The Democratic National Committee Friday filed a lawsuit against a broad slate of people and entities allegedly responsible for the 2016 hack of its email, phone calls, and more. But while the suit claims involvement from a host of headliners—Wikileaks, Julian Assange, Donald Trump, Jr., and Russia among them—its immediate importance lies in the previously unreported timeline it lays out.
While a rough outline of the DNC hack that rocked the 2016 election had previously been established, the 66-page lawsuit, first reported by The Washington Post gives exact dates for the first time. It also asserts coordination among a web of characters affiliated with the Trump campaign, Russia’s GRU intelligence service, and WikiLeaks.
“No one is above the law,” the suit begins. “In the run-up to the 2016 election, Russia mounted a brazen attack on American Democracy.”
The details of when and how that attack occurred, though, are more clear than ever—and may indicate that Russia’s plan to interfere in the US election predated its DNC intrusion.
According to the DNC lawsuit, Russian intelligence group Cozy Bear—the GRU-affiliated hacker group, also known as APT29—infiltrated the DNC network as far back as July 27, 2015, nearly a year before the leaks of the pilfered material began. The suit says that a second Russian group—Fancy Bear, the outfit that has recently tormented the International Olympic Committee as well—hacked the DNC’s systems on April 18, 2016. The DNC wouldn’t notice the presence of either until April 28, 2016, at which point it called in security firm CrowdStrike to help analyze and mitigate the damage.
The remedy was costly. The suit details the necessary fixes; the DNC had to “decommission more than 140 servers, remove and reinstall all software, including the operating systems, for more than 180 computers, and rebuild least 11 servers.” Between repairing and replacing equipment and hiring experts to manage the fallout, the bill came out to over a million dollars.
By then, of course, the worst damage had already been done. The DNC had been devastatingly compromised. The Russians had gained access not only to email systems but also to backup servers, VOIP calls, and chats. They were prepared to make off with “several gigabytes of data,” the suit says, a little over a week before the DNC even knew they were there.
The timeline from there has been a matter of public record. On June 14, the DNC first disclosed the hack. The following day, a persona going by Guccifer 2.0—only recently confirmed to be a Russian intelligence agent—claimed responsibility, leaking a 237-page opposition research report on Donald Trump in the process.
The leaks continued steadily from there, as the suit details. Guccifer 2.0 struck again on June 27, June 30, and July 6. On July 22, WikiLeaks took the wheel, releasing nearly 20,000 internal DNC emails. The following day, according to the suit, multiple DNC employees received an email that said: “I hope your children get raped and murdered. I hope your family knows nothing but suffering, torture, and death.”
The rest of the suit rehashes the connections that have played out in the press over the last several months, alleging Roger Stone, Paul Manafort, George Papadopoulos, and a host of Russians as ingredients in a collusive soup. But for close observers of Russia’s hacking efforts against the US in 2015 and beyond, it’s the timeline that provides the most valuable information.
That’s in part because of how it aligns with two incidents not mentioned in the suit. Many of the early leaks appeared on a site called DCLeaks, which went live in June 2016 but was registered on April 19, which the suit confirms was a day after Fancy Bear broke into the DNC. But the same group that registered DCLeaks had attempted but failed to register ElectionLeaks.com on April 12, nearly a week before the Fancy Bear hack.
The timeline strongly implies that Russia’s aim was to disrupt the election from the start, rather than a reconnaissance mission that rapidly escalated.
“They had already carried out the Podesta intrusion in March, and carried out a pretty large scale attempt to target the campaigns,” says John Hultquist, director of threat intelligence at security firm FireEye, referring to the emails of Hillary Clinton campaign chairman John Podesta, which were ultimately leaked a month before the 2016 election. That, combined with registering ElectionLeaks before the Fancy Bear break-in, “suggests they had this plan prior to even compromising the organization.”
It’s unclear how likely the DNC lawsuit is to succeed, especially in its efforts to hold Russia accountable in a US court. But its revelations shed light on one of the most impactful hacks of recent memory—and maybe the intentions of the country behind it.