This weekend, Politico dropped a news bombshell: A person who only goes by “Robert” had shared with the news organization documents allegedly stolen from the Donald Trump presidential campaign.
Since then, we have learned that The New York Times and The Washington Post have also heard from the same person and received some stolen documents. The document dump has the hallmarks of a hack-and-leak operation, which typically involves malicious hackers stealing sensitive information and strategically leaking it with the goal of hurting the target of the hack. The FBI has said it is investigating the hack. Trump himself has accused the Iranian government of the breach. Longtime Trump confidante Roger Stone said his email account was compromised, which is likely where the whole operation began, according to anonymous people who spoke to The Washington Post.
If this all sounds familiar it’s because a near-identical hack-and-leak operation ahead of a U.S. election happened before and will inevitably happen again. It’s worth going back in time to a previous hack-and-leak operation to highlight what we learned then, and how those lessons apply now.
In the summer of 2016, a hacker who identified themselves by the moniker Guccifer 2.0 and described themselves as a Romanian “hacker, manager, philosopher [and] women lover,” claimed to be behind the hack of the Democratic National Committee. This came as a surprise because cybersecurity firm CrowdStrike had accused a Russian intelligence agency of being behind the hack. In what is now an ironic twist, Roger Stone at the time publicly revealed he was in touch with Guccifer 2.0 and piggybacked on the hacker’s claims to attack the Democrats.
But as it turned out, once I started asking Guccifer 2.0 some pointed questions back in 2016, their mask quickly started to fall off. Two years later, the FBI confirmed that Guccifer 2.0 was indeed no lone Romanian hacker, but a persona controlled by two agents working for Russia’s military intelligence unit, the Main Intelligence Directorate or GRU. While I pat myself on the back, I also want to be clear that, in a way, it was easy for me to focus on Guccifer 2.0 and their identity and motivations rather than the documents they were leaking, simply because I was (and still am) a cybersecurity reporter, not a political reporter.
At this point and in this recent case, it’s unclear who “Robert” really is. But early signs point to a repeat of the Guccifer 2.0 situation.
Just a day before Politico’s report on the Trump hack, Microsoft revealed that an Iranian government-backed hacking group “sent a spear phishing email in June to a high-ranking official on a presidential campaign from the compromised email account of a former senior advisor.” Microsoft did not say which campaign it was, nor did it name the “former senior advisor” who was targeted, but sources have since told The Washington Post and Politico that the FBI has been investigating the Trump campaign hack since June.
In a new report out Wednesday, Google’s Threat Analysis Group, which investigates government-backed hackers and threats, concurred with much of Microsoft’s assessment. Google said it has evidence that Iran-backed hackers were behind the targeting of personal email accounts of about a dozen individuals affiliated with President Biden and former President Trump as early as May.
To recap: It looks like Iranian government hackers may have compromised Stone, used his email account to then target and infiltrate the Trump campaign, stole some documents (for now we only know of files related to the vetting process of Republican vice presidential candidate J.D. Vance) and, finally, used a persona — Robert — to contact journalists, hoping they would cover the leaked documents.
Contact Us
Do you have more information about the Trump campaign hack? Or other politically motivated hacks? From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email. You also can contact TechCrunch via SecureDrop.
What is different from what happened in 2016 is how the media is covering this whole story.
At the time, countless media outlets took the Guccifer 2.0 documents — and later those stolen from Hillary Clinton’s then-campaign chairman John Podesta — and ran stories that essentially amplified the message that the Russian government wanted the American public to focus on, namely claims of corruption and malfeasance. Kathleen Hall Jamieson, a University of Pennsylvania professor who wrote a book about the 2016 hacking campaigns, told the Associated Press this week that in 2016 the media misrepresented some of the leaked material in a way that was more damaging to Clinton than it should have been.
This time, the early coverage of the Trump campaign hack-and-leak has focused on the hack-and-leak operation itself, and not so much on what was leaked, something that disinformation experts have praised.
“Politico and [its journalist] Alex Isenstadt deserve significant credit for turning this story into a story about a (poor, it appears) foreign disinformation attempt, instead of covering the leaked Trump campaign documents as such,” said Thomas Rid, a professor at Johns Hopkins and someone who closely followed the 2016 Russian hacking and disinformation campaign.
It’s important to note that this all might change, perhaps if or when “Robert” decides to leak something that the media considers more newsworthy. It’s also important to remember that, as my former colleague Joseph Cox wrote a few years ago, there have been many cases of hackers leaking information that was in the public interest. The data in those hacks and leaks deserved to be covered and reported on. That may still prove to be the case this time, too.
Regardless, it’s important that journalists give the whole context behind hack-and-leak operations, no matter if they are launched by hackers working for governments trying to undermine elections or certain presidential candidates, or hacktivists with good intentions.
When Politico asked the hacker about how they got the documents, Robert reportedly said: “I suggest you don’t be curious about where I got them from. Any answer to this question, will compromise me and also legally restricts you from publishing them.”
Perhaps Robert himself knows that, this time, journalists have learned the lessons.
