This Marine Proved Russia Hacked The DNC's Emails — And Now, He's Talking

Photo via Twitter

The Marines have fought in every clime and place where they could take a gun. But it turns out they’re pretty good at doing “the cyber,” too.

Just take former Marine Capt. Robert Johnston: U.S. Naval Academy wrestler and comp sci major, organizer of the Marine Corps’ Red Team of counter-hackers, veteran of U.S. Cyber Command — and, in May 2016, the leader of the private security team that investigated the hacking of the Democratic National Committee’s servers and concluded with certainty that Russian intelligence did the deed.

Johnston, a former investigator with the security firm CrowdStrike, spoke openly for the first time about his work in an interview Nov. 8 with BuzzFeed national security reporter Jason Leopold, characterizing the DNC hack as more of a “brazen ransacking” than a “stealthy burglary.”

“Johnston has managed to maintain a low profile for the last year and half, even as Washington has obsessed over Trump and Russia,” Leopold explains. “He hasn’t been in hiding, he said… he just hadn’t talked about it for a simple reason: No one asked him to.”

Johnston’s work isn’t political: He’s just really, really good at spotting, exploiting, and eliminating weaknesses in vital systems. You know, like a Marine.

How was Johnston sure that the Russians were behind the DNC hack? Because he’d seen their malicious code before: In 2015, while working at Ft. Meade, the Marine was assigned to investigate a phishing virus that had rapidly infected the computers of the Joint Chiefs of Staff:

Soon, Johnston and the others identified the malware. It was associated with APT 29, for “advanced persistent threat,” a hacker group widely believed to be linked to the FSB, Russia’s federal security service.

Johnston said the phishing campaign against the Joint Chiefs stood out. Usually, he said of Russian hackers, “their operations are very surgical. They might send five phishing emails, but they're very well-crafted and very, very targeted.” But this time it was a broadside. “The target list was, like, 50 to 60,000 people around the world. They hit them all at once.” It’s rare, he said, for “an intel service to be so noisy.”

While still puzzling over the Russians’ methods, Johnston helped the JCS firm up its security measures. "We had to build the network back from bare metal,” retired lieutenant general Mark Bowman, then the joint chiefs’ top cyber officer, told Buzzfeed. “Watching Robert and his team do that was unbelievable. That guy flat-out amazed me."

By mid-2016, Johnston was off active duty and working for CrowdStrike when the DNC called asking for help with a security breach. The FBI had told the political committee its servers had been compromised, but rather than bringing in the feds, its leadership reached out to CrowdStrike, which is run by former FBI cyber chief Shawn Henry. It didn’t take long for CrowdStrike’s former Marine to assess the situation:

Johnston sent the DNC a script to run on all its servers, and then collected the output code. To an outsider it might have looked like a tedious job to examine long strings of data. But within an hour Johnston had it: an unmistakable string of computer code — sabotage — that didn’t belong in the system. It was “executable file paths” — evidence of programs — that didn’t belong there. They stood out like a shiny wrench left in a car engine.

And in fact, Johnston had seen this particular piece of code before, back when he was at the Pentagon. So it was easy to recognize this nemesis. He knew who had sent it by the telltale signatures. “This was APT 29,” he said. Later, when he had spent more time analyzing the DNC hack, he would come to believe that the Democrats had been compromised by the same blast of 50,000 or so phishing emails that had breached the computers of the Joint Chiefs.

What had the Russkies stolen, and what were they going to do with it? It wasn’t clear at the time. But when pilfered DNC emails started appearing on Wikileaks in July 2016, they made a big splash in an already topsy-turvy U.S. election cycle.

Johnston’s work stands as a pretty compelling rebuke to Americans, many of them service members, who flatly deny Russia was behind the DNC hack and assemble elaborate conspiracy theories to make their case.

In fact, the most dramatic and disturbing part of Buzzfeed’s profile of Johnston isn’t DNC-related at all: It’s about his work on that Marine Corps Red Team, where he learned that some of America’s toughest, bravest warriors are also the easiest to hack with dumb “fake news” emails:

He was surprised how many well-trained military personnel fell for fake attacks. Right after the Snowden leaks in 2013, he said, the team sent out to 5,000 people inside the military a test: a phishing email, one that tries to trick recipients into clicking on a link, which installs malware. The subject line was: “SEAL team six conducts an operation that kills Edward Snowden.”

“We actually had to shut down the operation,” he said. “The phishing attack was too successful. The click rate was through the roof.”

The first rule of cyber is: Don’t click that chain email, dude, no matter how much you want Edward Snowden to end up perforated by operators.

D-Day veteran James McCue died a hero. About 500 strangers made sure of it.

"It's beautiful," Army Sgt. Pete Rooney said of the crowd that gathered in the cold and stood on the snow Thursday during McCue's burial. "I wish it happened for every veteran's funeral."

Read More Show Less

President Donald Trump claims the $6.1 billion from the Defense Department's budget that he will now spend on his border wall was not going to be used for anything "important."

Trump announced on Friday that he was declaring a national emergency, allowing him to tap into military funding to help pay for barriers along the U.S.-Mexico border.

Read More Show Less

Every once in a while, we run across a photo in The Times-Picayune archives that's so striking that it begs a simple question: "What in the name of Momus Alexander Morgus is going on in this New Orleans photograph?" When we do, we've decided, we're going to share it — and to attempt to answer that question.

Read More Show Less
Members of the Syrian Democratic Forces control the monitor of their drone at their advanced position, during the fighting with Islamic State's fighters in Nazlat Shahada, a district of Raqqa. (Reuters/Zohra Bensemra)

MUSCAT (Reuters) - The United States should keep arming and aiding the Kurdish-led Syrian Democratic Forces (SDF) following the planned U.S. withdrawal from Syria, provided the group keeps up the pressure on Islamic State, a senior U.S. general told Reuters on Friday.

Read More Show Less

Long before Tony Stark took a load of shrapnel to the chest in a distant war zone, science fiction legend Robert Heinlein gave America the most visceral description of powered armor for the warfighter of the future. Forget the spines of extra-lethal weaponry, the heads-up display, and even the augmented strength of an Iron Man suit — the real genius, Heinlein wrote in Starship Troopers, "is that you don't have to control the suit; you just wear it, like your clothes, like skin."

"Any sort of ship you have to learn to pilot; it takes a long time, a new full set of reflexes, a different and artificial way of thinking," explains Johnny Rico. "Spaceships are for acrobats who are also mathematicians. But a suit, you just wear."

First introduced in 2013, U.S. Special Operations Command's Tactical Assault Light Operator Suit (TALOS) purported to offer this capability as America's first stab at militarized powered armor. And while SOCOM initially promised a veritable Iron Man-style tactical armor by 2018, a Navy spokesman told Task & Purpose the much-hyped exoskeleton will likely never get off the launch pad.

"The prototype itself is not currently suitable for operation in a close combat environment," SOCOM spokesman Navy Lt. Phillip Chitty told Task & Purpose, adding that JATF-TALOS has no plans for an external demonstration this year. "There is still no intent to field the TALOS Mk 5 combat suit prototype."

Read More Show Less