Just weeks after she started preparing opposition research files on Donald Trump’s campaign chairman Paul Manafort last spring, Democratic National Committee consultant Alexandra Chalupa got an alarming message when she logged into her personal Yahoo email account.
“Important action required,” read a pop-up box from a Yahoo security team that is informally known as “the Paranoids.” “We strongly suspect that your account has been the target of state-sponsored actors.”
Chalupa — who had been drafting memos and writing emails about Manafort’s connection to pro-Russian political leaders in Ukraine — quickly alerted top DNC officials. “Since I started digging into Manafort, these messages have been a daily occurrence on my Yahoo account despite changing my password often,” she wrote in a May 3 email to Luis Miranda, the DNC’s communications director, which included an attached screengrab of the image of the Yahoo security warning.
“I was freaked out,” Chalupa, who serves as director of “ethnic engagement” for the DNC, told Yahoo News in an interview, noting that she had been in close touch with sources in Kiev, Ukraine, including a number of investigative journalists, who had been providing her with information about Manafort’s political and business dealings in that country and Russia.
“This is really scary,” she said.
Chalupa’s message is among nearly 20,000 hacked internal DNC emails that were posted over the weekend by WikiLeaks as the Democratic Party gathered for its national convention in Philadelphia. Those emails have already provoked a convulsion in Democratic Party ranks, leading to the resignation of DNC Chair Debbie Wasserman Schultz in the wake of posted messages in which she and other top DNC officials privately derided Bernie Sanders and plotted to undercut his insurgent campaign against Hillary Clinton.
But Chalupa’s message, which had not been previously reported, stands out: It is the first indication that the reach of the hackers who penetrated the DNC has extended beyond the official email accounts of committee officials to include their private email and potentially the content on their smartphones. After Chalupa sent the email to Miranda (which mentions that she had invited this reporter to a meeting with Ukrainian journalists in Washington), it triggered high-level concerns within the DNC, given the sensitive nature of her work. “That’s when we knew it was the Russians,” said a Democratic Party source who has knowledge of the internal probe into the hacked emails. In order to stem the damage, the source said, “we told her to stop her research.”
A Yahoo spokesman said the pop-up warning to Chalupa “appears to be one of our notifications” and said it was consistent with a new policy announced by Yahoo on its Tumblr page last December to notify customers when it has strong evidence of “state sponsored” cyberattacks. “Rest assured we only send these notifications of suspected attacks by state-sponsored actors when we have a high degree of confidence,” wrote Bob Lord, the company’s Chief Information Security Officer, in the Tumblr post.
Asked about charges by Clinton campaign manager Robby Mook that “Russian state actors” hacked the DNC in order to help Trump, who has made sympathetic comments about Russian President Vladimir Putin, Manafort on Sunday dismissed the charges in multiple television interviews as “absurd” and “crazy.” The claims are “pure obfuscation on the part of the Clinton campaign,” Manafort said on ABCs “This Week.” “What they don’t want to talk about is what’s in those emails.”
In mid-June, Democratic Party suspicions about the hackers seemed to be confirmed when CrowdStrike, an outside security firm retained by the DNC, reported that it traced the hackers to two separate units linked to Russia’s security services: the FSB, Russia’s equivalent of the FBI, and GRU, the country’s military intelligence agency. The company noted strong similarities between the attack on the DNC by the suspected GRU hackers and previous cyberintrusions of unclassified systems at the White House, the State Department and the offices of the Joint Chiefs of Staff. (After discovering the data breach, a DNC security source said its cyberexperts noted that the hackers’ exfiltration of files took place “9 to 5, Moscow time.”) An FBI official confirmed that the bureau has been investigating the breach for some time, and, according to one source familiar with the matter, Director James Comey has been personally briefed.
The extent of the damage was at first unclear. When they first authorized a public release of the CrowdStrike analysis, party officials said that the hackers had targeted oppo files on Donald Trump. But they told reporters that no personal information about donors had been penetrated. Party officials are no longer standing by those assurances. Two sources familiar with the breach said that the hackers’ reach was far more widespread than initially thought and includes personal data about big party contributors and internal “vetting” evaluations that include embarrassing comments about their business dealings (as well as gossipy internal emails about the private affairs of DNC staffers). One newly posted email discusses a prospective DNC donor’s offering to host a fundraiser with President Obama, noting that he had previously been convicted in a case involving allegations that he killed 50 horses, as part of an insurance fraud scheme. Party officials are bracing for more damaging document dumps after Labor Day. “They’re having to do serious damage control with the donors right now,” said a party official familiar with the matter.
There are also signs that the hackers have penetrated the personal email of some Clinton campaign staffers — at least those who were in communication with senior DNC staff members. On May 6, John McCarthy, a DNC consultant who has since joined the Clinton campaign to do outreach to religious groups, sent an email to Chalupa from his personal Gmail account that was then forwarded to other party officials. McCarthy proposed arranging for religious leaders who have “condemned Trump for bringing out the worst in America” to stage a protest at the Republican National Convention. “It would be great to try and engage them and get them to do something at convention, etc. Maybe do a vigil at the Cleveland convention?” McCarthy wrote in the email, which included his personal cellphone number and which has now been posted as part of the WikiLeaks data dump.
There is still much that is not known about the DNC hack and how, if the Russians are indeed behind it, the emails found their way to WikiLeaks. Some commentators have noted that WikiLeaks founder Julian Assange has in the past hosted a talk show on RT, the Russian television network that serves as a propaganda arm for the Kremlin. (Assange, without providing specifics, recently claimed he will be posting more emails that will be damaging to Clinton and “provide enough evidence” to get her arrested.)
There are also signs that the Obama administration is taking the matter more seriously. The Washington Post reported Monday that White House officials convened a high-level security meeting last Thursday, hours before WikiLeaks began posting the emails, to review information about the DNC attack. Party officials are privately pushing the White House to publicly blame the Russians in the same way it blamed North Korea for the cyberattack on Sony and China for intrusions into U.S. companies. “The last time somebody broke into the DNC, it led to the resignation of a president,” said the Democratic Party security source, referring to the Watergate scandal. In some ways, the source insisted, the current cyberheist — what some in party circles are already calling a “21st century Watergate” — is even more sinister, the source said. “This is the Russians screwing with the integrity of our election process.”