A hacker claiming responsibility for the DNC hack that made headlines earlier this week has slammed the security company responsible for the incident response, and leaked several documents compromised during the incident – including a 235-page opposition memo on Donald Trump.
On Tuesday, the Washington Post reported that hackers – believed to be Russian – compromised the Democratic National Committee network and walked off with opposition research on Republican presidential candidate Donald Trump.
CrowdStrike, the security firm that was brought in to do incident response, suggested espionage as the likely motive. In fact, later that day, CrowdStrike published reports on two different "APT" groups in Russia, giving them the names Cozy Bear and Fancy Bear.
Overall, the Washington Post story actually read more like a promotion for CrowdStrike's incident response offerings than actual security news.
But the fact is, someone targeted the DNC directly and that is news worth watching. At the same time, many experts felt it was a stretch to hype the incident as some sort of massive international conspiracy.
The hacker claiming responsibility for the DNC attack (using the alias Guccifer 2.0) mocked CrowdStrike's assessment that he was a sophisticated hacker group, noting that he was pleased the company "appreciated my skills so highly. But in fact, it was easy, very easy."
"Guccifer may have been the first one who penetrated Hillary Clinton’s and other Democrats’ mail servers. But he certainly wasn’t the last. No wonder any other hacker could easily get access to the DNC’s servers. Shame on CrowdStrike: Do you think I’ve been in the DNC’s networks for almost a year and saved only 2 documents? Do you really believe it?"
As proof, he published the full opposition report on Donald Trump, which describes the GOP presidential candidate having "no core."
The 235-page memo is essentially a timeline and collection of comments and speeches given by Trump, as well as an overview of his political stance and mindset.
A 2-page memo to the DNC was included in the cache of posted files, which outlines the suggested positioning and public message strategy around the national election and the match-up between Donald Trump and Hillary Clinton.
In response to DNC comments that no financial information was accessed during the attack, several donor lists were also published on Wednesday by the hacker, showing millions in financial contributions from Hollywood elites, businesses, trade groups, and unions.
The hacker ended their disclosure with a notice that a bulk of the compromised documents, including memos marked confidential and secret – allegedly taken from Hillary Clinton's personal email server – were delivered to WikiLeaks.
"The main part of the papers, thousands of files and mails, I gave to WikiLeaks. They will publish them soon. I guess CrowdStrike customers should think twice about company’s competence," they wrote.
Salted Hash reached out to CrowdStrike for comment, but the company wasn't able to respond before this article was published. It will be updated with additional details as they become available.
CrowdStrike didn't respond to questions directly, but issued the statement below.
"CrowdStrike stands fully by its analysis and findings identifying two separate Russian intelligence-affiliated adversaries present in the DNC network in May 2016. On June 15, 2016 a blog post to a WordPress site authored by an individual using the moniker Guccifer 2.0 claiming credit for breaching the Democratic National Committee. This blog post presents documents alleged to have originated from the DNC.
"Whether or not this posting is part of a Russian Intelligence disinformation campaign, we are exploring the documents' authenticity and origin. Regardless, these claims do nothing to lessen our findings relating to the Russian government's involvement, portions of which we have documented for the public and the greater security community."