>So far, the main evidence that I can find that links the hacks to the Russian government are two things...
As well as, from the private sector:
Various forms of infrastructure correlation analysis [1]
Correlation with past Fancy Bear breaches [2]
Very similar phishing tactic of link shorteners to steal email credentials (see for details) [3]
Similar RATs and C&C protocols [4]
Google independently correlating attacks with what they believe to be state-sponsored TTPs [5]
Correlation between all targets associated with a shared set of indicators, and the Russian government's geopolitical goals [6]
Additionally, Kaspersky, a Russian infosec firm founded by Eugene Kaspersky (Kaspersky is highly suspected to have had Russian intelligence ties, so of anyone he would want to challenge the US's story here) and who broke several stories about NSA's attacks and tools, names one of the groups as CozyDuke. [7] They do not explicitly say they're Russian, but they agree that they are one of the groups responsible for attacks against the US government. Crowdstrike calls this same group Cozy Bear (Kaspersky named them CozyDuke after Crowdstrike already established Cozy Bear) and other firms strongly believe them to be tied to the Russian government. They do not provide any evidence confirming or denying attribution either way. If they had even the slightest inclination that it wasn't Russia, I imagine they'd be pushing it hard.
Plus, probably a whole bunch of classified information gathered by US intelligence agencies if they're willing to make this claim publicly now.
And anecdotally, everyone else I know in the infosec industry agrees it's probably Russia. No company in the US or in countries with governments that oppose the US have provided differing stories. Admittedly, the fact that it's mostly US companies tying it to Russia should cause you to be skeptical, but you can read their actual analyses and fact-check them easily. No competing firms or competing countries have questioned their facts.
That's not necessarily proof Russia is trying to influence the election, sure, but they're definitely trying to piss in the US government's cheerios at the least. And I wouldn't doubt NSA has made plenty of Russian infiltrations of their own in the past; probably how Kaspersky got their hands on some of their tools in the first place.
As well as, from the private sector:
Various forms of infrastructure correlation analysis [1]
Correlation with past Fancy Bear breaches [2]
Very similar phishing tactic of link shorteners to steal email credentials (see for details) [3]
Similar RATs and C&C protocols [4]
Google independently correlating attacks with what they believe to be state-sponsored TTPs [5]
Correlation between all targets associated with a shared set of indicators, and the Russian government's geopolitical goals [6]
Additionally, Kaspersky, a Russian infosec firm founded by Eugene Kaspersky (Kaspersky is highly suspected to have had Russian intelligence ties, so of anyone he would want to challenge the US's story here) and who broke several stories about NSA's attacks and tools, names one of the groups as CozyDuke. [7] They do not explicitly say they're Russian, but they agree that they are one of the groups responsible for attacks against the US government. Crowdstrike calls this same group Cozy Bear (Kaspersky named them CozyDuke after Crowdstrike already established Cozy Bear) and other firms strongly believe them to be tied to the Russian government. They do not provide any evidence confirming or denying attribution either way. If they had even the slightest inclination that it wasn't Russia, I imagine they'd be pushing it hard.
Plus, probably a whole bunch of classified information gathered by US intelligence agencies if they're willing to make this claim publicly now.
And anecdotally, everyone else I know in the infosec industry agrees it's probably Russia. No company in the US or in countries with governments that oppose the US have provided differing stories. Admittedly, the fact that it's mostly US companies tying it to Russia should cause you to be skeptical, but you can read their actual analyses and fact-check them easily. No competing firms or competing countries have questioned their facts.
That's not necessarily proof Russia is trying to influence the election, sure, but they're definitely trying to piss in the US government's cheerios at the least. And I wouldn't doubt NSA has made plenty of Russian infiltrations of their own in the past; probably how Kaspersky got their hands on some of their tools in the first place.
[1] https://www.threatconnect.com/blog/tapping-into-democratic-n...
[2] https://www.threatconnect.com/blog/fancy-bear-it-itch-they-c...
[3] https://www.threatconnect.com/blog/guccifer-2-0-dnc-breach/
[4] https://www.crowdstrike.com/blog/bears-midst-intrusion-democ...
[5] http://arstechnica.com/security/2016/08/dnc-staffer-got-pop-...
[6] https://debugged.wilsoncenter.org/evaluating-the-dnc-hack-b0...
[7] https://securelist.com/blog/research/69731/the-cozyduke-apt/