Did Russia Hack the RNC Too? Here’s What We Know So Far

Russian President Vladimir Putin arrives to attend a meeting of the Presidential Council for strategic development in the Kremlin, in Moscow, Russia, Nov. 25, 2016.

Sergei Ilnitsky / Pool Photo via Associated Press

AA Font size + Print

Russian President Vladimir Putin arrives to attend a meeting of the Presidential Council for strategic development in the Kremlin, in Moscow, Russia, Nov. 25, 2016.

Republican lawmakers and affiliated political organizations were targeted by the same Russian group that hit the DNC.

Update: On January 10th, FBI Director James Comey testified before the Senate Intelligence Committee that while the Russians had successfully targeted individual Republican lawmakers and Republican state organizations, they had launched a successful attack only against non-longer active RNC accounts

The argument that Russia hacked the Democratic National Committee to help Donald Trump become president — put forward in a Friday story in the New York Times — rests in part on the assertion that the Kremlin-backed FANCY BEAR group hit the DNC’s Republican counterpart as well. If Moscow stole emails from both groups but leaked only Democratic ones, the argument goes, it shows that the Kremlin was aiming to put Trump in the White House.

Is it true? No direct evidence has yet publicly emerged show that the Russian actors hit the RNC. But if the theory holds, that’s the point. 

A Washington Post story on Monday repeated the Times claim, reporting that a senior FBI counterintelligence official told congressional officials last week that Republican systems had been targeted. The Post reported that the FBI official also “acknowledg[ed] the apparent imbalance in damage done to Democrats, but refrain[ed] from assigning a pro-Trump motive to the Kremlin.”

The RNC has been pushing back against the assertions. Reince Priebus, its current chair and Trump’s pick for White House chief of staff, said over the weekend that the GOP organization had not been hacked.

On Monday, RNC spokesperson Sean Spicer denounced the allegation. “I know that we have worked with intelligence agencies right now that are saying that we have not been hacked,” he shouted at CNN’s Michael Smerconish. “Our own systems show that we have not been hacked.”

But in September, Rep. Michael McCaul, R-Texas, told CNN’s Wolf Blitzer, “It’s important to note, Wolf, that they have not only hacked into the DNC but also into the RNC….the Russians have basically hacked into both parties at the national level, and that gives us all concern about what their motivations are.” Several days later, McCaul said that he misspoke.

And the Kremlin-linked FANCY BEAR group is known to have stolen emails from other Republican individuals and groups. In June, emails stolen from several GOP Senate leaders, including John McCain, R-Ariz., and Lindsey Graham, R-S.C., were published them on a site called DCLeaks. The site also published emails belonging to Republican public action committees and consultants.

In August, cybersecurity company ThreatConnect linked DCLeaks to FANCY BEAR. In October, so did the Office of the National Director of Intelligence and the Department of Homeland Security in a statement.

ThreatConnect’s senior threat intelligence researcher, Kyle Ehmke, said, “We cannot speak to Priebus’ claims nor have we been contacted by the RNC or Airnet with respect to this issue, so we do not have any internal knowledge of the issue. However, the inclusion of dozens of Republican party-related emails on the FANCY BEAR faketivist site DCLeaks suggest that the Republican party was also targeted by FANCY BEAR operations. The emails that are in the Republican-related post on DCLeaks fall in the 6/9/2015 to 10/26/2015 timeframe and were posted on 6/4/2016 to DCLeaks.”

There is another “common thread” besides the timing, according to reporting by the website The Smoking Gun. In August, TSG reported that “the victimized [GOP] campaigns, state parties, PACs, and businesses all contracted with the same Tennessee web hosting outfit. The firm, Smartech, and its parent, AirNet Group, are major providers of data services, call centers, and web hosting for scores of Republican clients.”

TSG reported that the RNC had paid AirNet more than $10 million since 2008.

AirNet did not respond to multiple calls or emails from either the Smoking Gun or, more recently, from Defense One.

A representative from the RNC would say only that the committee had sought out a third-party vendor to help with cybersecurity. But CrowdStrike confirmed to Defense One it was not them. 

Airnet’s website features a prominent endorsement from the RNC on its homepage: “From site hosting and web engineering design, server colocation, bandwidth resources…to database engineering, Airnet has been an all encompassing, intelligent technology provider and knowledge resource for the RNC.”

Close [ x ] More from DefenseOne

Thank you for subscribing to newsletters from DefenseOne.com.
We think these reports might interest you:

  • Ongoing Efforts in Veterans Health Care Modernization

    This report discusses the current state of veterans health care

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

  • Top 5 Findings: Security of Internet of Things To Be Mission-Critical

    As federal agencies increasingly leverage these capabilities, government security stakeholders now must manage and secure a growing number of devices, including those being used remotely at the “edge” of networks in a variety of locations. With such security concerns in mind, Government Business Council undertook an indepth research study of federal government leaders in January 2017. Here are five of the key takeaways below which, taken together, paint a portrait of a government that is increasingly cognizant and concerned for the future security of IoT.

  • Coordinating Incident Response on Posts, Camps and Stations

    Effective incident response on posts, camps, and stations is an increasingly complex challenge. An effective response calls for seamless conversations between multiple stakeholders on the base and beyond its borders with civilian law enforcement and emergency services personnel. This whitepaper discusses what a modern dispatch solution looks like -- one that brings together diverse channels and media, simplifies the dispatch environment and addresses technical integration challenges to ensure next generation safety and response on Department of Defense posts, camps and stations.

  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation


When you download a report, your information may be shared with the underwriters of that document.