Republican lawmakers and affiliated political organizations were targeted by the same Russian group that hit the DNC.
Update: On January 10th, FBI Director James Comey testified before the Senate Intelligence Committee that while the Russians had successfully targeted individual Republican lawmakers and Republican state organizations, they had launched a successful attack only against non-longer active RNC accounts.
The argument that Russia hacked the Democratic National Committee to help Donald Trump become president — put forward in a Friday story in the New York Times — rests in part on the assertion that the Kremlin-backed FANCY BEAR group hit the DNC’s Republican counterpart as well. If Moscow stole emails from both groups but leaked only Democratic ones, the argument goes, it shows that the Kremlin was aiming to put Trump in the White House.
Is it true? No direct evidence has yet publicly emerged show that the Russian actors hit the RNC. But if the theory holds, that’s the point.
A Washington Post story on Monday repeated the Times claim, reporting that a senior FBI counterintelligence official told congressional officials last week that Republican systems had been targeted. The Post reported that the FBI official also “acknowledg[ed] the apparent imbalance in damage done to Democrats, but refrain[ed] from assigning a pro-Trump motive to the Kremlin.”
The RNC has been pushing back against the assertions. Reince Priebus, its current chair and Trump’s pick for White House chief of staff, said over the weekend that the GOP organization had not been hacked.
On Monday, RNC spokesperson Sean Spicer denounced the allegation. “I know that we have worked with intelligence agencies right now that are saying that we have not been hacked,” he shouted at CNN's Michael Smerconish. “Our own systems show that we have not been hacked.”
But in September, Rep. Michael McCaul, R-Texas, told CNN’s Wolf Blitzer, “It’s important to note, Wolf, that they have not only hacked into the DNC but also into the RNC….the Russians have basically hacked into both parties at the national level, and that gives us all concern about what their motivations are.” Several days later, McCaul said that he misspoke.
And the Kremlin-linked FANCY BEAR group is known to have stolen emails from other Republican individuals and groups. In June, emails stolen from several GOP Senate leaders, including John McCain, R-Ariz., and Lindsey Graham, R-S.C., were published them on a site called DCLeaks. The site also published emails belonging to Republican public action committees and consultants.
In August, cybersecurity company ThreatConnect linked DCLeaks to FANCY BEAR. In October, so did the Office of the National Director of Intelligence and the Department of Homeland Security in a statement.
ThreatConnect’s senior threat intelligence researcher, Kyle Ehmke, said, “We cannot speak to Priebus’ claims nor have we been contacted by the RNC or Airnet with respect to this issue, so we do not have any internal knowledge of the issue. However, the inclusion of dozens of Republican party-related emails on the FANCY BEAR faketivist site DCLeaks suggest that the Republican party was also targeted by FANCY BEAR operations. The emails that are in the Republican-related post on DCLeaks fall in the 6/9/2015 to 10/26/2015 timeframe and were posted on 6/4/2016 to DCLeaks.”
There is another “common thread” besides the timing, according to reporting by the website The Smoking Gun. In August, TSG reported that “the victimized [GOP] campaigns, state parties, PACs, and businesses all contracted with the same Tennessee web hosting outfit. The firm, Smartech, and its parent, AirNet Group, are major providers of data services, call centers, and web hosting for scores of Republican clients.”
TSG reported that the RNC had paid AirNet more than $10 million since 2008.
AirNet did not respond to multiple calls or emails from either the Smoking Gun or, more recently, from Defense One.
A representative from the RNC would say only that the committee had sought out a third-party vendor to help with cybersecurity. But CrowdStrike confirmed to Defense One it was not them.
Airnet's website features a prominent endorsement from the RNC on its homepage: “From site hosting and web engineering design, server colocation, bandwidth resources…to database engineering, Airnet has been an all encompassing, intelligent technology provider and knowledge resource for the RNC.”