Get Task & Purpose in your inbox
This Marine Proved Russia Hacked The DNC's Emails — And Now, He's Talking
The Marines have fought in every clime and place where they could take a gun. But it turns out they’re pretty good at doing “the cyber,” too.
Just take former Marine Capt. Robert Johnston: U.S. Naval Academy wrestler and comp sci major, organizer of the Marine Corps’ Red Team of counter-hackers, veteran of U.S. Cyber Command — and, in May 2016, the leader of the private security team that investigated the hacking of the Democratic National Committee’s servers and concluded with certainty that Russian intelligence did the deed.
Johnston, a former investigator with the security firm CrowdStrike, spoke openly for the first time about his work in an interview Nov. 8 with BuzzFeed national security reporter Jason Leopold, characterizing the DNC hack as more of a “brazen ransacking” than a “stealthy burglary.”
“Johnston has managed to maintain a low profile for the last year and half, even as Washington has obsessed over Trump and Russia,” Leopold explains. “He hasn’t been in hiding, he said… he just hadn’t talked about it for a simple reason: No one asked him to.”
Johnston’s work isn’t political: He’s just really, really good at spotting, exploiting, and eliminating weaknesses in vital systems. You know, like a Marine.
How was Johnston sure that the Russians were behind the DNC hack? Because he’d seen their malicious code before: In 2015, while working at Ft. Meade, the Marine was assigned to investigate a phishing virus that had rapidly infected the computers of the Joint Chiefs of Staff:
Soon, Johnston and the others identified the malware. It was associated with APT 29, for “advanced persistent threat,” a hacker group widely believed to be linked to the FSB, Russia’s federal security service.
Johnston said the phishing campaign against the Joint Chiefs stood out. Usually, he said of Russian hackers, “their operations are very surgical. They might send five phishing emails, but they're very well-crafted and very, very targeted.” But this time it was a broadside. “The target list was, like, 50 to 60,000 people around the world. They hit them all at once.” It’s rare, he said, for “an intel service to be so noisy.”
While still puzzling over the Russians’ methods, Johnston helped the JCS firm up its security measures. "We had to build the network back from bare metal,” retired lieutenant general Mark Bowman, then the joint chiefs’ top cyber officer, told Buzzfeed. “Watching Robert and his team do that was unbelievable. That guy flat-out amazed me."
By mid-2016, Johnston was off active duty and working for CrowdStrike when the DNC called asking for help with a security breach. The FBI had told the political committee its servers had been compromised, but rather than bringing in the feds, its leadership reached out to CrowdStrike, which is run by former FBI cyber chief Shawn Henry. It didn’t take long for CrowdStrike’s former Marine to assess the situation:
Johnston sent the DNC a script to run on all its servers, and then collected the output code. To an outsider it might have looked like a tedious job to examine long strings of data. But within an hour Johnston had it: an unmistakable string of computer code — sabotage — that didn’t belong in the system. It was “executable file paths” — evidence of programs — that didn’t belong there. They stood out like a shiny wrench left in a car engine.
And in fact, Johnston had seen this particular piece of code before, back when he was at the Pentagon. So it was easy to recognize this nemesis. He knew who had sent it by the telltale signatures. “This was APT 29,” he said. Later, when he had spent more time analyzing the DNC hack, he would come to believe that the Democrats had been compromised by the same blast of 50,000 or so phishing emails that had breached the computers of the Joint Chiefs.
What had the Russkies stolen, and what were they going to do with it? It wasn’t clear at the time. But when pilfered DNC emails started appearing on Wikileaks in July 2016, they made a big splash in an already topsy-turvy U.S. election cycle.
Johnston’s work stands as a pretty compelling rebuke to Americans, many of them service members, who flatly deny Russia was behind the DNC hack and assemble elaborate conspiracy theories to make their case.
In fact, the most dramatic and disturbing part of Buzzfeed’s profile of Johnston isn’t DNC-related at all: It’s about his work on that Marine Corps Red Team, where he learned that some of America’s toughest, bravest warriors are also the easiest to hack with dumb “fake news” emails:
He was surprised how many well-trained military personnel fell for fake attacks. Right after the Snowden leaks in 2013, he said, the team sent out to 5,000 people inside the military a test: a phishing email, one that tries to trick recipients into clicking on a link, which installs malware. The subject line was: “SEAL team six conducts an operation that kills Edward Snowden.”
“We actually had to shut down the operation,” he said. “The phishing attack was too successful. The click rate was through the roof.”
The first rule of cyber is: Don’t click that chain email, dude, no matter how much you want Edward Snowden to end up perforated by operators.
Kade Kurita, the 20-year-old West Point cadet who had been missing since Friday evening, was found dead on Tuesday night, the U.S. Military Academy announced early Wednesday morning.
"We are grieving this loss and our thoughts and prayers go out to Cadet Kurita's family and friends," Lt. Gen. Darryl Williams, superintendent of West Point, said in the release.
Mark Mitchell is stepping down as the acting assistant defense secretary for special operations and low-intensity conflict, a position he has held since late June, a defense official confirmed on Tuesday.
No information was immediately available about why Mitchell decided to resign. His last day will be Nov. 1 and he will be replaced by Thomas Alexander, who is currently leading the Defense Department's counternarcotics efforts, the defense official told Task & Purpose.
The U.S. Army's Next Generation Squad Weapon effort looked a lot more possible this week as the three competing weapons firms displayed their prototype 6.8mm rifles and automatic rifles at the 2019 Association of the United States Army's annual meeting.
Just two months ago, the Army selected General Dynamics Ordnance and Tactical Systems inc., Textron Systems and Sig Sauer Inc. for the final phase of the NGSW effort — one of the service's top modernization priorities to replace the 5.56mm M4A1 carbine and the M249 squad automatic weapon in infantry and other close-combat units.
Army officials, as well as the companies in competition, have been guarded about specific details, but the end result will equip combat squads with weapons that fire a specially designed 6.8mm projectile, capable of penetrating enemy body armor at ranges well beyond the current M855A1 5.56mm round.
There have previously been glimpses of weapons from two firms, but this year's AUSA was the first time all three competitors displayed their prototype weapons, which are distinctly different from one another.
We salute the Marine scout sniper who snuck up on an enemy completely naked except for a pair of boots
An expert sniper can sneak up on an enemy naked as the day he was born. It's not particularly advised, but one top sharpshooter did exactly that just to prove a point, Marine snipers told Insider.