How Terrorists use Encryption

 

How Terrorists Use Encryption

June 16, 2016

CTC: Abstract: As powerful encryption increasingly becomes embedded in electronic devices and online messaging apps, Islamist terrorists are exploiting the technology to communicate securely and store information. Legislative efforts to help law enforcement agencies wrestle with the phenomenon of “going dark” will never lead to a return to the status quo ante, however. With the code underlying end-to-end encryption now widely available, unbreakable encryption is here to stay. However, the picture is not wholly bleak. While end-to-end encryption itself often cannot be broken, intelligence agencies have been able to hack the software on the ends and take advantage of users’ mistakes.

Counterterrorism officials have grown increasingly concerned about terrorist groups using encryption in order to communicate securely. As encryption increasingly becomes a part of electronic devices and online messaging apps, a range of criminal actors including Islamist terrorists are exploiting the technology to communicate and store information, thus avoiding detection and incrimination, a phenomenon law enforcement officials refer to as “going dark.”

Despite a vociferous public debate on both sides of the Atlantic that has pitted government agencies against tech companies, civil liberties advocates, and even senior figures in the national security establishment who have argued that creation of “backdoors”[1] for law enforcement agencies to retrieve communications would do more harm than good, there remains widespread confusion about how encryption actually works.[a]

Technologists have long understood that regulatory measures stand little chance of rolling back the tide. Besides software being written in other countries (and beyond local laws), what has not been fully understood in the public debate is that the “source code” itself behind end-to-end encryption is now widely available online, which means that short of shutting down the internet, there is nothing that can be done to stop individuals, including terrorists, from creating and customizing their own encryption software.

The first part of this article provides a primer on the various forms of encryption, including end-to-end encryption, full device encryption, anonymization, and various secure communication (operational security or opsec) methods that are used on top of or instead of encryption. Part two then looks at some examples of how terrorist actors are using these methods.

Part 1: Encryption 101 

End-to-End Encryption
A cell phone already uses encryption to talk to the nearest cell tower. This is because hackers could otherwise eavesdrop on radio waves to listen in on phone calls. However, after the cell tower, phone calls are not encrypted as they traverse copper wires and fiber optic cables. It is considered too hard for nefarious actors to dig up these cables and tap into them.

In a similar manner, older chat apps only encrypted messages as far as the servers, using what is known as SSL.[b] That was to defeat hackers who would be able to eavesdrop on internet traffic to the servers going over the Wi-Fi at public places. But once the messages reached the servers, they were stored in an unencrypted format because at that point they were considered “safe” from hackers. Law enforcement could still obtain the messages with a court order.

Newer chat apps, instead of encrypting the messages only as far as the server, encrypt the message all the way to the other end, to the recipient’s phone. Only the recipients, with a private key, are able to decrypt the message. Service providers can still provide the “metadata” to police (who sent messages to whom), but they no longer have access to the content of the messages.

The online messaging app Telegram was one of the earliest systems to support end-to-end encryption, and terrorists groups such as the Islamic State took advantage.[2] These days, the feature has been added to most messaging apps, such as Signal, Wickr, and even Apple’s own iMessage. Recently, Facebook’s WhatsApp[3] and Google[4] announced they will be supporting Signal’s end-to-end encryption protocol.

On personal computers, the software known as PGP,[c] first created in the mid-1990s, reigns supreme for end-to-end encryption. It converts a message (or even entire files) into encrypted text that can be copy/pasted anywhere, such as email messages, Facebook posts, or forum posts. There is no difference between “military grade encryption” and the “consumer encryption” that is seen in PGP. That means individuals can post these encrypted messages publicly and even the NSA is unable to access them. There is a misconception that intelligence agencies like the NSA are able to crack any encryption. This is not true. Most encryption that is done correctly cannot be overcome unless the user makes a mistake.

Such end-to-end encryption relies upon something called public-key cryptography. Two mathematically related keys are created, such that a message encrypted by one key can only be decrypted by the other. This allows one key to be made public so that one’s interlocutor can use it to encrypt messages that the intended recipient can decrypt through the private-key.[d] Al-Qa`ida’s Inspire magazine, for example, publishes its public-key[5] so that anyone using PGP can use it to encrypt a message that only the publishers of the magazine can read.

Full Device Encryption
If an individual loses his iPhone, for example, his data should be safe from criminals.[e] Only governments are likely to have the resources to crack the phone by finding some strange vulnerability. The FBI reportedly paid a private contractor close to $1 million to unlock the iPhone of San Bernardino terrorist Syed Rizwan Farook.[6]

The reason an iPhone is secure from criminals is because of full device encryption, also full disk encryption. Not only is all of the data encrypted, it is done in a way that is combined or entangled[7] with the hardware. Thus, the police cannot clone the encrypted data, then crack it offline using supercomputers to “brute-force” guess all possible combinations of the passcode. Instead, they effectively have to ask the phone to decrypt itself, which it will do but slowly, defeating cracking.[f]

Android phones work in much the same manner. However, most manufacturers put less effort into securing their phones than Apple. Exceptions are companies like Blackphone, which explicitly took extra care to secure their devices.

Full disk encryption is also a feature of personal computers. Microsoft Windows comes with BitLocker, Macintosh comes with FileVault, and Linux comes with LUKS. The well-known disk encryption software TrueCrypt works with all three operating systems as does a variation of PGP called PGPdisk. Some computers come with a chip called a TPM[g] that can protect the password from cracking, but most owners do not use a TPM. This means that unless they use long/complex passwords, adversaries will be able to crack their passwords.

CIA Brennan’s Chilling Statements in Testimony

Update, Jo Cox died of her injuries from the terror attack. See below.

NYPost: CIA Director John Brennan told Congress on Thursday that the Islamic State remains “formidable” and “resilient,” is training and attempting to deploy operatives for further attacks on the West and will rely more on guerrilla-style tactics to compensate for its territorial losses in the Middle East.

Giving the Senate intelligence committee an update on the threat from extremists, Brennan said IS has been working to build an apparatus to direct and inspire attacks against its foreign enemies, as in the recent attacks in Paris and Brussels — ones the CIA believes were directed by IS leaders.

“ISIL has a large cadre of Western fighters who could potentially serve as operatives for attacks in the West,” Brennan said, using another acronym for the group. He said IS probably is working to smuggle them into countries, perhaps among refugee flows or through legitimate means of travel.

Brennan also noted the group’s call for followers to conduct so-called lone-wolf attacks in their home countries. He called the attack in Orlando a “heinous act of wanton violence” and an “assault on the values of openness and tolerance” that define the United States as a nation.

Brennan said the CIA is sharing intelligence with the FBI to help identify potential lone-wolf attackers, but the CIA’s responsibility is to gather information about operations overseas.

More Islamic State fighters worldwide than al Qaeda at its height: CIA director

Reuters: The director of the U.S. Central Intelligence Agency, John Brennan, said on Thursday there were tens of thousands of Islamic State fighters around the world, more than al Qaeda at its height.

He also told a Senate Intelligence Committee hearing that the agency was concerned about the growth of Libya as a base of operations for Islamic State militants, who had 5,000-8,000 fighters there, although the group’s fighters in Iraq and Syria had dropped to 18,000 to 22,000 from 19,000 to 25,000.

“I am concerned about the growth of Libya as another area that could serve as the basis for ISIL to carry out attacks inside of Europe… that is very concerning,” Brennan said, using an alternative acronym for the Islamic State militant group.

Questioned about the broader crisis, Brennan told lawmakers he believed the government of Syrian President Bashar al-Assad had been strengthened with Russia’s support.

“A year ago, (Assad) was on his back foot as the opposition forces were carrying out operations that were really degrading the Syrian military. He is in a stronger position than he was in June of last year” as a result of Russian support, Brennan said.

Just two days ago, Obama held a national security team meeting and then a presser stating the major gains being made against Islamic State. When the same day, MSNBC questions that statement from an on the ground in Turkey, we know we are being oversold on this national security threat.

***** Meanwhile, during this ridiculous gun control debate as a solution to terrorists, it seems that a knife and a gun was used in an attack on a member of the UK Parliament. Europe has exceptionally tight gun control laws.

Labour MP Jo Cox in critical condition after being shot and stabbed

Guardian: Jo Cox, the MP for Batley and Spen, is in a critical condition after being shot and stabbed multiple times in her West Yorkshire constituency.

Armed officers responded to the attack near a library in Birstall on Thursday afternoon, and a 52-year-old man was arrested in the area, police confirmed.

Jo Cox, the Labour MP for Batley and Spen.

They added that the Labour politician had suffered “serious injuries and is in a critical condition”. She has been taken by helicopter to Leeds general infirmary.

Police also confirmed a man in his late 40s to early 50s nearby suffered slight injuries in the incident.

Witnesses said the attack was launched after the MP became involved in an altercation involving two men near her weekly advice surgery. A Labour source confirmed Cox was shot and stabbed after she had concluded the drop-in session for constituents at around 1pm.

The scene pictures in Birstall, West Yorkshire.

The shopkeeper in a greengrocer opposite Birstall Library, Golden D’Licious, told the Guardian that he believed the attacker had been waiting for the MP outside the library.

“I was inside the shop and all I heard was a scream and then the gunshot,” he said, without giving his name. “I went out and everyone was dispersing. I couldn’t see because it happened behind a car.”

But witness Hithem Ben Abdallah, 56, who was in the cafe next door to the library shortly after 1pm, said he the MP involved in an altercation between two arguing men.

He told PA a man in a baseball cap “suddenly pulled a gun from his bag” and after a brief scuffle with another man the MP became involved.

He added: “He was fighting with her and wrestling with her and then the gun went off twice and then she fell between two cars and I came and saw her bleeding on the floor.”

 

Police close to the scene in Birstall, Yorkshire.

For DHS, Terror Attacks are Really Just Violent Extremism

  

Press Release

June 15, 2016 — In December 2015, I announced the revision of the Department of Homeland Security’s National Terrorism Advisory System, or “NTAS,” to include an intermediate level NTAS “Bulletin.” We then issued a new NTAS Bulletin at the same time. The duration of the December Bulletin was six months, and expires tomorrow.

June 15, 2016

National Terrorism Advisory System Bulletin

Date Issued:  Wednesday, June 15, 2016
View as PDF:  National Terrorism Advisory System Bulletin – June 15, 2016 (pdf, 1 page, 876.65KB)

Summary

In December, we described a new phase in the global threat environment, which has implications on the homeland. This basic assessment has not changed. In this environment, we are particularly concerned about homegrown violent extremists who could strike with little or no notice. The tragic events of Orlando several days ago reinforce this. Accordingly, increased public vigilance and awareness continue to be of utmost importance. This bulletin has a five-month duration and will expire just before the holiday season. We will reassess the threats of terrorism at that time.

Duration

Issued:  June 15, 2016
Expires:  November 15, 2016

Details

  • Since issuing the first Bulletin in December, our concerns that violent extremists could be inspired to conduct attacks inside the U.S. have not diminished.
  • Though we know of no intelligence that is both specific and credible at this time of a plot by terrorist organizations to attack the homeland, the reality is terrorist-inspired individuals have conducted, or attempted to conduct, attacks in the United States.
  • DHS is especially concerned that terrorist-inspired individuals and homegrown violent extremists may be encouraged or inspired to target public events or places.
  • As we saw in the attacks in San Bernardino, Paris, Brussels, and, most recently, Orlando, terrorists will consider a diverse and wide selection of targets for attacks.
  • Terrorist use of the Internet to inspire individuals to violence or join their ranks remains a major source of concern.
  • In the current environment, DHS is also concerned about threats and violence directed at particular communities and individuals across the country, based on perceived religion, ethnicity, nationality or sexual orientation.

U.S. Government Counterterrorism Efforts

  • DHS and the FBI continue to provide guidance to state and local partners on increased security measures.  The public may observe an increased law enforcement and security presence across communities, in public places and at events in the months ahead. This may include additional restrictions and searches on bags, more K-9 teams, and the use of screening technologies.
  • The FBI is investigating potential terrorism-related activities associated with this broad threat throughout the United States.  Federal, state, and local authorities are coordinating numerous law enforcement actions and conducting community outreach to address this evolving threat.

Types of Advisories

Bulletin

Describes current developments or general trends regarding threats of terrorism.

Elevated Alert

Warns of a credible terrorism threat against the United States.

Imminent Alert

Warns of a credible, specific and impending terrorism threat against the United States.

How You Can Help

  • Report suspicious activity to local law enforcement or public safety officials who are best positioned to respond and offer specific details on terroristic indicators.
  • Suspicious activity or information about a threat may also be reported to Fusion Centers and the FBI’s Field Offices – part of the Nationwide Suspicious Activity Reporting Initiative.
  • Learn how to recognize signs of pre-operational planning associated with terrorism or other criminal activity.

Be Prepared

  • Be prepared for increased security and plan ahead to anticipate delays and restricted/prohibited items.
  • In populated places, be responsible for your personal safety. Make a mental note of emergency exits and locations of the nearest security personnel. Keep cell phones in your pockets instead of bags or on tables so you don’t lose them during an incident. Carry emergency contact details and any special needs information with you at all times. For more visit Ready.

Stay Informed

  • The U.S. Government will provide additional information about any emerging threat as additional information is identified. The public is encouraged to listen to local law enforcement and public safety officials.
  • We urge Americans to continue to travel, attend public events, and freely associate with others but remain vigilant and aware of surroundings.
  • The Department of State issues international travel alerts and warnings.

If You See Something, Say Something™. Report suspicious activity to local law enforcement or call 911.

G4S Secure Solution Facts, BP, Orlando Terrorist

Omar’s Facebook posts are here. Yet there is also reference to the BP oil spill from ABC News.

PHOTO: Omar Mateen is seen working as a security guard in the documentary The Big Fix in 2012.
The Big Fix, Omar Mateen is seen working as a security guard in the documentary “The Big Fix” in 2012.

Also today, video footage emerged of a disgruntled Mateen working as a security guard in 2010, in “The Big Fix,” a documentary about the BP oil spill.

“No one gives a [expletive] here,” he tells an undercover reporter. “Like, everybody’s just out to get paid. They’re, like, hoping for more oil to come out and more people to complain so they’ll have a job.”

BizPac: Mateen applied to be a part of a six-month law enforcement academy at the Indian River State College’s Criminal Justice Institute in his hometown of Fort Pierce, his demeanor so concerned them that they reported him to the Florida Department of Law Enforcement, according to a source who spoke to the Daily Mail.

Security Firm Moved Mateen After Al Qaeda Boast, But Didn’t Fire Him

NBC News has learned that the security firm that employed Orlando shooter Omar Mateen concluded his inflammatory comments while an armed guard in 2013 were serious enough to transfer him to an unarmed position and to conduct a special background check to see if he had become a problem employee.

But the company, G4S Secure Solutions USA Inc., apparently did not pursue the issue of whether Mateen should continue to serve as a guard after a check of local, state and national criminal databases showed he had a clean record, a G4S spokesman told NBC News. The company apparently also did not take away his company-issued service weapon, a .38 handgun.

Mateen ID

That decision, coupled with the fact that Mateen underwent three separate inquiries by the FBI in 2013 and 2014, raises questions about whether G4S — the U.S. subsidiary of one of the world’s largest security firms – properly vetted Mateen in the years before Sunday’s mass shooting at the Pulse nightclub that killed 49 people and injured more than 50 others.

 

 

 

 

 

 

Graphics below by Reuters:  For a full summary of events crafted by Reuters, go here.

 

The company official acknowledged in an interview with NBC News that it is now conducting a thorough internal inquiry to determine if it missed any warning signs that should have prompted it to take away Mateen’s company-issued service weapon and to either discipline or fire him.

“Of course as any decent company would in the wake of an incident like this, G4S is closely reviewing everything that happened to see if there is anything it could have done better and if there are any lessons to be learned,” the spokesman said, speaking on the condition of anonymity per G4S company policy. “At the same time the company believes that what Omar Mateen did was in no way correlated with his employment at G4S.”

Mateen worked at G4S from 2007 until the time of Sunday’s shooting, and the company said he had undergone – and passed – an extensive background check when he was hired.

The G4S spokesman said the firm has investigated some of the most serious allegations against Mateen, in which former G4S security guard Daniel Gilroy has claimed that his former colleague at the PGA Village resort in Port St. Lucie was a ticking time bomb who talked of killing other people and went on angry rants.

Gilroy, a former police officer, has told NBC News and other media outlets that he complained repeatedly about Mateen to supervisors at G4S but that they ignored his concerns and his requests for a transfer. Ultimately, Gilroy said, he quit rather than have to face Mateen, who he said threatened him in a barrage of angry text messages even after he left the job.

But the G4S official said the company has done a thorough scrub and found no record of emails, phone calls or conversations in which Gilroy complained to superiors. He also said the company has debriefed Gilroy’s two immediate superiors extensively and that they have no recollection of Gilroy making any complaints about Mateen.

The spokesman also said G4S has so far found no evidence of any other employees making complaints about Mateen, including those who worked at the St. Lucie County Courthouse with him in 2013. FBI Director James Comey said earlier this week that colleagues said Mateen claimed to have family connections to terror groups al Qaeda and Hezbollah, and that he hoped law enforcement would raid his home “so he could martyr himself.”

Those remarks prompted courthouse officials to request Mateen’s immediate removal from the St. Lucie County Courthouse, and to make “the appropriate notifications to inform our federal partners,” including the FBI, according to county Sheriff Ken Mascara.

Image: US-CRIME-SHOOTING
Omar Mateen in this undated photo from his Myspace page.MySpace via AFP – Getty Images

G4S did immediately transfer Mateen to the PGA gated retirement community, where the spokesman said he sat in a kiosk and checked the IDs of visitors.

The G4S spokesman said that even while Mateen technically could still carry a weapon for the firm, and probably had one in his company car, the shift was from an armed position to one considered unarmed.

The G4S official said he did not know the specific details of the transfer except that it did not appear to be for disciplinary or precautionary reasons. “It’s not as if a decision was taken that he was never again going to be given an armed position,” he said.

After the transfer, Mateen had at least one discussion with G4S about the events, but it does not appear that any kind of inquiry was done that included formal interviews with him or others who might have had information about it.

He also said G4s did not talk to the FBI about the substance of the bureau’s investigation into Mateen or why it concluded it was without merit to continue.

 

Guccifer 2.0, the Hacked Trump Files from the DNC

The intrusions at the DNC are noteworthy for the sophistication of the groups behind it. One of the intrusions, by a well-known cyberespionage group called Cozy Bear, appears to have happened in the summer of 2015, according to Crowdstrike‘s CTO and co-founder Dmitri Alperovitch. The second breach, involving another Russian group, Fancy Bear, happened in April this year.

Cozy Bear has been previously associated with attacks on the White House and the US. State Department. The group has also been tied to numerous attacks on US defense contractors, government agencies, financial services companies, technology firms and think tanks, Alperovich said.  Fancy Bear, or Sofacy, as the group is also known, is similarly believed responsible for targeted attacks on various government and private sector organizations in multiple countries including the US, Canada, China and Japan, he said.

The two groups did not appear to be collaborating with each other or communicating in any fashion on the DNC attacks. But both targeted the same systems and the same data, employing a variety of sophisticated techniques in the process Crowdstrike’s CTO and co-founder Dmitri Alperovitch said in a blog post.

The Cozy Bear team used a Python-based malware tool dubbed SeaDaddy and another backdoor in Powershell to gain persistence on comprised DNC systems and to remain undetected on them for more than a year. According to Alperovitch, the Powershell backdoor was noteworthy for its use of a one-line command to establish an encrypted connection with command and control servers and for downloading additional modules.

The Fancy Bear group meanwhile used a different malware sample to remotely execute malicious commands on compromised DNC systems, to transmit files and to enable keylogging. The group deployed tactics like periodically clearing event logs and resetting the timestamps in files in an attempt to conceal their activities. More details here from DarkReading.

Gawker: A 200+ page document that appears to be a Democratic anti-Trump playbook compiled by the Democratic National Committee has leaked online following this week’s report that the DNC was breached by Russian hackers. In it, Trump is pilloried as a “bad businessman” and “misogynist in chief.”

The document—which according to embedded metadata was created by a Democratic strategist named Warren Flood—was created on December 19th, 2015, and forwarded to us by an individual calling himself “Guccifer 2.0,” a reference to the notorious, now-imprisoned Romanian hacker who hacked various American political figures in 2013.

The package forwarded to us also contained a variety of donor registries and other strategy files, “just a few docs from many thousands I extracted when hacking into DNC’s network,” the purported hacker claimed over email, adding that he’s in possession of “about 100 Gb of data including financial reports, donors’ lists, election programs, action plans against Republicans, personal mails, etc.”

Advertisement

His stated motive is to be “a fighter against all those illuminati that captured our world.”

The enormous opposition document, titled simply “Donald Trump Report,” appears to be a summary of the Democratic Party’s strategy for delegitimizing and undermining Trump’s presidential aspirations—at least as they existed at the end of last year, well before he unseated a field of establishment Republicans and clinched the nomination. A section titled “Top Narratives” describes a seven-pronged attack on Trump’s character and record.

Sponsored

The first is the argument that “Trump has no core”:

One thing is clear about Donald Trump, there is only one person he has ever looked out for and that’s himself. Whether it’s American workers, the Republican Party, or his wives, Trump’s only fidelity has been to himself and with that he has shown that he has no problem lying to the American people. Trump will say anything and do anything to get what he wants without regard for those he harms.

Second, that Trump is running a “divisive and offensive campaign”:

There’s no nice way of saying it – Donald Trump is running a campaign built on fear-mongering, divisiveness, and racism. His major policy announcements have included banning all Muslims from entering the U.S., and calling Mexican immigrants “rapists” and “drug dealers” while proposing a U.S.-Mexico border wall. And Trump’s campaign rallies have become a reflection of the hateful tone of his campaign, with protestors being roughed up and audience members loudly calling for violence.

Third, Trump is a “bad businessman”:

Despite Trump’s continual boasting about his business success, he has repeatedly run into serious financial crises in his career and his record raises serious questions about whether he is qualified to manage the fiscal challenges facing this country. Trump’s business resume includes a long list of troubling issues, including his company’s record of forcing people from their homes to make room for developments and outsourcing the manufacturing of his clothing line to take advantage of lower-wage countries like China and Mexico. His insight about the marketplace has proven wrong many times, including in the run-up to the Great Recession. And Trump’s record of irresponsible and reckless borrowing to build his empire – behavior that sent his companies into bankruptcy four times – is just one indication of how out-of-touch he is with the way regular Americans behave and make a living, and it casts doubt on whether he has the right mindset to tackle the country’s budget problems.

Fourth, Trump espouses “dangerous & irresponsible policies”:

Trump’s policies – if you can call them that – are marked by the same extreme and irresponsible thinking that shape his campaign speeches. There is no question that Donald Trump’s rhetoric is dangerous – but his actual agenda could be a catastrophe.

Fifth, in classically corny Democratic Party style, Donald Trump is the “misogynist in chief”:

Through both his words and actions, Trump has made clear he thinks women’s primary role is to please men. Trump’s derogatory and degrading comments to and about women, as well as his tumultuous marriages, have been well publicized. And as a presidential candidate, Trump has adopted many of the backwards GOP policies that we’ve come to expect from his party.

Sixth, Donald Trump is an “out of touch” member of the elite:

Trump’s policies clearly reflect his life as a 1-percenter. His plans would slash taxes for the rich and corporations while shifting more of the burden to the shoulders of working families. He stands with Republicans in opposing Wall Street reform and opposing the minimum wage. Trump clearly has no conception of the everyday lives of middle class Americans. His description of the “small” $1 million loan that his father gave him to launch his career is proof enough that his worldview is not grounded in reality.

The seventh strategy prong is to focus on Trump’s “personal life,” including that “Trump’s Ex-Wife Accused Him Of Rape,” which is true.

What follows is roughly two hundred pages of dossier-style background information, instances of Trump dramatically changing his stance on a litany of issues, and a round-up of the candidate’s most inflammatory and false statements (as of December ‘15, at least).

It appears that virtually all of the claims are derived from published sources, as opposed to independent investigations or mere rumor. It’s also very light on anything that could be considered “dirt,” although Trump’s colorful marital history is covered extensively:

The DNC hack was first revealed Tuesday, when the cybersecurity firm CrowdStrike announced it had discovered two hacking collectives, linked to Russian intelligence, inside the DNC network after the DNC reported a suspected breach. In a blog post, the company identified the groups as “COZY BEAR” and “FANCY BEAR”—two “sophisticated adversaries” that “engage in extensive political and economic espionage for the benefit of the government of the Russian Federation.”

The hackers were able to access opposition files and may have been able to read email and chat traffic, but did not touch any financial, donor, or personal information, the DNC said Tuesday. However, the user who sent the files to Gawker refuted that claim, writing, “DNC chairwoman Debbie Wasserman Schultz said no financial documents were compromised. Nonsense! Just look through the Democratic Party lists of donors! They say there were no secret docs! Lies again! Also I have some secret documents from Hillary’s PC she worked with as the Secretary of State.”

Among the files sent to Gawker are what appear to be several lists of donors, including email addresses and donation amounts, grouped by wealth and specific fundraising events. Gawker has not yet been able to verify that the Trump file was produced by the DNC, but we have been able to independently verify that the financial documents were produced by people or groups affiliated with the Democratic Party.

Also included are memos marked “confidential” and “secret” that appear to date back to 2008, and pertain to Obama’s transition into the White House, and a file marked “confidential” containing Hillary’s early talking points, at least some of which ended up being repeated verbatim in her April, 2015 candidacy announcement.

Finally, there is a May, 2015 memo outlining a proposed strategy against the field of potential GOP candidates. Donald Trump, who had not yet officially announced his candidacy, does not appear in the document.

The purported hacker writes “it was easy, very easy” to hack and extract thousands of files from the DNC network, “the main part” of which he or she claims are in the custody of Wikileaks. He or she also appears to have sent the documents to The Smoking Gun, which posted about the dossier earlier today.

Warren Flood did not immediately return a request for comment. DNC Press Secretary Mark Paustenbach was not able to immediately confirm the authenticity of the documents, but the party is aware that they’re circulating.