Officials say a computer service used by the campaign of Hillary Clinton was hacked as part of a broader breach of the Democratic National Committee, an intrusion for which the Russian government remains the leading suspect.
The breach affected a DNC data analytics program used by the campaign and a number of other organizations, according to the Clinton campaign. Outside security experts reviewing the campaign’s computer system have found “no evidence that our internal systems have been compromised,” the campaign said in a statement issued Friday.
The campaign did not specify what types of data the service was analyzing, but partnerships with modern e-commerce companies can allow sophisticated tracking, categorization and identification of website visitors. This can help organizations tailor their online content, advertising and solicitations to be more effective.
For about five days the hackers had access to the program, which is used to conduct voter analysis. It did not include Social Security numbers of credit card information, according to a campaign aide.
The hack involved a separate system and could not have resulted in access to Clinton campaign internal emails, voicemails, computers or other internal communications and documents, according to the campaign’s outside cyber security expert.
The FBI is investigating a hack at the DNC that resulted in the posting last week of embarrassing internal communications on WikiLeaks, and a similar intrusion of the House Democratic Congressional Campaign Committee. President Barack Obama has said Russia was almost certainly responsible for the DNC hack, an assertion with which cybersecurity experts have agreed.
The FBI said Friday it was aware of “media reporting on cyber intrusions involving multiple political entities, and is working to determine the accuracy, nature and scope of these matters.”
The intrusions have added another layer of mystery to the hacking of Democratic Party information that has been revealed in the heat of this year’s presidential and congressional elections.
The DNC breach led to the release by WikiLeaks on July 22, days before the Democratic national convention began, of 19,000 emails showing that supposedly neutral party officials were favoring Hillary Clinton over Sen. Bernie Sanders during their primary contest for the presidential nomination. As a result of that disclosure, party chairwoman Rep. Debbie Wasserman Schultz, D-Fla., announced her resignation this week.
On Friday, the Democratic Congressional Campaign Committee, which raises money and provides other assistance for Democratic House candidates, acknowledged a digital break-in of its computers that it said resembled the DNC hack.
Spokeswoman Meredith Kelly said the committee was “the target of a cybersecurity incident” and was informed by investigators “that this is similar to other recent incidents, including the DNC breach.”
She said the congressional campaign committee is using CrowdStrike Inc., a computer security firm based in Irvine, California, and is “cooperating with the federal law enforcement with respect to their ongoing investigation.” She said her organization is “continuing to take steps to enhance the security of our network in the face of these recent events.”
CrowdStrike issued a statement confirming its work for the congressional campaign committee but provided no additional details.
The Clinton campaign took pains Friday to assert that its own internal systems weren’t compromised by the hack of the DNC analytics service. But such third-party, connected systems represent appealing options for hackers searching for less-protected routes to attack an organization.
Computer hacking, emails and indications of Russian involvement have evolved into a political issue in the presidential campaign between Clinton and Republican candidate Donald Trump.
This week, Trump encouraged Russia to seek and release more than 30,000 other missing emails deleted by Clinton, the former secretary of state. Democrats accused him of trying to get a foreign adversary to conduct espionage that could affect this November’s elections, but Trump later said he was merely being sarcastic.
Clinton deleted the emails from her private server, saying they were private, before handing other messages over to the State Department. The Justice Department declined to prosecute Clinton over her email practices, though FBI Director James Comey called her “extremely careless” in handling classified information.
CrowdStrike and another security firm, ThreatConnect Inc. of Arlington, Virginia, said they found evidence pointing to Russian government involvement in the DNC hack when they analyzed the hackers’ methods and efforts to distribute the stolen emails and other files. The hacker groups, identified by CrowdStrike as Cozy Bear and Fancy Bear, used different but sophisticated techniques to break into the DNC and try to avoid detection. Most of the DNC emails appeared to have been stolen May 25.
Reuters first reported the DCCC hack and the Clinton campaign hack.