DOCUMENT: Investigation

RNC E-Mail Was, In Fact, Hacked By Russians

Despite party denials, evidence shows breach

View Document

GOP E-Mail

DECEMBER 13--Despite vehement denials from Republican Party officials, there is evidence that the GOP’s e-mail system was breached by the same Russian hackers responsible for ransacking the Democratic National Committee’s computers and the Gmail account of Hillary Clinton’s campaign chairman, The Smoking Gun has learned.

In interviews this weekend, Republican National Committee chairman Reince Priebus and party spokesperson Sean Spicer disputed reports in The Washington Post and The New York Times that U.S. intelligence officials have concluded that the Russian cyber attacks were intended to help elect Donald Trump president.

Citing "senior administration officials," the Times reported that officials believe Russian agents hacked the RNC’s computer systems, but “did not release whatever information they gleaned from the Republican networks.” The Post reported that “U.S. officials” said that the RNC’s “computer systems were also probed and possibly penetrated by hackers tied to Russian intelligence services, but that it remains unclear how much material--if any--was taken from the RNC.” The newspaper added that, “The lack of a corresponding Republican trove has contributed to the CIA assessment...`that Russia was seeking to elect Trump and not merely to disrupt last month’s presidential election.”

In a pair of Sunday talk show appearances, Priebus, who is set to become Trump’s White House chief of staff, stated flatly that the RNC was never hacked, nor was he aware of any party employees whose personal e-mail accounts were breached. During a CNN interview Saturday, Spicer said that the RNC was never hacked, and that, “The bottom line is the intelligence is wrong.” Spicer blasted the Times report, saying, “They are writing that the conclusion they came to was based in part on the fact the RNC was hacked. It wasn’t hacked. We have intelligence agencies that we worked with that are willing to sort this out.”

For his part, Trump dismissed as “ridiculous” reports that the Russian operation sought to aid his campaign, in part by only distributing material hacked from Democrats.

In fact, the president-elect is unsure about who hacked the DNC, John Podesta, and other Clinton campaign workers. Trump has surmised that the culprit could be Russia, China, or “somebody sitting in a bed someplace.” In a tweet yesterday, Trump even declared, “Unless you catch ‘hackers’ in the act, it is very hard to determine who was doing the hacking.”

But despite the Priebus and Spicer denials--and Trump’s shaky hacking analysis--the RNC appears to be among those victimized by a Russian hacking group affiliated with either the F.S.B. (successor to the K.G.B.) or the G.R.U., a military intelligence agency.

In August, TSG detailed how hackers successfully breached the Gmail accounts of Clinton campaign staffers and then distributed purloined correspondence via DC Leaks, a web site that appeared online in early-June. Material stolen in the hacks of the DNC and the Democratic Congressional Campaign Committee was peddled by “Guccifer 2.0,” a purported “hacktivist” who uploaded documents to his WordPress blog, sent material directly to numerous journalists, and took credit for providing Wikileaks with more than 40,000 DNC e-mails (and 17,000+ attachments).  

U.S. intelligence officials have identified DC Leaks and “Guccifer 2.0” as distribution methods set up by the Russian hackers. Both channels have been dormant for nearly two months.

DC Leaks has posted e-mails stolen from a handful of Clinton campaign staffers, several retired military officials, former Secretary of State Colin Powell, and financier George Soros’s Open Society Foundation. And, as TSG first reported on August 12, the site’s “Portfolio” also includes a collection titled “The United States Republican Party.”

While the nearly 300 Republican-related e-mails posted on DC Leaks are uniformly innocuous, the collection is noteworthy for the scope of victims it reveals. The material includes correspondence lifted from the campaign committees of various elected officials, including Senator John McCain, Senator Lindsey Graham, and Representative Robert Hurt. Several state GOP organizations, Republican PACs, and campaign consultants also had their e-mail accounts compromised.

The GOP hacking sampler on DC Leaks includes correspondence scattered across a four-month period ending in late-October 2015. One of those stolen e-mails indicates that the Russian hackers had access to the RNC’s e-mail server.

An October 13 e-mail sent to [email protected] is among the correspondence posted to DC Leaks. The e-mail, sent by a Republican voter, was addressed to Priebus and addressed “gun control rhetoric” from Democratic candidates and their operatives.

So how did an e-mail sent to the RNC’s public-facing address end up in the hands of hackers? For that answer, all roads lead to Tennessee.

As TSG previously reported, the Republican elected officials and organizations whose e-mails appear on DC Leaks have all used Smartech, a Chattanooga-based firm, to host their web sites and e-mail operations. The company and its parent, Airnet Group, have done work for a Who’s Who of Republican figures, including George W. Bush, Karl Rove, John Bolton, Mitt Romney, Newt Gingrich, and the Koch brothers.

While Smartech officials did not return TSG phone calls and e-mails seeking comment on whether their systems had been compromised, a Republican client of the company told TSG that the firm privately acknowledged such a breach.

Tom Del Beccaro, ex-chairman of the California Republican Party, told TSG that Smartech admitted being hacked. The firm’s disclosure came several months ago, not long after DC Leaks published its portfolio of stolen GOP e-mails. Del Beccaro, who unsuccessfully ran this year for the Senate seat being vacated by Barbara Boxer, contracted with the firm to host his campaign’s web site and e-mail server.

Since the 2008 federal election cycle, Smartech has been paid more than $11 million by the Republican National Committee for a wide variety of tech services, including web hosting and call centers. During the final four months of the 2016 campaign, the RNC paid Smartech nearly $400,000 for “data services,” Federal Election Commission records show. In a front-page testimonial on the Airnet web site, the GOP enthuses that the company has been “an all-encompassing intelligent technology provider and knowledge resource for the RNC.”

The Republican Party’s main web site, gop.com, was hosted for many years by Smartech, which was supplanted by Amazon in early-2014. Within the past two months, the GOP web site has contracted with Fastly, a content delivery network whose clients include BuzzFeed, Vimeo, and Kayak. Amazon, whose CEO Jeff Bezos owns The Washington Post and has a net worth dwarfing Trump’s, has been the frequent target of scorn from Trump. Bezos, Trump contends, is a tax-avoiding monopolist with a “huge antitrust problem.”

But while Smartech has not hosted the gop.com web site for more than two years, the company has continuously provided the RNC with its e-mail service, records show.

At Smartech, the RNC’s e-mail server is dubbed “barracuda1.” The same mail server, records show, was used by many of the Republican candidates (McCain, Graham, Hurt, Del Beccaro, former Rep. Michele Bachmann) and state parties (Illinois, Connecticut, Rhode Island, Wyoming) whose e-mail accounts were compromised and had some of their correspondence posted to DC Leaks.

After becoming aware of the hacking, “barracuda1” clients like McCain, Graham, and Hurt have relocated their campaign e-mail accounts from Smartech. Notably, while some prominent Republicans have shied from linking Russia to the DNC and Clinton campaign hacking, McCain and Graham have shown no such hesitance. McCain has said that, “it’s clear the Russians interfered” in the presidential election. In return for meddling in U.S. affairs, Graham announced, “I’m going after Russia in every way you can go after Russia...I want Putin personally to pay a price.”

When interviewed Sunday by ABC’s George Stephanopolous, Priebus said that the RNC contacted the FBI after the DNC hack was disclosed in mid-June. Federal agents, Priebus said, subsequently “reviewed all of our systems” and concluded that “the RNC was not hacked.” Assertions to the contrary, Priebus stated, are “absolutely not true.”

Perhaps the next time Priebus appears on the Sunday TV circuit someone will ask him about the breach of “barracuda1” in Chattanooga, 600 miles southwest of the RNC’s Capitol Hill headquarters. And the fact that only a single stray RNC e-mail has been uploaded by the Russian hackers responsible for the theft and subsequent distribution of 95,000 e-mails swiped from the DNC and Podesta. (1 page)