WIRED story on the hacking and CrowdStrike:
http://www.wired.co.uk/article/dnc-hack-proof-russia-democrats
Story on the CIA mimicking of Russian hackers:
FTA (Wired)
One question had been answered: there was definitely someone rummaging around the DNC servers. But who? CrowdStrike checked its records, seeing whether the methods used for the hack matched any they already had on record. They did. Two groups, working independently, were secreting away information, including private correspondence, email databases and, reportedly, opposition research files on Donald Trump. “We realised that these actors were very well known to us,” Alperovitch says. This is because of a handful of small but significant tells: data exfiltrated to an IP address associated with the hackers; a misspelled URL; and time zones related to Moscow. “They were called FANCY BEAR and COZY BEAR, and we could attribute them to the Russian government.”
Both the groups had a long rap sheet. COZY BEAR - which had been inside the DNC’s system since the summer of 2015 - had previously hacked the White House and the US State Department. FANCY BEAR - which had breached the network separately in April 2016 - had hacked victims across the world, including the German Bundestag.