WASHINGTON – Senate Judiciary Committee Chairman Chuck Grassley and Ranking Democrat Patrick Leahy are seeking more information on the government’s response to cyberattacks targeting American political organizations. The inquiry follows a reported data breach at the Democratic National Committee and the selective publishing of stolen documents and emails.
In a letter to Attorney General Loretta Lynch and FBI Director James Comey, the senators are raising concern about the potential influence such breaches by foreign nations could have on the American election process.
“When a foreign intelligence service not only spies on American political organizations, which is bad enough, but then selectively publishes the obtained information in what appear to be attempts to affect our democratic process, it is substantially more troubling. The integrity of the democratic process is essential to the social contract on which our republic is formed. If foreign intelligence agencies are attempting to undermine that process, the U.S. government should treat such efforts even more seriously than standard espionage,” the senators said in the letter.
Grassley and Leahy are also seeking information regarding how and when federal investigators were notified of the breach, whether the source has been determined and what is being done in response. Additionally, they are requesting background on any proactive steps taken to prevent cyberattacks against nongovernmental political organizations and whether current statutes are adequate to address similar hacking crimes.
Full text of the senators’ letter follows:
Dear Attorney General Lynch and Director Comey:
We are writing in regard to the recent cyberattacks on American political organizations. Yesterday the FBI confirmed that it is investigating the recent hack of the Democratic National Committee (DNC). We are writing to request more specific information about the efforts that the National Cyber Investigative Joint Task Force (NCIJTF) and other elements of the FBI and Justice Department are undertaking in order to counter these types of attacks and bring the perpetrators to justice.
On June 14, 2016, the Washington Post reported that Russian government hackers had successfully penetrated the computer network of the Democratic National Committee, gaining access to DNC databases and email. According to the article, DNC officials noticed unusual network activity and hired CrowdStrike, a cybersecurity firm, to investigate. The firm identified two separate groups of hackers who had penetrated the DNC network, both of which it determined were working for the Russian government. Immediately after the Washington Post report, a purported hacker calling himself “Guccifer 2.0” claimed responsibility for the hack, and further claimed to be a lone Romanian hacker. The Russian government also denied its involvement. However, evidence appears to undermine the Romanian hacker’s claim of responsibility and instead suggests the Russian government’s involvement. The hackers subsequently publicly released what appears to be the DNC’s opposition research on Donald Trump in June. Last week, WikiLeaks released roughly 20,000 of the hacked DNC emails that the hackers had provided to it.
It is not unusual for a nation’s intelligence services to obtain sensitive information from other nations’ political entities. Not only has James Clapper, the Director of National Intelligence, stated that the government has indications of cyberattacks on the 2016 presidential campaigns, the government has also reported that foreign hackers targeted the networks of the Romney and Obama campaigns in 2012, and that Chinese hackers compromised the networks of the Obama and McCain campaigns in 2008.
However, when a foreign intelligence service not only spies on American political organizations, which is bad enough, but then selectively publishes the obtained information in what appear to be attempts to affect our democratic process, it is substantially more troubling. The integrity of the democratic process is essential to the social contract on which our republic is formed. If foreign intelligence agencies are attempting to undermine that process, the U.S. government should treat such efforts even more seriously than standard espionage. These types of cyberattacks are significant and pernicious crimes. Our government must do all that it can to stop such attacks and to seek justice for the attacks that have already occurred.
We were pleased to see that the FBI has stated that it is investigating this situation. We are writing to request more information on this cyberattack in particular and more information in general on how the Justice Department, FBI, and NCIJTF attempt to prevent and punish these types of cyberattacks. Accordingly, please respond to the following by August 9, 2016:
1. When did the Department of Justice, FBI, and NCIJTF first learn of the DNC hack? Was the government aware of the intrusion prior to the media reporting it?
2. Has the FBI deployed its Cyber Action Team to determine who hacked the DNC?
3. Has the FBI determined whether the Russian government, or any other foreign government, was involved in the hack?
4. In general, what actions, if any, do the Justice Department, FBI, and NCIJTF take to prevent cyberattacks on non-governmental political organizations in the U.S., such as campaigns and political parties? Does the government consult or otherwise communicate with the organizations to inform them of potential threats, relay best practices, or inform them of detected cyber intrusions?
5. Does the Justice Department believe that existing statutes provide an adequate basis for addressing hacking crimes of this nature, in which foreign governments hack seemingly in order to affect our electoral processes?
In addition to the questions listed above, we also request that the Justice Department, FBI, and/or NCIJTF arrange a briefing on these issues for Committee staff by August 16, 2016. If possible, we also request that the briefing include a staff tour of NCIJTF’s facilities. Thank you for your attention to this important matter. If you have any questions, please contact Patrick Davis of the Committee Staff at (202) 224-5225 or [redacted].