Did Russia Hack the RNC Too? Here’s What We Know So Far

Russian President Vladimir Putin arrives to attend a meeting of the Presidential Council for strategic development in the Kremlin, in Moscow, Russia, Nov. 25, 2016.

Sergei Ilnitsky / Pool Photo via Associated Press

AA Font size + Print

Russian President Vladimir Putin arrives to attend a meeting of the Presidential Council for strategic development in the Kremlin, in Moscow, Russia, Nov. 25, 2016.

Republican lawmakers and affiliated political organizations were targeted by the same Russian group that hit the DNC.

Update: On January 10th, FBI Director James Comey testified before the Senate Intelligence Committee that while the Russians had successfully targeted individual Republican lawmakers and Republican state organizations, they had launched a successful attack only against non-longer active RNC accounts

The argument that Russia hacked the Democratic National Committee to help Donald Trump become president — put forward in a Friday story in the New York Times — rests in part on the assertion that the Kremlin-backed FANCY BEAR group hit the DNC’s Republican counterpart as well. If Moscow stole emails from both groups but leaked only Democratic ones, the argument goes, it shows that the Kremlin was aiming to put Trump in the White House.

Is it true? No direct evidence has yet publicly emerged show that the Russian actors hit the RNC. But if the theory holds, that’s the point. 

A Washington Post story on Monday repeated the Times claim, reporting that a senior FBI counterintelligence official told congressional officials last week that Republican systems had been targeted. The Post reported that the FBI official also “acknowledg[ed] the apparent imbalance in damage done to Democrats, but refrain[ed] from assigning a pro-Trump motive to the Kremlin.”

The RNC has been pushing back against the assertions. Reince Priebus, its current chair and Trump’s pick for White House chief of staff, said over the weekend that the GOP organization had not been hacked.

On Monday, RNC spokesperson Sean Spicer denounced the allegation. “I know that we have worked with intelligence agencies right now that are saying that we have not been hacked,” he shouted at CNN’s Michael Smerconish. “Our own systems show that we have not been hacked.”

But in September, Rep. Michael McCaul, R-Texas, told CNN’s Wolf Blitzer, “It’s important to note, Wolf, that they have not only hacked into the DNC but also into the RNC….the Russians have basically hacked into both parties at the national level, and that gives us all concern about what their motivations are.” Several days later, McCaul said that he misspoke.

And the Kremlin-linked FANCY BEAR group is known to have stolen emails from other Republican individuals and groups. In June, emails stolen from several GOP Senate leaders, including John McCain, R-Ariz., and Lindsey Graham, R-S.C., were published them on a site called DCLeaks. The site also published emails belonging to Republican public action committees and consultants.

In August, cybersecurity company ThreatConnect linked DCLeaks to FANCY BEAR. In October, so did the Office of the National Director of Intelligence and the Department of Homeland Security in a statement.

ThreatConnect’s senior threat intelligence researcher, Kyle Ehmke, said, “We cannot speak to Priebus’ claims nor have we been contacted by the RNC or Airnet with respect to this issue, so we do not have any internal knowledge of the issue. However, the inclusion of dozens of Republican party-related emails on the FANCY BEAR faketivist site DCLeaks suggest that the Republican party was also targeted by FANCY BEAR operations. The emails that are in the Republican-related post on DCLeaks fall in the 6/9/2015 to 10/26/2015 timeframe and were posted on 6/4/2016 to DCLeaks.”

There is another “common thread” besides the timing, according to reporting by the website The Smoking Gun. In August, TSG reported that “the victimized [GOP] campaigns, state parties, PACs, and businesses all contracted with the same Tennessee web hosting outfit. The firm, Smartech, and its parent, AirNet Group, are major providers of data services, call centers, and web hosting for scores of Republican clients.”

TSG reported that the RNC had paid AirNet more than $10 million since 2008.

AirNet did not respond to multiple calls or emails from either the Smoking Gun or, more recently, from Defense One.

A representative from the RNC would say only that the committee had sought out a third-party vendor to help with cybersecurity. But CrowdStrike confirmed to Defense One it was not them. 

Airnet’s website features a prominent endorsement from the RNC on its homepage: “From site hosting and web engineering design, server colocation, bandwidth resources…to database engineering, Airnet has been an all encompassing, intelligent technology provider and knowledge resource for the RNC.”

Close [ x ] More from DefenseOne

Thank you for subscribing to newsletters from DefenseOne.com.
We think these reports might interest you:

  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

  • Military Readiness: Ensuring Readiness with Analytic Insight

    To determine military readiness, decision makers in defense organizations must develop an understanding of complex inter-relationships among readiness variables. For example, how will an anticipated change in a readiness input really impact readiness at the unit level and, equally important, how will it impact readiness outside of the unit? Learn how to form a more sophisticated and accurate understanding of readiness and make decisions in a timely and cost-effective manner.

  • Cyber Risk Report: Cybercrime Trends from 2016

    In our first half 2016 cyber trends report, SurfWatch Labs threat intelligence analysts noted one key theme – the interconnected nature of cybercrime – and the second half of the year saw organizations continuing to struggle with that reality. The number of potential cyber threats, the pool of already compromised information, and the ease of finding increasingly sophisticated cybercriminal tools continued to snowball throughout the year.

  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

  • Information Operations: Retaking the High Ground

    Today's threats are fluent in rapidly evolving areas of the Internet, especially social media. Learn how military organizations can secure an advantage in this developing arena.


When you download a report, your information may be shared with the underwriters of that document.