Days before WikiLeaks unleashed 20,000 emails from the Democratic National Committee (DNC), a little-known website purporting to have been set up by "American hacktivists" was already releasing troves of stolen political documents into the public domain.
In an operation that remains somewhat under-the-radar, the project, DCLeaks, has released information on everyone from Hillary Clinton to high-ranking military officials. Despite claims to the contrary, experts believe it's simply another front being used by Russian intelligence.
While the ultimate objective and internal structure of the organisation remains unclear, mounting analysis from cybersecurity firms has linked DCLeaks to both Guccifer 2.0 and Fancy Bear, a Kremlin-affiliated hacking group believed to have infiltrated the DNC.
On its website, a statement reads: "DCLeaks is a new level project aimed to analyse and publish a large amount of emails from top-ranking officials and their influence agents all over the world."
It continues: "The project was launched by the American hacktivists who respect and appreciate freedom of speech, human rights and government of the people."
What's on the website?
At the time of writing, DCLeaks is host to information on a range of victims – from both sides of the political divide. Portfolios include Bill and Hillary Clinton, DNC official William Rinehart, former NATO commander General Philip Breedlove and a Democratic Party-linked PR professional called Sarah Hamilton.
Each folder contains a description of the targeted group or individual, alongside a list of their hacked emails in a searchable format. As noted by ThreatConnect, a cybersecurity firm that has analysed the website in detail, most of the descriptions are directly lifted from other websites, including Wikipedia.
To date, the biggest revelations from the website revolve around George Soros, Democratic Party supporter and founder of the philanthropic Open Society Foundations. Released on 13 August, the leak boasted pilfered internal files that totalled a significant 1.51GB in size – including funding reports, contracts and confidential briefing memos.
The first postings date back to April – roughly two months before the first DNC revelations emerged. The main bulk of the disclosures, however, did not start until June – lining up neatly with the emergence of a self-described hacker known as Guccifer 2.0. Yet unlike the initial DNC disclosures, the DCLeaks files do not appear to directly relate to the upcoming presidential election.
So, where's the Russia connection?
When ThreatConnect analysed the shadowy links between hacking group Fancy Bear, leaker (and possible Russian intelligence figure) Guccifer 2.0 and DCLeaks, suspicions were quickly raised that everything was connected.
As outlined in a blog post, the firm was able to link the type of spearphishing emails used to break into to the email account of William Rinehart directly to a Russian email address used by Fancy Bear hackers. Furthermore, the web domain of DCLeaks was registered with the Romanian THCServers – which has also been linked to Fancy Bear in the past.
"Why would the supposed 'American hacktivists' behind DCLeaks choose this seemingly random, small, Romanian registrar to register their domain?" said ThreatConnect. "Is it merely coincidence that DCLeaks uses the same name server as other domains that are associated with Fancy Bear?"
Guccifer 2.0 – who has claimed to have links with Romania – previously told IBTimes UK he was working alongside DCLeaks, but maintained he was not part of its main operation. "This isn't my work, they gave me password-protected access," the hacker said at the time while providing access to a password-protected file.
In any case, ThreatConnect believes the website is yet another example of a "Russian influence operation" that will give hackers a new platform to leak politically sensitive documents. "Such operations may ultimately help Russia sway public opinion or media coverage in a way that benefits Moscow," it said.
Officials close to the Kremlin have consistently denied any role in the hacks. In the US, the Obama administration has not yet pointed the finger directly at Russia, however the FBI recently expanded its investigation after finding 'more than 100' political figures' had likely been breached. The leaks are not limited to one political party, and fears are growing within the Republican party that it may have been compromised.
While Guccifer 2.0 continues to leak documents, the DCLeaks website has been less than active. Its last post was on 13 August and the organisation's social media presence – which is also decidedly pro-Russia in its leaning – has been sparse. IBTimes UK contacted the website administrators for comment, but had received no response at the time of publication.