The Apprentice. Greg Miller
Читать онлайн книгу.
on an assumption that seemed reasonable: that while whatever information the Russians had taken might be mined by Kremlin analysts, it wouldn’t be exposed publicly. Cozy Bear, after all, had attacked other nongovernmental organizations and defense contractors as well as foreign governments and political organizations. “This is a sophisticated foreign intelligence service with a lot of time, a lot of resources,” Henry concluded. “There’s no doubt this is a nation-state targeting a United States political system. What are candidates thinking about? What are they developing? What are their strategies? It’s classic espionage.” And classic espionage meant not revealing to the world what had been stolen, if for no other reason than it would jeopardize subsequent efforts.
Having taken measure of the breach, the experts began drafting a plan to kick the hackers out. Doing so would require rebuilding entire systems, resetting passwords, and picking a time to shut the network down. On an aggressive timeline, the operation could be carried out starting around May 20. But DNC leaders were reluctant to disrupt the network at a time when the party’s nomination had not yet been secured, so a date was set for the three-day Memorial Day weekend, when it would be easier to take the system offline without cutting into work time or raising suspicions. Yet while Clinton’s lead was commanding, Bernie Sanders was still in the race and drawing energetic crowds. The DNC leadership decided it was better to wait even longer and ensure that the contest was clinched. CrowdStrike held off, scheduling the work for mid-June.
During that stretch, the Russians amassed more emails that appeared to show DNC bias in favor of Clinton—not only old correspondence, but new messages written during the stretch when the DNC could have been in cleanup mode. And because the hacking was still being kept secret, nobody outside the inner circle had any sense that they should be more cautious than usual when sending emails and documents. On May 21, Mark Paustenbach, a committee communications official, wrote to a colleague, “Wondering if there’s a good Bernie narrative for a story, which is that Bernie never ever had his act together, that his campaign was a mess.” Other damaging emails had been written before CrowdStrike had even had enough time to conclude the attack was being carried out by Russians. For example, on May 5, a committee staffer emailed Paustenbach and Dacey suggesting a way to call voters’ attention to Sanders’s faith. “It might make no difference, but for KY and WVA can we get someone to ask his belief. Does he believe in a God,” wrote Brad Marshall, the DNC’s chief financial officer, who had lived and worked for years in Kentucky. “He had skated on saying he has a Jewish heritage. I think I read he is an atheist … My Southern Baptist peeps would draw a big difference between a Jew and an atheist.” This was way beyond the official DNC position, which was that the organization was there to help all Democratic candidates without favor toward any in particular. Marshall added in a second email that it came down to the “Jesus thing.” Dacey replied: “AMEN.” Dacey later insisted that she had meant her remark not as affirmation of the plan but to express understanding of the venting by her staff. Regardless of intention, it was a comment that would later add fuel to a fire.
On Monday, June 6, Clinton clinched the Democratic nomination, making history as the first woman in the United States ever to be selected to represent one of the two major parties in a presidential contest. Breathing easier that their secret had held for five weeks, the DNC leadership finally turned to the task of getting rid of the intruders. But as plans took shape for what the cyber team called “Remediation Weekend,” officials knew that word of Russian penetration of a major party was unlikely to hold. Sussmann, the lawyer, recommended preempting this possibility by contacting a reporter at The Washington Post.
ON WEDNESDAY, JUNE 8, ELLEN NAKASHIMA WALKED A FEW BLOCKS from The Washington Post’s building on 13th and K Streets to Sussmann’s office at Perkins Coie. In a sixth-floor conference room, she met Dacey for the first time. Henry was there, too, along with Sussmann. The three of them proceeded to tell her about the dramatic events of the preceding month. Dacey was no expert in cyberattacks, but she was intent on making sure that people knew what happened and understood the stakes.
On the evening of Friday, June 10, after the DNC staff had gone home, a crew of about ten committee technology workers, including Tamene, as well as a separate team of CrowdStrike investigators, arrived at committee headquarters for Remediation Weekend.
The crew worked Friday, Saturday, and Sunday, pausing for only brief stretches of sleep. The entire DNC network was shut down. To keep the mission secret, the committee had told employees the unusual arrangement was required for a system upgrade. The process was tedious and repetitive. The committee had collected hundreds of laptops from staffers—some of whom fretted that this meant their jobs were at risk because Clinton was taking over the party leadership. The remediation team piled the devices in stacks, side by side, on a large rectangular table in a first-floor conference room. Each laptop had to be reimaged, a manual process consisting of wiping the hard drives clean, reinstalling the operating system, and clicking through a series of tiresome fields to select the correct language, time zone, etc. Meanwhile, a parallel team backed up terabytes of committee data to a clean collection of servers. Every laptop, once reimaged, had to have its data restored.
By Sunday night, the project was finished, and Dacey, who came into the office to check on the work, breathed a sigh of relief. In appreciation of the magnitude of the operation, one of CrowdStrike’s founders, Dmitri Alperovitch, a Russian-born expert with degrees from Georgia Tech, showed up to take his exhausted team to dinner at a Brazilian steakhouse. Monday morning, the network was back online, the laptops, with new software running to detect any return of the Russians, redistributed.
DNC officials had shared their account with Nakashima on the condition that it not be published until the committee’s networks had been secured. She began composing a draft of the article and made plans with editors to put the story online on Monday, June 13. But on Sunday the twelfth, as the DNC team was completing its scrub, devastating news broke in Florida: Omar Mateen, a twenty-nine-year-old security guard, had opened fire in the packed Pulse nightclub in Orlando, killing forty-nine people and wounding fifty-three others—then the deadliest mass shooting by a single gunman in U.S. history.
The Post put the hacking story off for an extra day. At 11:30 A.M. on Tuesday it appeared atop the paper’s website, opening, “Russian government hackers penetrated the computer network of the Democratic National Committee and gained access to the entire database of opposition research on GOP presidential candidate Donald Trump.”[3] The article emphasized that the hackers had been expelled from the DNC’s systems over the preceding weekend and quoted a range of officials and experts casting the intrusion as a classic case of cyber espionage. Moscow, it was agreed, was far more likely to hoard the stolen material and mine it for insights that could provide critical leverage in global affairs. The prospect that Russia would wage an unprecedented campaign of information warfare—sowing doubt about the democratic process, damaging the candidacy of Hillary Clinton, and ultimately seeking to help elect Donald Trump—was beyond imagining at that moment. Kremlin spokesman Dmitry Peskov quickly denied any Russian involvement.
On June 15, within twenty-four hours of the Post’s story, the website The Smoking Gun posted a story saying it had been contacted by an “online vandal” using the name Guccifer 2.0. Elaborating on a blog site, he claimed to be flattered by accounts depicting the operation as “sophisticated,” insisting that “in fact, it was easy, very easy.” He insisted he was not Russian, but a Romanian who had chosen his moniker partly to honor his hacking predecessor Guccifer but also because he loved the Gucci brand. “I’m a hacker, manager, philosopher, woman lover,” he proclaimed. But in online correspondence with journalists, his persona seemed to crack. Posed questions in Romanian by the journalist Lorenzo Franceschi-Bicchierai, writing for the online tech publication Motherboard, Guccifer 2.0’s responses came back in fractured syntax that seemed to betray a reliance on Google Translate. In subsequent exchanges, his online personality seemed to shift, suggesting more than one hand was operating the Guccifer 2.0 persona.
To establish his credentials, he passed along a collection of pilfered DNC documents. The files included internal memos and a list of donors that catalogued six-figure contributions to the party from, among others, movie star Morgan Freeman, director Steven Spielberg, and Hollywood executive Jeffrey Katzenberg. Guccifer 2.0 referred those interested to the DCLeaks website