign to divert blame from the country.
Even if it turns out that state-sponsored hackers were not responsible in this case, they'll have learned from the DNC breach, said Yonatan Striem-Amit, CTO at security firm Cybereason.
“Nation-state actors are looking at this right now and realizing that they have a very important tool for political influence,” he said.
Russian officials have flatly denied any involvement with the DNC breach.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.