NEW YORK — An unusual question is capturing the attention of cyberspecialists, Russia experts and Democratic Party leaders in Philadelphia: Is Vladimir Putin trying to meddle in the American presidential election?
Until Friday, that charge — with its eerie suggestion of a conspiracy drawn up in the Kremlin to aid Donald Trump — has been only whispered.
But the release Friday of some 20,000 stolen emails from the Democratic National Committee’s computer servers, many of them embarrassing to Democratic leaders, has intensified discussion of the role of Russian intelligence agencies in disrupting the campaign.
The e-mails, released first by a supposed hacker and later by WikiLeaks, exposed the degree to which the Democratic apparatus favored Hillary Clinton over her primary rival, US Senator Bernie Sanders of Vermont, and triggered the resignation of Debbie Wasserman Schultz, the party chairwoman, on the eve of the convention’s first day.
Proving the source of a cyberattack is notoriously difficult. But researchers have concluded that the national committee was breached by two Russian intelligence agencies, which were the same attackers behind previous Russian cyberoperations at the White House, the State Department, and the Joint Chiefs of Staff last year. And metadata from the released e-mails suggests that the documents passed through Russian computers.
Although a hacker claimed responsibility for giving the e-mails to WikiLeaks, the same agencies are the prime suspects. Whether the thefts were ordered by Putin, or just carried out by apparatchiks who thought they might please him, is anyone’s guess.
On Sunday morning, the issue erupted, as Clinton’s campaign manager, Robby Mook, argued on ABC’s “This Week” that the e-mails were leaked “by the Russians for the purpose of helping Donald Trump” citing “experts” but offering no other evidence.
Mook also suggested that the Russians might have good reason to support Trump: The Republican nominee indicated in an interview last week that he might not back NATO nations if they came under attack from Russia — unless he was first convinced that the countries had made sufficient contributions to the Atlantic alliance.
It was a remarkable moment: Even at the height of the Cold War it was hard to find a presidential campaign willing to charge that his rival was essentially secretly doing the bidding of a key US adversary. But the accusation is emerging as a theme of Clinton’s campaign, as part of an attempt to portray Trump not only as an isolationist, but one who would go soft on confronting Russia as it threatens nations that have shown too much independence from Moscow — or in the case of Lithuania, Latvia, and Estonia, joined NATO.
Trump has also said he would like to “get along with Russia” if he is elected, and complimented Putin, saying he is more of a leader than President Obama. Putin has in turn praised Trump.
But Trump campaign officials on Sunday strongly rejected any connections between their candidate and cyberefforts to undermine the Democrats.
“Are there any ties between Mr. Trump, you or your campaign and Putin and his regime?” George Stephanopoulos, of “This Week,” asked Paul Manafort, Trump’s campaign chairman.
“No, there are not,” Manafort shot back. “That’s absurd. And, you know, there’s no basis to it.”
One of Trump’s sons, Donald Jr., was more definitive, charging the Clinton camp with a smear campaign.
“I can’t think of bigger lies,” he said on CNN.
The younger Trump mockingly suggested that Mook’s “house cat at home once said this is what happened with the Russians.’’
It may take months, or years, to figure out the motives of those who stole the e-mails, and more important, whether they were being commanded by Russian authorities, and specifically by Putin.
But the theft from the national committee would be among the most important state-sponsored hacks yet of a US organization, rivaled only by the attacks on the Office of Personnel Management by state-sponsored Chinese hackers, and the attack on Sony Pictures Entertainment, which Obama blamed on North Korea. There, too, embarrassing e-mails were released, but they had no political significance. The WikiLeaks release, however, has more of a tinge of Russian-style information war, in which the intent of the revelations is to alter political events. Exactly how, though, is a bit of a mystery, apart from embarrassing Democrats and further alienating Sanders’s supporters from Clinton.
Evidence suggests that the cyberattack was the work of at least two separate agencies, each apparently working without the knowledge that the other was inside the Democrats’ computer systems. It is unclear how WikiLeaks obtained the e-mail trove. But the presumption is that the intelligence agencies turned it over, either directly or through an intermediary.
Moreover, the timing of the release, between the end of the Republican convention and the beginning of the Democratic one, seems too well-planned to be coincidental.
Trump himself leapt on the news after the WikiLeaks release Saturday. In a Twitter message he wrote: “Leaked e-mails of DNC show plans to destroy Bernie Sanders. Mock his heritage and much more. On-line from Wikileakes, really vicious. RIGGED.”
The experts cited by Mook include CrowdStrike, a cybersecurity firm that was brought into the Democratic National Committee when officials there suspected they had been hacked. In mid-June the company announced that the intruders appeared to include a group it had previously identified by the name “Cozy Bear” or “APT 29’’ and been inside the committee’s servers for a year.
A second group, “Fancy Bear,” also called “APT 28,” came into the system in April. It appears to be operated by the GRU, the Russian military intelligence service, according to federal investigators and private cyber security firms.
The first group is particularly well known to the FBI’s counterintelligence unit, the CIA, and other intelligence agencies. It was identified by federal investigators as the likely culprit behind years of intrusions into the State Department and White House unclassified computer system.
Russian intelligence agencies went to great lengths to cover their tracks, investigators found, including meticulously deleting logs, and changing the time stamps of the stolen files.
Officials at several other firms who have examined the code for the malware used against the Democratic National Committee and the metadata of the stolen documents found evidence that the documents had been accessed by multiple computers, some with Russian language settings. Moscow has outsourced politically motivated hacking to outside groups in the past. A crippling cyberattack on Estonia in 2007, for example, was attributed to the pro-Kremlin Nashi youth organization. Intelligence officials and security researchers believe this outsourcing is done, in part, to preserve a measure of plausible deniability.
Intrusions like that for intelligence collection are hardly unusual, and the United States often does the same, stealing e-mails and other secrets from intelligence services and even political parties. But the release to WikiLeaks adds another strange element, because it suggests that the intelligence findings are being “weaponized” — used to influence the election in some way.
The story has another level of intrigue involving Manafort, Trump’s campaign chairman. Working through his lobbying firm, Manafort was one of several US image advisers to Viktor F. Yanukovych, the Russian-backed leader of Ukraine until he was forced out of office.
Yanukovych is a key Putin ally who is now in exile in Russia.
In April, asked on Fox News about his relationship with Yanukovych, Manafort said he was simply trying to help the Ukrainians build a democracy that could align more closely with the United States and its allies.
Nick Corasaniti in Washington and Nicole Perlroth in Olympic Valley, Calif., contributed to this report.