DC Leaks hackers previously released data from the Open Society
Foundations in June, a breach that was reported to the FBI, according
to spokeswoman Laura Silber. She said an investigation by a security
firm found the intrusion was limited to an intranet system used by
board members, staff and foundation partners.
Leaks also revealed emails from former NATO general Philip Breedlove
which showed he tried to provoke President Obama to start US
Russia. Breedlove claimed to CNN in July that the emails were stolen
as part of a state-sponsored intelligence operation.
Open Society Foundations provides funding to the International
Consortium for Investigative Journalists, which came under the
spotlight earlier this year after the release of the Panama Papers,
which included millions of records from law firm Mossack Fonseca
showing how the wealthy are using tax havens.
Panama Papers leak came under criticism from WikiLeaks, who claimed
the US government and Soros funded the project to attack Russia and
President Vladimir Putin. From Bloomberg. "Russian" of course!
before the Democratic convention was upended by 20,000 leaked emails
released through WikiLeaks, another little-known website began
posting the secrets of a top NATO general, billionaire George Soros’
philanthropy and a Chicago-based Clinton campaign volunteer.
experts now say that site, DCLeaks.com, with its spiffy capitol-dome
logo, shows the marks of the same Russian intelligence outfit that
targeted the Democratic political organizations.
emails and documents posted to the DCLeaks site in early June suggest
that the hackers may have a broader agenda than influencing the U.S.
presidential election, one that ranges from the Obama
administration’s policy toward Russia to disclosures about the
hidden levers of political power in Washington.
also means the hackers may have much left in their grab bag to
distribute at will. The subjects of the DCLeaks site include a former
ranking intelligence official who now works for a major defense
contractor and a retired Army officer whose wife serves on the USS
Nimitz, the nuclear-powered aircraft carrier. Some of the emails go
Society Foundations, the Soros group, reported the breach to the
Federal Bureau of Investigation in June, said spokeswoman Laura
Silber, who added that an investigation by a security firm found the
intrusion was limited to an intranet system used by board members,
staff and foundation partners.
biggest revelation on DCLeaks involves U.S. Gen. Philip Breedlove,
who retired in May and was formerly the top military commander of the
North Atlantic Treaty Organization. emails from Breedlove’s
personal account show him complaining that the Obama administration
wasn’t paying enough attention to European security. (“I do not
see this WH really ’engaged’,” he writes at one point, later
wondering “how to work this personally with the POTUS.”) The
Intercept subsequently wrote a story about the emails, picked up by
some cable news channels, inflaming tensions between the U.S. and its
told CNN in July that the emails were stolen as part of a
state-sponsored intelligence operation and didn’t respond to a
request for comment this week.
leaks highlight the effectiveness of some of the hackers’ tricks,
including the targeting of private e-mail accounts to gather
sensitive military and political intelligence. DCLeaks also offers
some insight for investigators on what appears to be the hackers’
early missteps and ad hoc approach.
cache of hacked Google emails from a Clinton volunteer, for example,
doesn’t add up to much: They purport to be from the account of
Sarah Hamilton, who works for a public relations firm in Chicago and
volunteers for Hillary for America, and show little but the harried
schedule of the campaign staff. Hamilton didn’t respond to a
request for comment.
a trove of “redacted” documents from the William J. Clinton
Library were declassified and have been publicly available on the
library’s website for several years, a spokeswoman for the library
really looks like the hackers tried a couple of things that just
weren’t really working before they hit on using WikiLeaks,” said
John Hultquist, the manager of cyberespionage intelligence at FireEye
Inc. “With this earlier stuff, it looks like they were
itself as the work of American hacktivists, DCLeaks.com was
registered in April, and many of the documents were posted in early
June. A DCLeaks administrator, who identified himself by e-mail as
Steve Wanders, didn’t respond to written questions, including why
much of the material focuses on Russia or Russian foreign-policy
site seems designed to cater to the U.S. media’s voracious
appetites for leaks. It has related Twitter and Facebook accounts
that push out nuggets from purloined documents and that suggest
angles journalists might pursue.
Russian government has dismissed the idea that it was involved in the
hack of the Democratic National Committee, and WikiLeaks founder
Julian Assange said there’s “no proof whatsoever” that Moscow
experts see links to a larger Russian information operation. That’s
in part, according to two people familiar with the probe, because the
e-mail addresses of Breedlove and Hamilton were among thousands
targeted in a several-month campaign that began last fall by a
Russian hacking group that cybersecurity firms have referred to by
monikers including Fancy Bear, APT28 and the Sofacy Group.
firms have linked that hacking group to the GRU, Russia’s military
intelligence service, whose Moscow headquarters is nicknamed the
Aquarium. Three private security groups have linked the DNC incursion
to that group and another Russian hacking group associated with the
FSB, the country’s civilian intelligence agency. U.S. intelligence
agencies have told officials they believe the DNC hack was
orchestrated by the Russian government.
hacker calling himself Guccifer 2.0 and purporting to be Romanian
initially took credit for the DNC hack. That claim was viewed
skeptically, in part because the hacker didn’t appear to speak
Romanian. Guccifer 2.0 provided the Smoking Gun with leaked emails
from Sarah Hamilton’s account, according to a story posted on that
site on June 28. FireEye believes Guccifer 2.0 is a cover identity
for APT28, Hultquist said.
the case of Soros’s Open Society, hackers stole a trove of
documents after accessing the foundation’s internal intranet, a
system called Karl, according to a person familiar with its internal
investigation. On August 3, the DCLeaks.com Twitter account tweeted
“Check George Soros’s OSF plans to counter Russian policy and
traditional values,” attaching a screenshot of a $500,000 budget
request for an Open Society program designed to counter Russian
influence among European democracies.
hackers may have had access the foundations’ network for nearly a
year, according to another person familiar with the investigation.
Although Open Society has about 800 full-time staff, as many as 7,000
people have access to Karl, which is used to circulate draft program
proposals, budgets and other internal documents.
provides a possible outline of the successful tactics used by the
suspected Russian hackers, like targeting personal e-mail accounts to
scoop up sensitive information.
hackers were apparently reading Breedlove’s personal emails that
went back to at least 2012, a period when he was among the
highest-ranking U.S. military officers and was commander of the U.S.
European Command and NATO Allied Command Operations.
Breedlove’s correspondents, according to DCLeaks.com, were former
Secretary of the Air Force James Roche, former presidential candidate
Wesley Clark and former Secretary of State Colin Powell. Efforts to
contact Clark and Powell weren’t immediately successful.
in an e-mail, said Breedlove is a thoughtful officer who has worked
hard for the betterment of the Air Force and his country. Of the
Russians, Roche added: “I hope they learned that there are many
dedicated officers who are thinking of the best ways to ensure that
our country’s leaders can’t be bullied by Mr. Putin and his