What happened, in brief
Yesterday, August 12th, Guccifer 2.0 posted several documents from the DCCC computers he had hacked, claiming credit for them. In total, there were seven documents. Two campaign overviews, a memo from Nancy Pelosi’s computer, campaign notes for Florida’s 18th, a list of contacts for the 114th Congress, and three files of passwords. When Guccifer 2.0 tweeted out the link, along with pictures of the files, he opened up his Twitter account to temporary suspension for posting private information. It’s possible that without the pictures, the account wouldn’t have been suspended at all. After several hours, Guccifer 2.0’s account was reactivated – although the tweet had been removed.
Shortly after that, the WordPress blog used by Guccifer 2.0 (hosted on WordPress.com) had disabled the post with the files in them, although the blog itself remains active. All but one file remains directly accessible, and the file that was removed contained a great deal of personal and private information.
What the censored post said
Before it was removed, the blog post opened with the following text:
Hi all!
It’s time for new revelations now. All of you may have heard about the DCCC hack. As you see I wasn’t wasting my time! It was even easier than in the case of the DNC breach.As you see the U.S. presidential elections are becoming a farce, a big political performance where the voters are far from playing the leading role. Everything is being settled behind the scenes as it was with Bernie Sanders.
I wonder what happened to the true democracy, to the equal opportunities, the things we love the United States for. The big money bags are fighting for power today. They are lying constantly and don’t keep their word. The MSM are producing tons of propaganda hiding the real stuff behind it. But I do believe that people have right to know what’s going on inside the election process in fact.
To make a long story short, here are some DCCC docs from their server. Make use of them.
This was followed by three links to the files with password lists.
Special thanks to Nirali Amin for the list of passwords.
#DCCC impresses no one with some of its infosec choices.
(PW’s changed and TFA employed, the image is safe) pic.twitter.com/LWW52UgMHX
— Michael Best (@NatSecGeek) August 13, 2016
All three of the documents continue to be hosted on the WordPress site, and can still be accessed through the original links. The passwords have all been changed, but they were not encouraging in the level of password security that was originally used. It’s not clear if the Two-Factor Authentication was implemented before or after the passwords were posted. HOWEVER – the passwords do reveal an important fact. It appears that the DCCC may have become aware of the DCCC breach 48 days ago (June 26, 2016) as that is when the password was changed for one of the DCCC accounts (which had apparently kept the same password since 2014).
By the way, the complexity of the passwords leaves much to be desired.
Here are more docs from the DCCC server.
Copy of 114th Congressional Contacts
The Congressional contacts document was extremely thorough, covering 194 individuals, listing their phone numbers, email addresses, positions, titles, family and religious information. This is the only document that has been removed from WordPress, so the link has been removed. Interestingly, the screenshot from the file has not been removed. However, it presents only a small portion of the information covered by the file for a small portion of the people included in it. The significance lies in the apparent difference between the policies of Twitter and WordPress. The pictures, which WordPress found were not a problem, are the only thing that Twitter could use to justify deleting the tweet. Simply linking to the article wouldn’t be enough (and would open a massive can of worms for Twitter).