In June, a security firm dropped one of the biggest bombshells of the year: hackers had breached the Democratic National Committee. In the following weeks, a hacktivist calling himself Guccifer 2.0 began leaking documents and emails from the DNC, in an apparent attempt to influence the US election.
Ever since the breach was disclosed, all fingers pointed in one direction: the Russian government, which appeared to have mounted a hastily put together cover-up in the form of a sloppy hacktivist who claimed to be Romanian, but couldn't speak Romanian.
Since then, more evidence came out implicating a Russian hacking group known as APT28, or Fancy Bear. Hacking experts, several security firms, as well as the US and German government, believe that this group works for Russian intelligence.
Yet, President-elect Donald Trump doesn't buy any of this.
In response to new reports that say the CIA believes the Russian government launched this hacking campaign with the goal of tipping the US presidential election in his favor, Trump published a scathing tweet.
Security professionals like to repeat the mantra "attribution is hard," when talking about "whoddunit" of a particular data breach. But just because it's hard, it doesn't mean it's impossible.
In this case, the hackers were actually caught in the act, as noted by Matt Tait, a former intelligence officer in the British GCHQ, in a response to Trump's tweet.
"That's why we have malware samples," Tait wrote. "[The intelligence community] and industry have been tracking APT28 campaigns (and knew who they were) for *years* before the 2016 campaign started. [It's] not a political thing."
"Your honor, unless you catch murderers in the act, it's very hard to determine who did the killing, therefore my client is innocent," he joked.
"Your honor, unless you catch murderers in the act, it's very hard to determine who did the killing."
Dmitri Alperovitch, the co-founder of CrowdStrike, the firm who helped the DNC investigate the breach, said that his company "was able to watch everything [the hackers] did for weeks in May while we were planning full remediation."
US intelligence agencies have since come out in a rare public accusation, pointing the finger at Vladimir Putin's government.
"The recent disclosures of alleged hacked e-mails on sites like DCLeaks.com and WikiLeaks and by the Guccifer 2.0 online persona are consistent with the methods and motivations of Russian-directed efforts," the Department of Homeland Security and the Director of National Intelligence wrote in a statement. "These thefts and disclosures are intended to interfere with the US election process."
You don't have to believe them, as Thomas Rid laid out in two comprehensive pieces, one for Motherboard and one for Esquire—there's plenty of public evidence. And it's likely the US government has much more. If American spies want to convince the naysayers, they might have to show it. But in cyberspace, it already doesn't get more "caught in the act" than this.
Get six of our favorite Motherboard stories every day by signing up for our newsletter.