DNC targeted by Russian hackers beyond 2018 midterms, it claims

The Democratic National Committee (DNC) has filed a civil complaint accusing Russia of trying to hack its computers as recently as November 2018.

In its court filing, the DNC argues that not only did the campaign and several Trump operatives collude with Russia to steal electronic information, but that Russia was still attempting to hack DNC systems in the run up to last year’s midterm elections.

The filing describes an alleged Russian cyberattack campaign that began in July 2015 and which stole information after a hack in April 2016, when the Russians allegedly placed proprietary malware known as X-Agent on the DNC network. It claims that they monitored the malware in real time and collected data including key logs and screenshots. Using malware called X-Tunnel, the hackers exfiltrated several gigabytes of DNC data over the following days to a computer located in Illinois leased by agents of Russia’s GRU military unit, it says.

Russian operatives then placed a version of X-Agent on a DNC server in June that year and hacked DNC virtual machines hosted on Amazon Web Services (AWS) in September to steal voter data, the filing also alleges.

The DNC filing also accuses Russia of an ongoing campaign against the Democrats following the election, dating back to Robert Mueller’s 2017 appointment as head of the special counsel investigation into possible ties between the Trump campaign and the Russian Federation. Russia used multiple fake social media accounts to discredit Mueller as corrupt, the filing alleges, citing reports prepared for the Senate Intelligence Committee.

The DNC accuses Russia of trying to hack the network of Democratic Senator Claire McCaskill, along with the networks of two other midterm candidates, in 2017. They allegedly spoofed notification emails from McCaskill to her staff, asking them to visit a page purporting to be the US Senate’s Active Directory Federation Services (ADFS) login page.

Spear-phishing attempts

In October 2018, the filing says that WikiLeaks released a list showing the location and operational details of AWS servers around the world.

A month later, it said that Russian operatives tried to hack DNC emails again:

In November 2018, dozens of DNC email addresses were targeted in a spear-phishing campaign, although there is no evidence that the attack was successful. The content of these emails and their timestamps were consistent with a spear-phishing campaign that leading cybersecurity experts have tied to Russian intelligence. Therefore, it is probable that Russian intelligence again attempted to unlawfully infiltrate DNC computers in November 2018.

The lawsuit lists several co-defendants including the Trump campaign, Wikileaks and the Russian Federation. Also included are Julian Assange, Donald Trump Jr., Jared Kushner, former campaign chair Paul Manafort, Republican lobbyists Roger Stone and Richard Gates, campaign operative George Papadopoulos, and several figures associated with the Russian Federation. The filing stops short of directly suing the President himself.

The lawsuit accuses Russia of a catalog of crimes under various state laws, including trespass and conversion. It also says that Russia violated the Computer Fraud and Abuse Act, the Stored Communications Act, and the Digital Millennium Copyright Act (DMCA) via its hacking operations. Along with Wikileaks and Assange, it also stole trade secrets under the Defend Trade Secrets Act, the filing adds.

The DNC is also suing Wikileaks, Assange, the Trump campaign and Trump’s associates for violating the Wiretap Act by snooping on the DNC’s electronic communications.

It accuses all defendants of violating the Uniform Trade Secrets Act, and the Racketeer Influenced and Corrupt Organizations Act (RICO), alleging cyber-espionage, theft of trade secrets, obstruction of justice, and witness tampering.

The DNC wants statutory and punitive damages, along with the financial gain that the defendants earned from their violations. Perhaps more important is its request for a declaration that the defendants hacked its computers and used the information to impact the 2016 election.

This filing is the latest in an ongoing case that court records show began in April 2018. This amended complaint adds the information about the latest alleged hacks. Jared Kushner, WikiLeaks and Roger Stone are among several defendants that have moved to dismiss the case. Russia has also argued that the court does not have jurisdiction over it due to the sovereign equality of states, and that attempting to assert it in this case violates international law.