This Marine Proved Russia Hacked The DNC's Emails — And Now, He's Talking

Former Marine Capt. Robert Johnston
Photo via Twitter

The Marines have fought in every clime and place where they could take a gun. But it turns out they’re pretty good at doing “the cyber,” too.

Just take former Marine Capt. Robert Johnston: U.S. Naval Academy wrestler and comp sci major, organizer of the Marine Corps’ Red Team of counter-hackers, veteran of U.S. Cyber Command — and, in May 2016, the leader of the private security team that investigated the hacking of the Democratic National Committee’s servers and concluded with certainty that Russian intelligence did the deed.

Johnston, a former investigator with the security firm CrowdStrike, spoke openly for the first time about his work in an interview Nov. 8 with BuzzFeed national security reporter Jason Leopold, characterizing the DNC hack as more of a “brazen ransacking” than a “stealthy burglary.”

“Johnston has managed to maintain a low profile for the last year and half, even as Washington has obsessed over Trump and Russia,” Leopold explains. “He hasn’t been in hiding, he said… he just hadn’t talked about it for a simple reason: No one asked him to.”

Johnston’s work isn’t political: He’s just really, really good at spotting, exploiting, and eliminating weaknesses in vital systems. You know, like a Marine.

How was Johnston sure that the Russians were behind the DNC hack? Because he’d seen their malicious code before: In 2015, while working at Ft. Meade, the Marine was assigned to investigate a phishing virus that had rapidly infected the computers of the Joint Chiefs of Staff:

Soon, Johnston and the others identified the malware. It was associated with APT 29, for “advanced persistent threat,” a hacker group widely believed to be linked to the FSB, Russia’s federal security service.

Johnston said the phishing campaign against the Joint Chiefs stood out. Usually, he said of Russian hackers, “their operations are very surgical. They might send five phishing emails, but they're very well-crafted and very, very targeted.” But this time it was a broadside. “The target list was, like, 50 to 60,000 people around the world. They hit them all at once.” It’s rare, he said, for “an intel service to be so noisy.”

While still puzzling over the Russians’ methods, Johnston helped the JCS firm up its security measures. "We had to build the network back from bare metal,” retired lieutenant general Mark Bowman, then the joint chiefs’ top cyber officer, told Buzzfeed. “Watching Robert and his team do that was unbelievable. That guy flat-out amazed me."

By mid-2016, Johnston was off active duty and working for CrowdStrike when the DNC called asking for help with a security breach. The FBI had told the political committee its servers had been compromised, but rather than bringing in the feds, its leadership reached out to CrowdStrike, which is run by former FBI cyber chief Shawn Henry. It didn’t take long for CrowdStrike’s former Marine to assess the situation:

Johnston sent the DNC a script to run on all its servers, and then collected the output code. To an outsider it might have looked like a tedious job to examine long strings of data. But within an hour Johnston had it: an unmistakable string of computer code — sabotage — that didn’t belong in the system. It was “executable file paths” — evidence of programs — that didn’t belong there. They stood out like a shiny wrench left in a car engine.

And in fact, Johnston had seen this particular piece of code before, back when he was at the Pentagon. So it was easy to recognize this nemesis. He knew who had sent it by the telltale signatures. “This was APT 29,” he said. Later, when he had spent more time analyzing the DNC hack, he would come to believe that the Democrats had been compromised by the same blast of 50,000 or so phishing emails that had breached the computers of the Joint Chiefs.

What had the Russkies stolen, and what were they going to do with it? It wasn’t clear at the time. But when pilfered DNC emails started appearing on Wikileaks in July 2016, they made a big splash in an already topsy-turvy U.S. election cycle.

Johnston’s work stands as a pretty compelling rebuke to Americans, many of them service members, who flatly deny Russia was behind the DNC hack and assemble elaborate conspiracy theories to make their case.

In fact, the most dramatic and disturbing part of Buzzfeed’s profile of Johnston isn’t DNC-related at all: It’s about his work on that Marine Corps Red Team, where he learned that some of America’s toughest, bravest warriors are also the easiest to hack with dumb “fake news” emails:

He was surprised how many well-trained military personnel fell for fake attacks. Right after the Snowden leaks in 2013, he said, the team sent out to 5,000 people inside the military a test: a phishing email, one that tries to trick recipients into clicking on a link, which installs malware. The subject line was: “SEAL team six conducts an operation that kills Edward Snowden.”

“We actually had to shut down the operation,” he said. “The phishing attack was too successful. The click rate was through the roof.”

The first rule of cyber is: Don’t click that chain email, dude, no matter how much you want Edward Snowden to end up perforated by operators.

(U.S. Navy/Mass Communication Specialist 2nd Class Stephane Belcher)

The 2020 National Defense Authorization Act would allow service members to seek compensation when military doctors make mistakes that harm them, but they would still be unable to file medical malpractice lawsuits against the federal government.

On Monday night, Congress announced that it had finalized the NDAA, which must be passed by the House and Senate before going to President Donald Trump. If the president signs the NDAA into law, it would mark the first time in nearly seven decades that U.S. military personnel have had legal recourse to seek payment from the military in cases of medical malpractice.

Read More Show Less
Maj. Jason Michael Musgrove (Lincoln County Sheriff's Office)

A major serving at U.S. Army Cyber Command has been charged with distributing child pornography, according to the Justice Department.

Maj. Jason Michael Musgrove, who is based at Fort Gordon, Georgia, has been remanded to the U.S. Marshals service, a news release from the U.S. Attorney's Office for the Southern District of Georgia says.

Read More Show Less
Sailors from USS George Washington (CVN 73) wear-test the I-Boot 5 at Naval Station Norfolk. (U.S. Navy photo by Courtney Williams)

Navy senior leaders could decide whether or not to approve the new I-Boot 5 early in 2020, said Rob Carroll, director of the uniform matters office at the Chief of Naval Personnel's office.

"The I-Boot 5 is currently wrapping up its actual wear test, its evaluation," Carroll told Task & Purpose on Monday. "We're hoping that within the first quarter of calendar year 2020 that we'll be able to present leadership with the information that they need to make an informed decision."

Read More Show Less
Senator Jim Inhofe speaks with local reporters at a press conference held at the 138th Fighter Wing August 2, 2018. (U.S. National Guard/Staff Sgt. Rebecca R. Imwalle)

U.S. Sen. Jim Inhofe and U.S. Rep. Kendra Horn leveled harsh criticism last week at the contractor accused of negligence and fraudulent activity while operating private housing at Tinker Air Force Base and other military installations.

Inhofe, chairman of the Senate Armed Services Committee, referred to Balfour Beatty Communities as "notorious." Horn, a member of the House Armed Services Committee, told a company executive she was "incredibly disappointed you have failed to live up to your responsibility for taking care of the people that are living in these houses."

Read More Show Less
U.S. Senator Rick Scott speaks during a press conference at Tyndall Air Force Base, Florida, April 29, 2019. (U.S. Air Force/Airman 1st Class Monica Roybal)

The Saudi national who killed three students on a U.S. Naval Air station in Pensacola was in the United States on a training exchange program.

On Sunday, Sen. Rick Scott said the United States should suspend that program, which brings foreign nationals to America for military training, pending a "full review."

Read More Show Less