![](\"https:\/\/media.wired.com\/photos\/5ada4c86c302e41716cebaef\/master\/pass\/DNCLawsuit-584452634.jpg\"\/)
<\/p>\n<\/p>\n
Credit to Author: Brian Barrett| Date: Fri, 20 Apr 2018 20:53:53 +0000<\/strong><\/p>\n The Democratic National <\/span>Committee Friday filed a lawsuit against a broad slate of people and entities allegedly responsible for the 2016 hack of its email, phone calls, and more. But while the suit claims involvement from a host of headliners<\/a>\u2014Wikileaks, Julian Assange, Donald Trump, Jr., and Russia among them\u2014its immediate importance lies in the previously unreported timeline it lays out.<\/p>\n While a rough outline of the DNC hack<\/a> that rocked the 2016 election had previously been established, the 66-page lawsuit, first reported by The Washington Post<\/a><\/em> gives exact dates for the first time. It also asserts coordination among a web of characters<\/a> affiliated with the Trump campaign, Russia\u2019s GRU intelligence service, and WikiLeaks.<\/p>\n \u201cNo one is above the law,\u201d the suit begins. \u201cIn the run-up to the 2016 election, Russia mounted a brazen attack on American Democracy.\u201d<\/p>\n The details of when and how that attack occurred, though, are more clear than ever\u2014and may indicate that Russia\u2019s plan to interfere in the US election predated its DNC intrusion.<\/p>\n Between repairing and replacing equipment and hiring experts to manage the fallout, the bill came out to over a million dollars.<\/p>\n According to the DNC lawsuit, Russian intelligence group Cozy Bear\u2014the GRU-affiliated hacker group, also known as APT29\u2014infiltrated the DNC network as far back as July 27, 2015, nearly a year before the leaks of the pilfered material began. The suit says that a second Russian group\u2014Fancy Bear, the outfit that has recently tormented the International Olympic Committee <\/a> as well\u2014hacked the DNC\u2019s systems on April 18, 2016. The DNC wouldn\u2019t notice the presence of either until April 28, 2016, at which point it called in security firm CrowdStrike to help analyze and mitigate the damage.<\/p>\n The remedy was costly. The suit details the necessary fixes; the DNC had to \u201cdecommission more than 140 servers, remove and reinstall all software, including the operating systems, for more than 180 computers, and rebuild at least 11 servers.\u201d Between repairing and replacing equipment and hiring experts to manage the fallout, the bill came out to over a million dollars.<\/p>\n By then, of course, the worst damage had already been done. The DNC had been devastatingly compromised. The Russians had gained access not only to email systems but also to backup servers, VOIP calls, and chats. They were prepared to make off with \u201cseveral gigabytes of data,\u201d the suit says, a little over a week before the DNC even knew they were there.<\/p>\n The timeline from there has been a matter of public record. On June 14, the DNC first disclosed the hack. The following day, a persona going by Guccifer 2.0\u2014only recently confirmed to be a Russian intelligence agent<\/a>\u2014claimed responsibility, leaking a 237-page opposition research report on Donald Trump in the process.<\/p>\n The leaks continued steadily from there, as the suit details. Guccifer 2.0 struck again on June 27, June 30, and July 6. On July 22, WikiLeaks took the wheel, releasing nearly 20,000 internal DNC emails. The following day, according to the suit, multiple DNC employees received an email that said: \u201cI hope your children get raped and murdered. I hope your family knows nothing but suffering, torture, and death.\u201d<\/p>\n The rest of the suit rehashes the connections that have played out in the press over the last several months, alleging Roger Stone<\/a>, Paul Manafort<\/a>, George Papadopoulos<\/a>, and a host of Russians as ingredients in a collusive soup. But for close observers of Russia\u2019s hacking efforts against the US in 2015 and beyond, it\u2019s the timeline that provides the most valuable information.<\/p>\n The timeline strongly implies that Russia\u2019s aim was to disrupt the election from the start.<\/p>\n That\u2019s in part because of how it aligns with two incidents not mentioned in the suit. Many of the early leaks appeared on a site called DCLeaks, which went live in June 2016 but was registered on April 19, which the suit confirms was a day after Fancy Bear broke into the DNC. But the same group that registered DCLeaks had attempted<\/a> but failed to register ElectionLeaks.com on April 12, nearly a week before the Fancy Bear hack.<\/p>\n The timeline strongly implies that Russia\u2019s aim was to disrupt the election from the start, rather than a reconnaissance mission that rapidly escalated.<\/p>\n \u201cThey had already carried out the Podesta intrusion in March, and carried out a pretty large scale attempt to target the campaigns,\u201d says John Hultquist, director of threat intelligence at security firm FireEye, referring to the emails of Hillary Clinton campaign chairman John Podesta<\/a>, which were ultimately leaked a month before the 2016 election. That, combined with registering ElectionLeaks before the Fancy Bear break-in, \u201csuggests they had this plan prior to even compromising the organization.\u201d<\/p>\n It\u2019s unclear how likely the DNC lawsuit is to succeed, especially in its efforts to hold Russia accountable in a US court. But its revelations shed light on one of the most impactful hacks of recent memory\u2014and maybe the intentions of the country behind it.<\/p>\n