Contrary to DNC Claim, Hacked Data Contains a Ton of Personal Donor Information
When the Washington Post reported Monday that the Democratic National Committee’s servers had been breached by a team of Russian hackers, the DNC was quick to claim that nothing pertaining to the party’s many supporters had been pilfered. But a new cache of apparently hacked documents obtained by Gawker contains a wealth of donor information, including e-mail addresses and cell phone numbers for hundreds of high-profile and wealthy Democratic fundraisers.
It’s entirely possible that the DNC doesn’t really know what documents were extracted. But according to the Post, they’re at least acting like they’re sure the hack wasn’t that serious:
The DNC said that no financial, donor or personal information appears to have been accessed or taken, suggesting that the breach was traditional espionage, not the work of criminal hackers.
The hacker or hackers that contacted Gawker and The Smoking Gun this week under the monicker “Guccifer 2.0" provided more materials to Gawker which, the hackers claim, originate from DNC servers. And although nothing we’ve reviewed contains any credit card or other banking information, the hackers appear to be in possession of a large number of spreadsheets rife with names, cell phone and office numbers, email addresses, physical addresses, occupations, and contribution histories of hundreds, if not thousands, of Democratic donors.
The handful of spreadsheets we’ve been able to examine contain such information on contributions well into the six-figure range. It’s unclear how many more donors are represented in the rest of the hacked data cache, which “Guccifer 2.0" claims is roughly 100 GB in size. In an email to Gawker, “Guccifer 2.0" claims that they were able to breach the DNC using the same software vulnerability that allowed unauthorized access by the Bernie Sanders campaign last December: “When vulnerabilities were patched last december I was already inside their network...you don’t need to be a cool hacker to fuck the DNC server.” Computer security expert and consultant Dave Kennedy told me this claim is “possible for sure if they were using the same software,” while expert Kenn White agreed that the (admittedly vague) claim was “certainly possible.” The hacker or hackers have so far been unwilling to share more information about their methods.
One spreadsheet provided to Gawker, called “confirmed attendees April 2016,” appears to be a list generated by the Democratic Congressional Campaign Committee of 124 donors and activists attending the Democratic National Convention. According to the document’s metadata, it was created in April 2016 by someone named “Jean Cornell”; a person by that name serves as the DCCC’s midwest and south deputy finance director, according to this public LinkedIn profile.
The spreadsheet includes donor history, pledges, addresses, phone numbers, and email addresses for Democratic heavyweights like former House Majority Leader Dick Gephardt, lobbyist Tony Podesta, multi-millionaire Fred Eychaner, and others—leaving the impression that the party left personal information about some of its most important backers in a vulnerable position. While names, addresses, and donation amounts of political donors are generally made public in filings with the Federal Election Commission, these documents offer far more granular and detailed personal data.
For instance, the “confirmed attendees” spreadsheet includes a field called “Comments,” containing messages about specific donor requirements. “‘A queen bedded room is best, high floor, away from bars, elevator banks and ice machines. No twin beds please!’ Those are her hotel requests,” the spreadsheet notes next to the name of a pharmaceutical heiress. The comments field for another VIP donor read, “Will do 2nd $33,400 end of December or early January. He prefers a 1 bedroom jr. suite. He would like to stay at the luxury hotel option that allows dogs. He will attend with his wife...” For one business magnate donor, the comments say, “wants a suite. He was very adamant on this.” Many of the email addresses associated with the boldface names have been included in previous hacks, according to the data-breach-tracking web site HaveIBeenPwned.com, including the recent LinkedIn and MySpace leaks that exposed the passwords of hundreds of millions of users. It would be elementary for a motivated hacker with nefarious motives to cross-reference the data in this DNC leak with previously stolen information to breach, say, a high-profile Democratic donor’s email inbox.
Gawker was unable to independently verify the authenticity of the spreadsheet and other documents provided by the hacker or hackers, with the exception of one document that a source familiar with Democratic politics described as genuine. But the cell phone numbers and email addresses, which are generally not publicly available, seem to be accurate. And the vast breadth of material and data made available by the hacker both publicly and to Gawker suggest that if the documents aren’t real, they are the product of an almost incomprehensibly intricate hoax.
It is still possible that the hackers obtained genuine documents and altered them; many of the most recent documents provided to Gawker appear to have been saved by someone named “Ernesto Che.” The Trump opposition report released earlier this week had been last saved by someone named (in Cyrillic letters) “Felix Edmundovich.”
Reached by phone, prominent Democratic lobbyist Heather Podesta expressed surprise at the fact that her personal information, including mobile number, were pilfered in the hack, but declined to comment further.
DNC Press Secretary Mark Paustenbach did not return a request for comment.