Presidential races

Site connected to Russian hackers posts Republican emails

A website tied to the hacking scandal of the Democratic Party has now posted a small batch of leaked emails from Republican campaigns and state GOP staffers.

The emails on the site, known as DCLeaks, appear to be from state party officials and campaign staff, including that of former presidential candidate Sen. Lindsey Graham (R-S.C.). The messages range from June to October of 2015. 

{mosads}The DNC hacker or hackers known as Guccifer 2.0 used DC Leaks to promote leaks from a Clinton staffer’s email to The Smoking Gun, though the hacker claimed not to have been involved with the theft of the messages.

Most of the messages coordinate campaign activities, solicit funds, or invite or RSVP to events. The archive is largely the procedural minutia of running campaigns or state parties. 

The emails include a wide array of constituent email addresses. Many appear to be responses to mass-emails from concerned party supporters writing in to their delegates. One reply to a Stop Hillary PAC fundraising email targeting Democrats lack of support for the Benghazi commission reads, “Don’t the Republicans have a majority in Congress? Isn’t John Boehner a Republican? What is the problem that you need my $36 to help you fight back.”

The archive appears to be incomplete, with replies to emails that don’t appear to be included on their own. That could mean the emails were deleted before being retrieved, or that the leaker or site decided to scrub certain items from the record. 

But that there was a leak at all runs counter to a Republican narrative that the DNC is particularly susceptible to data breaches (“What is it with Democrats that they can’t maintain basic email security?” Mike Huckabee asked on Facebook).  

Guccifer 2.0 is thought to be a front name for Russian intelligence, and the site has strong circumstantial ties to the Russian group believed to be behind the hack of the Democratic National Committee (DNC).

DCLeaks claims to be the work of patriotic American activists but is written in a way that suggests non-native English speakers. Much of the leaks are email archives from critics of Russia.

The site hosts a trove of leaked emails from Gen. Philip Breedlove, who was heavily in favor of fending off Russia during its Ukraine incursion, and George Soros, whose DC Leaks emails were promoted by the site on twitter as “Check George Soros’s [Open Society Foundation] plans to counter Russian policy and traditional values.” 

DC Leaks site was initially registered by THCServers, a company that has only been the initial registrar for 14 sites since 2013. Including DC Leaks, three of those sites have been connected to the Russian hackers believed to be behind the DNC hack, including a site identified by the German government.

The Russian hackers, nicknamed Fancy Bear, have a pattern of using domain registrars outside of United States that accept bitcoin and the Romanian THCServers fit the mold. It is registered to an email account from europe.com, which, like most of the emails connected to FancyBear, is a free web service based in Europe. 

A representative from ThreatConnect, the company that linked Fancy Bear to DCLeaks, noted that the obscure Romanian THCServer and Europe.com would be abnormal for an American hacktivist collective, and believes the sum-total is a strong circumstantial case. 

At publication time, the Republican National Convention was not yet able to authenticate the emails.