Timeline of the DNC and AKP Hacks WikiLeaks Releases

Spring 2015: Allegedly Russian hackers target DNC consultant Alexandra Chalupa, who was performing opposition research on Donald Trump. Alexandra Chalupa’s emails are later included in the DNC leak.

Summer 2015: COZY BEAR (AKA CozyDuke or APT 29), suspected of being the Russian domestic intelligence agency responsible for external collection and active measures, the FSB (Федеральная Служба Безопасности), infiltrates the DNC network. intrusion has been identified going back to summer of 2015. An FBI source said the investigation into the DNC breach goes back to the summer of 2015.

April 2016: FANCY BEAR (AKA Sofacy or APT 28), suspected of being Russia’s military intelligence agency GRU (Главное Разведывательное Управление), infiltrates the DNC network. FANCY BEAR targeted the DNC’s opposition research on Donald Trump. The FBI notifies the DNC that their networks have been breached. DNC calls in Crowdstrike, who locate two intrusions and reset the DNC system. Until this time, the hackers were able to read all of the DNC’s email and chats.

Both adversaries engage in extensive political and economic espionage for the benefit of the government of the Russian Federation and are believed to be closely linked to the Russian government’s powerful and highly capable intelligence services.
Dmitri Alperovitch

May 09 2016: Judge Napolitano says Russia has 20,000 of Clinton’s emails.

There’s a debate going on in the Kremlin between the Foreign Ministry and the Intelligence Services about whether they should release the 20,000 of Mrs. Clinton’s emails that they have hacked into.
Judge Andrew Napolitano

May 18 2016: DNI discusses of cyber attacks against 2016 Presidential campaigns. The Department of Homeland Security and the FBI are stated to be working with the campaigns in regard to the hacking campaigns.

We’re aware that campaigns and related organizations and individuals are targeted by actors with a variety of motivations — from philosophical differences to espionage — and capabilities — from defacements to intrusions.”
-Brian P. Hale, Office of the Director of National Intelligence public affairs director

June ?? 2016: DCCC breach began.

June 03 2016: WikiLeaks creates the torrent for the insurance file which includes the DNC hack.

June 12 2016: According to Guccifer 2.0, the DNC resets their network, kicking “him” out of it. Julian Assange announces that they have documents relating to Hillary Clinton which are pending publication and that it would be “enough evidence” to indict her.

“We have upcoming leaks in relation to Hillary Clinton. WikiLeaks has a very big year ahead.”
Julian Assange

June 14 2016: The hack is publicly disclosed and attributed to Russia. Russia denies responsibility. The Washington Post reports that according to officials the same hackers targeted the presidential campaigns of Hillary Clinton and Donald Trump, as well as some Republican political action committees.

June 15 2016: Guccifer 2.0 first appears online and states that he and he alone hacked the DNC server. In the blog post, he uses the “)))” smiley emoticon commonly used by those using a Cyrillic keyboard due to the difficulty of typing. The metadata for the documents that Guccifer 2.0’s username is taken from the founder of the Soviet Union’s secret police.

June 16 2016 19:41: WikiLeaks uploads the torrent containing their insurance file to their website. Ars Technica’s security editor confirms CrowdStrike’s findings. SecureWorks confirms CrowdStrike’s findings and adds additional information.

June 17 2016: WikiLeaks publicly releases their insurance file. ThreatConnect confirms CrowdStrike’s findings and presents additional information based on their research.

June 18 2016: Cybersecurity experts are associating the insurance file release with Guccifer 2.0.

June 20 2016: Guccifer 2.0 first appears on Twitter and restates that the “DNC’s servers [were] hacked by a lone hacker” and releases the DNC’s opposition research on Donald Trump. Fidelis Cybersecurity confirms CrowdStrike’s findings. Mandiant, a cyber-forensics firm owned by FireEye, confirms CrowdStrike’s findings. CrowdStrike releases additional analysis about Guccifer 2.0.

June 21 2016: Guccifer 2.0 tells Motherboard that he put Russian metadata in the documents as his personal “watermark.” He also says it would be a waste of time to explain the hack in Romanian, his claimed native tongue, which other Romanian speakers said was “full of mistakes.”  He would not answer when asked if there was “someone else there” when he “got into the DNC network.”

I don’t like Russians and their foreign policy. I hate being attributed to Russia
-Guccifer 2.0

July 02 2016: Senator Tom Cotton suggests asking Putin for the deleted Hillary Clinton emails.

July 07 2016: WikiLeaks references their upcoming Hillary Clinton leaks.

July 13 2016: Guccifer 2.0 gives exclusive DNC docs to The Hill.

July 17 2016: WikiLeaks announces the imminent AKP release of over 100,000 documents while the hacker is still in the system, stating most of the documents are in Turkish.

July 19 2016: WikiLeaks releases their partial copy of the AKP files.

July 20 2016: The full Turkey AKP hack is released by The Cthulhu, including data not obtained by WikiLeaks because they released while Phineas Fisher was still in the system. The statement says that WikiLeaks was asked to wait with the release because the hacker was still in the system, but Wikileaks decided to publish with the attention brought by the attempted coup attempt. The full release comes to over 100GB (105,984,622,125 bytes).

July 22 2016: WikiLeaks releases nearly 20,000 DNC emails. Guccifer 2.0 claims they gave the files to WikiLeaks, four hours later WikiLeaks says that anyone claiming to know who their source is “has no credibility.”

July 23 2016: WikiLeaks says the Russian allegations “should be explored” but denies there is any evidence to explore.

July 24 2016: WikiLeaks says their sources do not set the date for releases and that they have more DNC documents coming. Another tweet implies their source may have been an insider. A third tweet from WikiLeaks threatens a journalist with legal action for exploring an affinity between Russia, Trump and WikiLeaks. WikiLeaks says that “as usual” they “published as soon as the docs were verified.”

July 25 2016: WikiLeaks says they will release more DNC documents “at the appropriate moment.” One tweet said they filed a complaint with the Huffington Post and others against an academic, pointing out that “she is not a journalist,” over a story about the AKP release. Another tweet says they “chose the pub date” for the DNC leak. Another says they obtained the documents less than three months ago. A former director of the Defense Intelligence Agency says the hack has the hallmarks of a Russian operation.”Several officials” say the hack was an attempt to influence the election in favor of Donald Trump. A Harvard professor and former member of the Department of Justice said that when it comes to reports that the FBI suspects Russia, he has “no basis to question these reports. But the truth is that there is no public evidence whatsoever tying Russia to the hack.” USA Today reports that an FBI source says the investigation into the leak has been ongoing for about a year and did not dispute an assertion by  assertion that Russia was responsible. Steve Grobman, chief technology officer with for the Intel Security Group, points out that the evidence of Russian involvement could have been manufactured. Cyber threat firm Invincea confirms CrowdStrike’s findings. The GOP Chair states they have not been hacked because of two-factor authentication, no mention of an investigation is made.

The release of emails just as the Democratic National Convention is getting underway this week has the hallmarks of a Russian active measures campaign.
-David Shedd, former Defense Intelligence Agency director

July 26, 2016: NBC reports that three cybersecurity experts have told them that the DNC emails were hacked by Russian intelligence.

July 28, 2016: It’s announced that the FBI is investigating a hack against the DCCC.

July 29, 2016: Reuters reports that the DCCC has also been breached, allegedly by the same groups responsible for the DNC breach. The DCCC confirms the breach. The breach is “similar”  to the DNC breach. Reports emerge that personal information in the DNC breach is being exploited by third parties. The DCCC breach is connected to FANCY BEAR by two firms working together.

July 30, 2016: The FSB reports, through RT, that over twenty high profile Russian organizations and government agencies have been hacked by sophisticated malware. No technical details are made available for confirmation. The Clinton campaign confirms that it has been hacked as well, as part of the DNC hack.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s