This weekend, Politico broke shocking news: someone identified only as “Robert” had provided news organizations with documents that were allegedly stolen from President Donald Trump's campaign.
The New York Times and Washington Post later learned they had been contacted by the same person and received the stolen documents. The leak bears the hallmarks of a hack-and-leak operation, in which malicious hackers steal classified information and then strategically release it to harm their targets. The FBI has said it is investigating the hack. Trump himself has blamed the Iranian government for the leak. Trump's longtime aide Roger Stone has said his email account was compromised, and an anonymous person who spoke to The Washington Post said the operation likely began from there.
If this all sounds familiar, it's because near-identical hack-and-leak operations ahead of the US election have happened before, and are sure to happen again. It's worth looking back at past hack-and-leak operations to see what we learned then, and how those lessons apply now.
In the summer of 2016, a Romanian hacker who called himself Guccifer 2.0 and described himself as a “hacker, manager and philosopher” [and] He claimed that a “female mistress” was behind the hack of the Democratic National Committee. This was surprising, as the cybersecurity company CrowdStrike had accused Russian intelligence of being behind the hack. Ironically, Roger Stone publicly revealed that he had been in contact with Guccifer 2.0 at the time, and used the hacker's claims to attack the Democratic Party.
But as it turns out, once I started asking Guccifer 2.0 pointed questions in 2016, their masks quickly began to peel away. Two years later, the FBI confirmed that Guccifer 2.0 was indeed not a lone Romanian hacker, but someone controlled by two agents working for Russia's military intelligence agency, the Central Intelligence Agency (GRU). While I congratulate myself, I also want to be clear that in some ways it was easy to focus on Guccifer 2.0 and their identities and motivations, and the documents they leaked. That's because I was (and still am) a cybersecurity reporter, not a political reporter.
At this time, and in this latest incident, it's unclear who “Robert” really is, but early indications point to a repeat of the Guccifer 2.0 situation.
The day before Politico reported on the Trump campaign hack, Microsoft revealed that a hacking group backed by the Iranian government “sent spear phishing emails to senior officials from a compromised email account of a former senior adviser to the presidential campaign in June.” Microsoft did not disclose which campaign or the name of the “former senior adviser” that was targeted, but sources later told The Washington Post and Politico that the FBI has been investigating the Trump campaign hack since June.
In a new report released Wednesday, Google's Threat Analysis Group, which investigates government-backed hackers and threats, agreed with much of Microsoft's assessment. Google said it had evidence that Iranian-backed hackers were behind attacks that targeted the personal email accounts of about a dozen people with ties to President Biden and former President Trump as early as May.
In summary, it appears that Iranian government hackers compromised Stone, used his email account to target and infiltrate the Trump campaign, stole several documents (at this point, all we know of are files related to the vetting process for Republican VP nominee J.D. Vance), and finally, contacted journalists using the persona Robert in the hopes that they would cover the leaked documents.
Contact Us Do you have more information about the Trump campaign hack or other politically motivated hacks? You can securely contact Lorenzo Franceschi-Bicchierai from a non-work device on Signal +1 917 257 1382, Telegram, Keybase @lorenzofb, or email. You can also contact TechCrunch via SecureDrop.
What is different from what happened in 2016 is how the media is covering this entire incident.
Countless media outlets picked up the Guccifer 2.0 documents at the time, and later documents stolen from Hillary Clinton's then-campaign chairman John Podesta, and published stories that essentially amplified the allegations of corruption and wrongdoing that the Russian government wanted the American public to focus on. Kathleen Hall Jamieson, a professor at the University of Pennsylvania who wrote a book about the 2016 hacking campaign, told The Associated Press this week that media outlets misrepresented some of the leaked materials in 2016, causing more damage to Clinton than they should have.
Early coverage of the Trump campaign hack-and-leak operation has focused on the operation itself and not so much on the content of the leaks that disinformation experts are praising.
“Politics and [its journalist] “Alex Eisenstadt deserves a lot of credit for turning this into a story about an (apparently poorly done) foreign disinformation effort rather than reporting it as just that: a leak of election documents from the Trump campaign,” said Thomas Rid, a professor at Johns Hopkins University who has closely tracked Russian hacking and disinformation campaigns in 2016.
Importantly, all of this could change, perhaps if or when “Robert” decides to leak information that the media deems more newsworthy. Also, as my former colleague Joseph Cox wrote a few years ago, we should remember that there have been plenty of cases where hackers have leaked information that was in the public interest; the data from those hacks and leaks was worthy of being covered and reported. That could be the case here, too.
In any case, it is important for journalists to provide the full context behind a hack-and-leak operation, regardless of whether it was carried out by hackers working for a government trying to disrupt the election or a particular presidential candidate, or by well-intentioned hacktivists.
When Politico asked the hacker how he obtained the documents, Roberts reportedly responded: “I don't think you should care where I got them from. Any answer to this question puts me at risk and legally limits my ability to release the documents.”
Perhaps Robert himself knows that journalists have learned a lesson this time.