Fancy Bear Goes Phishing: The Untold Story of How the Russians Hacked the DNC

“The security of our system is critical to our operation and to the confidence of the campaigns and state parties we work with,” said Rep. Debbie Wasserman Schultz, Florida congresswoman and Democratic National Committee chairwoman, on June 12, 2016. 

“When we discovered the intrusion, we treated this like the serious incident it is and reached out to CrowdStrike immediately. Our team moved as quickly as possible to kick out the intruders and secure our network.”  

Well, not really. 

The FBI first contacted the DNC about Russian network intrusions in September 2015 and were expelled ten months later—hardly “as quick as possible.” 

Even when CrowdStrike had confirmed on May 8, that not just one, but two Russian intelligence groups were into their networks, the DNC only directed CrowdStrike to expel them on the weekend of June 10. For another month, Russian hackers were eavesdropping on the secret communications of the Democratic Party. 

Why did it take so long for the FBI, and then DNC, to respond to such an urgent matter? 

The simple answer—incompetence—is tempting. It is also wrong. As Scott Shapiro will describe in this talk, each actor in this story acted more or less rationally, following the rules that applied to them.

About Scott Shapiro

Scott Shapiro is the Charles F. Southmayd Professor of Law and Professor of Philosophy at Yale Law School. His areas of interest include the philosophy of law, international law, criminal law, cybersecurity and artificial intelligence. He is the founding director of the Yale CyberSecurity Lab, and he has been appointed as Special Government Expert to the Office of the Technical Director, Cybersecurity and Infrastructure Agency, working on AI security.