On Friday, just days before the Democratic Convention in Philadelphia, WikiLeaks released nearly 20,000 emails that, it says, come from the accounts of Democratic National Committee (DNC) officials.
The leaking machine said that the 19,252 emails and 8,034 attachments come from the top of the DNC. It’s “part one of our new Hillary Leaks series,” WikiLeaks says.
The “old” Hillary leaks would have been those emails that the hacker known as “Guccifer” – infamous and now-jailed hacker to the stars – stole when he allegedly breached Clinton’s email server in 2013.
WikiLeaks says that the leaks come from the accounts of seven key figures in the DNC and cover the period from January 2015 until 25 May 2016.
The Clinton campaign is blaming Russia for the leak, saying it released the DNC emails critical of Bernie Sanders as a means to helping Donald Trump win the election.
Clinton’s campaign manager, Robby Mook, told CNN’s State of the Union on Sunday that “experts are telling us that Russian state actors broke into the DNC, stole these emails, [and are] releasing these emails for the purpose of helping Donald Trump”.
I don’t think it’s coincidental that these emails were released on the eve of our convention here, and I think that’s disturbing.
There have, in fact, been reports about Russia penetrating the DNC: last month, the Washington Post reported that Russian cyberspies had stolen the committee’s opposition research on Donald Trump.
Russia makes for a convenient culprit, but the “Russia did it” theory’s been poked at and found wanting. Somebody going by the name “Guccifer 2.0” last month claimed credit for the DNC breach. He or she said they’re Romanian.
In short, tracking down the culprit for such breaches is extremely difficult. At any rate, the focus in US media hasn’t been on the source of the leak, but rather on the political ramifications – DNC chairwoman Debbie Wasserman Schultz resigned on Sunday and will step down following the convention.
Naked Security typically doesn’t link to breached content, whatever it’s about.
Regardless of your political leanings, this breach was a crime. It does serious harm to the privacy of innocent people. As it is, many of the exposed records contain personal and financial information of private citizens.
As Tech Crunch notes, WikiLeaks put the doxed materials in a searchable archive. All you have to do is type in “passport” or “contribution” to find hundreds of results.
That includes contributions made to the DNC, with contributors’ full names, email addresses, phone numbers, and addresses.
This is far from the first time that voter records have been exposed.
Last month, a database with 154 million US voter registration records was found to be leaking information on a dizzying array of intimate details, including gun ownership, Facebook profiles, address, age, position on gay marriage, ethnicity, email addresses and whether a voter is “pro-life.”
We’ve also seen…
- US voter registration records of 191 million voters exposed online in December
- Another US voter data exposure, of more than 56 million records. Some 19 million profiles exposed not only voter registration data but personal information such as Christian values, bible study, and gun ownership
- A massive breach of Mexico’s registration voter database: all 93.4 million of its voters
- A breach of the Philippines’ Commission on Elections (Comelec) affecting about 55 million people
- Exposure of the data on 50 million Turkish citizens
Expect more material to come out in the “Hillary Leaks” series, WikiLeaks promises: this is just part one. The organization didn’t say how many more episodes it’s planning.
It would be nice to think that the people running WikiLeaks might show a bit more compassion to the innocents swept up in this breach and might take care to shield their personal/financial details, but if history is our guide, that’s not likely.
Anne Flaherty
Since when do we Not call hackers actions Espionage!
Mahhn
when they expose criminals ;)
treFunny
all of this should be in the public space to start… every email, every call, every text.
Anonymous
So as “we” (this group of NS readers) are starting to figure you: email isn’t secure. Why do people assume? I started using encryption a year ago. There are some GPG programs that make it easy!
brianc6234
I don’t see this as much of a crime at all. The real criminal is Hillary Clinton and Obama made sure the FBI backed off and didn’t find her guilty. She should be sitting in prison since that’s what people normally get for giving away top secrets.
Wilderness
The Democrats are trying to focus on attributing the cause of the leak instead of focusing on their contents, which prove that the so-called Democratic party was playing favorites. How ironic!
Keith
One interesting thing to me is the tone of articles on this topic. Like this article, others have been saying how mean WikiLeaks is for releasing this information and TechCrunch even said it has a “partisan feel” as if WikiLeaks is Pro-Trump. I can’t remember another WikiLeaks release of information accompanied by articles discussing how it isn’t nice. WikiLeaks doesn’t care about you one way or another and the information was most likely released now because the DNC convention is happening at this time. If they had the same information on the Republicans they would have released it around the time of their convention.
Gavin
treFunny, I despise unnecessary government secrecy as much as the next Naked Security reader, but did you even make it to the end of the article? A major point that Lisa brought up was that the financial and personal details of individuals was caught up and exposed in this leak. Why would you call for that specific information to be exposed in public?
Tom
In the security classes I teach I say e-mail is not secure. We (NS readers) know it can be made secure with the proper encryption, but generally it is not secure. If you wouldn’t put it on a sign, don’t put it in an e-mail. Unfortunately, ignorance of technology and hubris makes people in positions of power act like idiots when it comes to the Internet.
We also know that many sites are lax when it comes to security, at least until they are breached. When I have to pay for something, I still use a check (cheque), if I doubt the recipients ability to implement security. I know for example that Jeff Besos understands technology and cannot afford a breach, but the DNC probably does not have a clue.
BTW in the US voter registration records are publicly available, and the records in some states even show up in Google searches. Unfortunately, there is enough information in a voter registration record to initiate a social engineering attack.
WatchmanDave
Blame it on the weakness of the IT Admins…then give them immunity…but really…man can’t hide in and from his own weakness…what man makes, man can break! Hows that “GODMODE” working for you ITADMINS…